From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 02:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 02:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263363.456062 (Exim 4.92) (envelope-from ) id 1nEidM-0002pY-1D; Tue, 01 Feb 2022 02:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263363.456062; Tue, 01 Feb 2022 02:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidL-0002pQ-Tz; Tue, 01 Feb 2022 02:11:03 +0000 Received: by outflank-mailman (input) for mailman id 263363; Tue, 01 Feb 2022 02:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidK-0002or-Bu for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidK-0007oC-B0 for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEidK-00056z-9y for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i864iPPKYybM2SzaI66w29p/cZqOggHVxyxa4nD7AcE=; b=FriRoDF7OWFwGgxV6rn/40d73s ueuRqTh8+iks7z2Pv8mDJAFL69qU8xT2WsDCw+pMTQQFaaKHkcQq+RNQCgsmJBNnlAJvhMwRLBHag mwafFhA+oVplRGTkizAhu64iyqxvy+RTtq7JHR3w1CEQCF+EfBZp0irjGpmWpx6QlteU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VMX: sync VM-exit perf counters with known VM-exit reasons Message-Id: Date: Tue, 01 Feb 2022 02:11:02 +0000 commit c5539e6e7b9e9f8e12d4e05b5f6db97ca94539e7 Author: Jan Beulich AuthorDate: Mon Jan 31 10:56:28 2022 +0100 Commit: Jan Beulich CommitDate: Mon Jan 31 10:56:28 2022 +0100 VMX: sync VM-exit perf counters with known VM-exit reasons This has gone out of sync over time. Introduce a simplistic mechanism to hopefully keep things in sync going forward. Also limit the array index to just the "basic exit reason" part, which is what the pseudo-enumeration covers. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 1 + xen/arch/x86/include/asm/perfc_defn.h | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 9765cfd90a..36c8a12cfe 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3928,7 +3928,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) else HVMTRACE_ND(VMEXIT, 0, 1/*cycles*/, exit_reason, regs->eip); - perfc_incra(vmexits, exit_reason); + perfc_incra(vmexits, (uint16_t)exit_reason); /* Handle the interrupt we missed before allowing any more in. */ switch ( (uint16_t)exit_reason ) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 85530d2e0e..97e7652aa1 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -219,6 +219,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) #define EXIT_REASON_PML_FULL 62 #define EXIT_REASON_XSAVES 63 #define EXIT_REASON_XRSTORS 64 +/* Remember to also update VMX_PERF_EXIT_REASON_SIZE! */ /* * Interruption-information format diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index a98df515d9..896c5397f5 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -6,7 +6,7 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) #ifdef CONFIG_HVM -#define VMX_PERF_EXIT_REASON_SIZE 56 +#define VMX_PERF_EXIT_REASON_SIZE 65 #define VMX_PERF_VECTOR_SIZE 0x20 PERFCOUNTER_ARRAY(vmexits, "vmexits", VMX_PERF_EXIT_REASON_SIZE) PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 02:11:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 02:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263368.456066 (Exim 4.92) (envelope-from ) id 1nEidW-0002yj-3V; Tue, 01 Feb 2022 02:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263368.456066; Tue, 01 Feb 2022 02:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidW-0002yb-02; Tue, 01 Feb 2022 02:11:14 +0000 Received: by outflank-mailman (input) for mailman id 263368; Tue, 01 Feb 2022 02:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidU-0002y8-FH for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidU-0007pp-EO for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEidU-00057r-DT for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/o7QAcuJOiE9y8zpXQHxOTPVqEIk8r7yhmnOIPHgyBk=; b=Yhw4PvadYCHbjpDYWU0DOUr6Jl bZHCSh+qsu0ZSPyZVtiUvWAShC1uqUv8Mqjqtv5TCo49NiAUZkru2f4eE7mztPs84+vVZquYVbsBd wy1AVJaF1tr6uXC1hmV6uaWTMmif9uG+QojPTyGAg/h1H+FaoHrsPQFQAlxa88IfpVGI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: switch to alternatives-call patching in further instances Message-Id: Date: Tue, 01 Feb 2022 02:11:12 +0000 commit f66e3d6afcc1315a34475fbee5f46e7110397950 Author: Jan Beulich AuthorDate: Mon Jan 31 10:57:27 2022 +0100 Commit: Jan Beulich CommitDate: Mon Jan 31 10:57:27 2022 +0100 IOMMU/x86: switch to alternatives-call patching in further instances This is, once again, to limit the number of indirect calls as much as possible. The only hook invocation which isn't sensible to convert is setup(). And of course Arm-only use sites are left alone as well. Note regarding the introduction / use of local variables in pci.c: struct pci_dev's involved fields are const. This const propagates, via typeof(), to the local helper variables in the altcall macros. These helper variables are, however, used as outputs (and hence can't be const). In iommu_get_device_group() make use of the new local variables to also simplify some adjacent code. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Rahul Singh Tested-by: Rahul Singh --- xen/drivers/passthrough/iommu.c | 8 +++---- xen/drivers/passthrough/pci.c | 47 ++++++++++++++++++++----------------- xen/drivers/passthrough/x86/iommu.c | 4 ++-- 3 files changed, 32 insertions(+), 27 deletions(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 6334370109..fc18f63bd4 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -198,7 +198,7 @@ int iommu_domain_init(struct domain *d, unsigned int opts) return ret; hd->platform_ops = iommu_get_ops(); - ret = hd->platform_ops->init(d); + ret = iommu_call(hd->platform_ops, init, d); if ( ret || is_system_domain(d) ) return ret; @@ -233,7 +233,7 @@ void __hwdom_init iommu_hwdom_init(struct domain *d) register_keyhandler('o', &iommu_dump_page_tables, "dump iommu page tables", 0); - hd->platform_ops->hwdom_init(d); + iommu_vcall(hd->platform_ops, hwdom_init, d); } static void iommu_teardown(struct domain *d) @@ -576,7 +576,7 @@ int iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) if ( !ops->get_reserved_device_memory ) return 0; - return ops->get_reserved_device_memory(func, ctxt); + return iommu_call(ops, get_reserved_device_memory, func, ctxt); } bool_t iommu_has_feature(struct domain *d, enum iommu_feature feature) @@ -603,7 +603,7 @@ static void iommu_dump_page_tables(unsigned char key) continue; } - dom_iommu(d)->platform_ops->dump_page_tables(d); + iommu_vcall(dom_iommu(d)->platform_ops, dump_page_tables, d); } rcu_read_unlock(&domlist_read_lock); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 0d8ab2e716..1fad80362f 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -861,15 +861,15 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus, devfn += pdev->phantom_stride; if ( PCI_SLOT(devfn) != PCI_SLOT(pdev->devfn) ) break; - ret = hd->platform_ops->reassign_device(d, target, devfn, - pci_to_dev(pdev)); + ret = iommu_call(hd->platform_ops, reassign_device, d, target, devfn, + pci_to_dev(pdev)); if ( ret ) goto out; } devfn = pdev->devfn; - ret = hd->platform_ops->reassign_device(d, target, devfn, - pci_to_dev(pdev)); + ret = iommu_call(hd->platform_ops, reassign_device, d, target, devfn, + pci_to_dev(pdev)); if ( ret ) goto out; @@ -1300,7 +1300,7 @@ static int iommu_add_device(struct pci_dev *pdev) { const struct domain_iommu *hd; int rc; - u8 devfn; + unsigned int devfn = pdev->devfn; if ( !pdev->domain ) return -EINVAL; @@ -1311,16 +1311,16 @@ static int iommu_add_device(struct pci_dev *pdev) if ( !is_iommu_enabled(pdev->domain) ) return 0; - rc = hd->platform_ops->add_device(pdev->devfn, pci_to_dev(pdev)); + rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc || !pdev->phantom_stride ) return rc; - for ( devfn = pdev->devfn ; ; ) + for ( ; ; ) { devfn += pdev->phantom_stride; if ( PCI_SLOT(devfn) != PCI_SLOT(pdev->devfn) ) return 0; - rc = hd->platform_ops->add_device(devfn, pci_to_dev(pdev)); + rc = iommu_call(hd->platform_ops, add_device, devfn, pci_to_dev(pdev)); if ( rc ) printk(XENLOG_WARNING "IOMMU: add %pp failed (%d)\n", &pdev->sbdf, rc); @@ -1341,7 +1341,7 @@ static int iommu_enable_device(struct pci_dev *pdev) !hd->platform_ops->enable_device ) return 0; - return hd->platform_ops->enable_device(pci_to_dev(pdev)); + return iommu_call(hd->platform_ops, enable_device, pci_to_dev(pdev)); } static int iommu_remove_device(struct pci_dev *pdev) @@ -1363,7 +1363,8 @@ static int iommu_remove_device(struct pci_dev *pdev) devfn += pdev->phantom_stride; if ( PCI_SLOT(devfn) != PCI_SLOT(pdev->devfn) ) break; - rc = hd->platform_ops->remove_device(devfn, pci_to_dev(pdev)); + rc = iommu_call(hd->platform_ops, remove_device, devfn, + pci_to_dev(pdev)); if ( !rc ) continue; @@ -1371,7 +1372,9 @@ static int iommu_remove_device(struct pci_dev *pdev) return rc; } - return hd->platform_ops->remove_device(pdev->devfn, pci_to_dev(pdev)); + devfn = pdev->devfn; + + return iommu_call(hd->platform_ops, remove_device, devfn, pci_to_dev(pdev)); } static int device_assigned(u16 seg, u8 bus, u8 devfn) @@ -1421,7 +1424,8 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) pdev->fault.count = 0; - if ( (rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag)) ) + if ( (rc = iommu_call(hd->platform_ops, assign_device, d, devfn, + pci_to_dev(pdev), flag)) ) goto done; for ( ; pdev->phantom_stride; rc = 0 ) @@ -1429,7 +1433,8 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) devfn += pdev->phantom_stride; if ( PCI_SLOT(devfn) != PCI_SLOT(pdev->devfn) ) break; - rc = hd->platform_ops->assign_device(d, devfn, pci_to_dev(pdev), flag); + rc = iommu_call(hd->platform_ops, assign_device, d, devfn, + pci_to_dev(pdev), flag); } done: @@ -1457,24 +1462,24 @@ static int iommu_get_device_group( if ( !is_iommu_enabled(d) || !ops->get_device_group_id ) return 0; - group_id = ops->get_device_group_id(seg, bus, devfn); + group_id = iommu_call(ops, get_device_group_id, seg, bus, devfn); pcidevs_lock(); for_each_pdev( d, pdev ) { - if ( (pdev->seg != seg) || - ((pdev->bus == bus) && (pdev->devfn == devfn)) ) + unsigned int b = pdev->bus; + unsigned int df = pdev->devfn; + + if ( (pdev->seg != seg) || ((b == bus) && (df == devfn)) ) continue; - if ( xsm_get_device_group(XSM_HOOK, (seg << 16) | (pdev->bus << 8) | pdev->devfn) ) + if ( xsm_get_device_group(XSM_HOOK, (seg << 16) | (b << 8) | df) ) continue; - sdev_id = ops->get_device_group_id(seg, pdev->bus, pdev->devfn); + sdev_id = iommu_call(ops, get_device_group_id, seg, b, df); if ( (sdev_id == group_id) && (i < max_sdevs) ) { - bdf = 0; - bdf |= (pdev->bus & 0xff) << 16; - bdf |= (pdev->devfn & 0xff) << 8; + bdf = (b << 16) | (df << 8); if ( unlikely(copy_to_guest_offset(buf, i, &bdf, 1)) ) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index f11280f4b2..583abed9bd 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -145,7 +145,7 @@ unsigned int iommu_read_apic_from_ire(unsigned int apic, unsigned int reg) int __init iommu_setup_hpet_msi(struct msi_desc *msi) { const struct iommu_ops *ops = iommu_get_ops(); - return ops->setup_hpet_msi ? ops->setup_hpet_msi(msi) : -ENODEV; + return ops->setup_hpet_msi ? iommu_call(ops, setup_hpet_msi, msi) : -ENODEV; } void __hwdom_init arch_iommu_check_autotranslated_hwdom(struct domain *d) @@ -406,7 +406,7 @@ int iommu_free_pgtables(struct domain *d) * Pages will be moved to the free list below. So we want to * clear the root page-table to avoid any potential use after-free. */ - hd->platform_ops->clear_root_pgtable(d); + iommu_vcall(hd->platform_ops, clear_root_pgtable, d); while ( (pg = page_list_remove_head(&hd->arch.pgtables.list)) ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 02:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 02:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263370.456070 (Exim 4.92) (envelope-from ) id 1nEidf-00036p-7L; Tue, 01 Feb 2022 02:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263370.456070; Tue, 01 Feb 2022 02:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidf-00036f-47; Tue, 01 Feb 2022 02:11:23 +0000 Received: by outflank-mailman (input) for mailman id 263370; Tue, 01 Feb 2022 02:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEide-00036M-LI for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEide-0007q9-KT for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEide-00058z-Gk for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RfNpbmqZO2UQV4/AEL/03ZBLUY1fbest4lbgMi9bbOM=; b=KJM9eCAmbQxTEuVtPjgR2rVquC lnhY/6wldQ5HSdzulyIxky8HihEIyGNa+d5PHq27km5Ueze9muEJdw1FqVKMM6lTOMNbSTLXowJMp 1G+6GQSiQPmQq7nQSu6SDxzzgI5QPdUuMmfW4mqAZO+/vSAKIGNPRr34kDMXPw57bj8s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL Message-Id: Date: Tue, 01 Feb 2022 02:11:22 +0000 commit d9d3496e817ace919092d70d4730257b37c2e743 Author: Dario Faggioli AuthorDate: Mon Jan 31 10:58:07 2022 +0100 Commit: Jan Beulich CommitDate: Mon Jan 31 10:58:07 2022 +0100 tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 , cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli Tested-by: James Fehlig Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_domain.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 544a9bf59d..d438232117 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1661,6 +1661,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, libxl_vcpuinfo *ptr, *ret; xc_domaininfo_t domaininfo; xc_vcpuinfo_t vcpuinfo; + unsigned int nr_vcpus; if (xc_domain_getinfolist(ctx->xch, domid, 1, &domaininfo) != 1) { LOGED(ERROR, domid, "Getting infolist"); @@ -1677,33 +1678,34 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1, sizeof(libxl_vcpuinfo)); - for (*nr_vcpus_out = 0; - *nr_vcpus_out <= domaininfo.max_vcpu_id; - ++*nr_vcpus_out, ++ptr) { + for (nr_vcpus = 0; + nr_vcpus <= domaininfo.max_vcpu_id; + ++nr_vcpus, ++ptr) { libxl_bitmap_init(&ptr->cpumap); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap, 0)) goto err; libxl_bitmap_init(&ptr->cpumap_soft); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap_soft, 0)) goto err; - if (xc_vcpu_getinfo(ctx->xch, domid, *nr_vcpus_out, &vcpuinfo) == -1) { + if (xc_vcpu_getinfo(ctx->xch, domid, nr_vcpus, &vcpuinfo) == -1) { LOGED(ERROR, domid, "Getting vcpu info"); goto err; } - if (xc_vcpu_getaffinity(ctx->xch, domid, *nr_vcpus_out, + if (xc_vcpu_getaffinity(ctx->xch, domid, nr_vcpus, ptr->cpumap.map, ptr->cpumap_soft.map, XEN_VCPUAFFINITY_SOFT|XEN_VCPUAFFINITY_HARD) == -1) { LOGED(ERROR, domid, "Getting vcpu affinity"); goto err; } - ptr->vcpuid = *nr_vcpus_out; + ptr->vcpuid = nr_vcpus; ptr->cpu = vcpuinfo.cpu; ptr->online = !!vcpuinfo.online; ptr->blocked = !!vcpuinfo.blocked; ptr->running = !!vcpuinfo.running; ptr->vcpu_time = vcpuinfo.cpu_time; } + *nr_vcpus_out = nr_vcpus; GC_FREE; return ret; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 02:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 02:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263372.456074 (Exim 4.92) (envelope-from ) id 1nEidp-0003Ar-8u; Tue, 01 Feb 2022 02:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263372.456074; Tue, 01 Feb 2022 02:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEidp-0003Aj-5t; Tue, 01 Feb 2022 02:11:33 +0000 Received: by outflank-mailman (input) for mailman id 263372; Tue, 01 Feb 2022 02:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEido-0003Aa-OC for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEido-0007qM-NP for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEido-00059f-Mc for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 02:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n6voaOd39alErd47QHmHU2FIDwKKPpX1tenJgFWNoCg=; b=RnfT5XCx+tk+ngdjOmQaWAb2Hc OAl3qCAHcrhIyl1lzwI5YjnrKsZVdApD71eLGayDE7H1DfDv163zrS8TbhaCKxXdzFV9vNN0mMTdU kFWYjhjPKhC3A+wEelJzLSMkPfp0dpQJavzNzEabClpstFTvFRRwe28EkWRBQKpIaWkg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gitignore: remove stale entries Message-Id: Date: Tue, 01 Feb 2022 02:11:32 +0000 commit c78901ab09bd0c469649f4ecbd325a6edb953592 Author: Juergen Gross AuthorDate: Mon Jan 31 10:58:24 2022 +0100 Commit: Jan Beulich CommitDate: Mon Jan 31 10:58:24 2022 +0100 gitignore: remove stale entries The entries referring to tools/security have become stale more than 10 years ago. Remove them. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- .gitignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3f9d55ba87..1f53b0320e 100644 --- a/.gitignore +++ b/.gitignore @@ -252,9 +252,6 @@ tools/qemu-xen-build tools/xentrace/xenalyze tools/pygrub/build/* tools/python/build/* -tools/security/secpol_tool -tools/security/xen/* -tools/security/xensec_tool tools/tests/depriv/depriv-fd-checker tools/tests/x86_emulator/*.bin tools/tests/x86_emulator/*.tmp -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 11:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 11:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263539.456265 (Exim 4.92) (envelope-from ) id 1nErPC-0005hO-Sj; Tue, 01 Feb 2022 11:33:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263539.456265; Tue, 01 Feb 2022 11:33:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPC-0005hG-Ps; Tue, 01 Feb 2022 11:33:02 +0000 Received: by outflank-mailman (input) for mailman id 263539; Tue, 01 Feb 2022 11:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPC-0005gv-8h for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPC-0001vZ-4h for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nErPC-00025o-3i for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XgSdQ3DIyJz8RMNr1uC+h2ZklJXABwIhXcPaqq9UXFY=; b=phNgQ2W38XEe2YaoecC5p0hmQg yxeBg7iWm0yFU8AZD/266YBBjy0/thhC8oEw4+HSSzTLAj4n3Es7eKBPeaIQv9v6Veuis4fqNFk5V 8boH4UAysBP4K87+XxSvWX/6vOIJ6mUbBH44uCgtLQooRGZ0BnGzeb23+PqBUe1EX2Vg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] iommu/ipmmu-vmsa: Use refcount for the micro-TLBs Message-Id: Date: Tue, 01 Feb 2022 11:33:02 +0000 commit c52af96fdcac9eff31465f39c0ffcceadca9ac9f Author: Oleksandr Tyshchenko AuthorDate: Thu Jan 27 21:55:51 2022 +0200 Commit: Julien Grall CommitDate: Mon Jan 31 18:33:20 2022 +0000 iommu/ipmmu-vmsa: Use refcount for the micro-TLBs Reference-count the micro-TLBs as several bus masters can be connected to the same micro-TLB (and drop TODO comment). This wasn't an issue so far, since the platform devices (this driver deals with) get assigned/deassigned together during domain creation/destruction. But, in order to support PCI devices (which are hot-pluggable) in the near future we will need to take care of. Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Yoshihiro Shimoda --- xen/drivers/passthrough/arm/ipmmu-vmsa.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/arm/ipmmu-vmsa.c b/xen/drivers/passthrough/arm/ipmmu-vmsa.c index 649b9f6362..c912120411 100644 --- a/xen/drivers/passthrough/arm/ipmmu-vmsa.c +++ b/xen/drivers/passthrough/arm/ipmmu-vmsa.c @@ -127,6 +127,7 @@ struct ipmmu_vmsa_device { spinlock_t lock; /* Protects ctx and domains[] */ DECLARE_BITMAP(ctx, IPMMU_CTX_MAX); struct ipmmu_vmsa_domain *domains[IPMMU_CTX_MAX]; + unsigned int utlb_refcount[IPMMU_UTLB_MAX]; const struct ipmmu_features *features; }; @@ -468,12 +469,17 @@ static int ipmmu_utlb_enable(struct ipmmu_vmsa_domain *domain, } /* - * TODO: Reference-count the micro-TLB as several bus masters can be - * connected to the same micro-TLB. + * Reference-count the micro-TLBs as several bus masters can be connected + * to the same micro-TLB. The platform devices get assigned/deassigned + * together during domain creation/destruction. The PCI devices which use + * the same micro-TLB must also be hot-(un)plugged together. */ - ipmmu_imuasid_write(mmu, utlb, 0); - ipmmu_imuctr_write(mmu, utlb, imuctr | - IMUCTR_TTSEL_MMU(domain->context_id) | IMUCTR_MMUEN); + if ( mmu->utlb_refcount[utlb]++ == 0 ) + { + ipmmu_imuasid_write(mmu, utlb, 0); + ipmmu_imuctr_write(mmu, utlb, imuctr | + IMUCTR_TTSEL_MMU(domain->context_id) | IMUCTR_MMUEN); + } return 0; } @@ -484,7 +490,10 @@ static void ipmmu_utlb_disable(struct ipmmu_vmsa_domain *domain, { struct ipmmu_vmsa_device *mmu = domain->mmu; - ipmmu_imuctr_write(mmu, utlb, 0); + ASSERT(mmu->utlb_refcount[utlb] > 0); + + if ( --mmu->utlb_refcount[utlb] == 0 ) + ipmmu_imuctr_write(mmu, utlb, 0); } /* Domain/Context Management */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 11:33:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 11:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263543.456269 (Exim 4.92) (envelope-from ) id 1nErPM-0005oA-UM; Tue, 01 Feb 2022 11:33:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263543.456269; Tue, 01 Feb 2022 11:33:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPM-0005o2-RO; Tue, 01 Feb 2022 11:33:12 +0000 Received: by outflank-mailman (input) for mailman id 263543; Tue, 01 Feb 2022 11:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPM-0005nt-8g for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nErPM-0001vh-7w for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nErPM-00026c-74 for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 11:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vMkqGYDztt5Tesw4TZ/qrh8TtkJiyPrEyb0HASQrktU=; b=hYRW2N59ysloFMif4LFLwJcAM1 z1oZzDc+BHdgOtKhdiMzGEKZg3xJeZgvv8GPqtoolfS96ywmaoOxF9zNT0Sk0j4JVgbuJeKYjRdAT l5/FaO8woZJiqaaoi/eGt7acfK/I42bmcr9fkLxY93jFgvJA5Dx9mhynI6RSr5iD1qgU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] iommu/arm: Remove code duplication in all IOMMU drivers Message-Id: Date: Tue, 01 Feb 2022 11:33:12 +0000 commit 481ee6125aa1d5751f52eda677c7bab4719c0ad0 Author: Oleksandr Tyshchenko AuthorDate: Thu Jan 27 21:55:52 2022 +0200 Commit: Julien Grall CommitDate: Mon Jan 31 18:33:31 2022 +0000 iommu/arm: Remove code duplication in all IOMMU drivers All IOMMU drivers on Arm perform almost the same generic actions in hwdom_init callback. Move this code to common arch_iommu_hwdom_init() in order to get rid of code duplication. Signed-off-by: Oleksandr Tyshchenko Reviewed-by: Volodymyr Babchuk Acked-by: Rahul Singh Acked-by: Julien Grall --- xen/drivers/passthrough/arm/iommu.c | 7 +++++++ xen/drivers/passthrough/arm/ipmmu-vmsa.c | 15 +-------------- xen/drivers/passthrough/arm/smmu-v3.c | 17 +---------------- xen/drivers/passthrough/arm/smmu.c | 17 +---------------- 4 files changed, 10 insertions(+), 46 deletions(-) diff --git a/xen/drivers/passthrough/arm/iommu.c b/xen/drivers/passthrough/arm/iommu.c index ee653a9c48..fc453180f0 100644 --- a/xen/drivers/passthrough/arm/iommu.c +++ b/xen/drivers/passthrough/arm/iommu.c @@ -134,6 +134,13 @@ void arch_iommu_domain_destroy(struct domain *d) void __hwdom_init arch_iommu_hwdom_init(struct domain *d) { + /* Set to false options not supported on ARM. */ + if ( iommu_hwdom_inclusive ) + printk(XENLOG_WARNING "map-inclusive dom0-iommu option is not supported on ARM\n"); + iommu_hwdom_inclusive = false; + if ( iommu_hwdom_reserved == 1 ) + printk(XENLOG_WARNING "map-reserved dom0-iommu option is not supported on ARM\n"); + iommu_hwdom_reserved = 0; } /* diff --git a/xen/drivers/passthrough/arm/ipmmu-vmsa.c b/xen/drivers/passthrough/arm/ipmmu-vmsa.c index c912120411..d2572bcd30 100644 --- a/xen/drivers/passthrough/arm/ipmmu-vmsa.c +++ b/xen/drivers/passthrough/arm/ipmmu-vmsa.c @@ -1329,19 +1329,6 @@ static int ipmmu_iommu_domain_init(struct domain *d) return 0; } -static void __hwdom_init ipmmu_iommu_hwdom_init(struct domain *d) -{ - /* Set to false options not supported on ARM. */ - if ( iommu_hwdom_inclusive ) - printk(XENLOG_WARNING "ipmmu: map-inclusive dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_inclusive = false; - if ( iommu_hwdom_reserved == 1 ) - printk(XENLOG_WARNING "ipmmu: map-reserved dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_reserved = 0; - - arch_iommu_hwdom_init(d); -} - static void ipmmu_iommu_domain_teardown(struct domain *d) { struct ipmmu_vmsa_xen_domain *xen_domain = dom_iommu(d)->arch.priv; @@ -1369,7 +1356,7 @@ static void ipmmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops ipmmu_iommu_ops = { .init = ipmmu_iommu_domain_init, - .hwdom_init = ipmmu_iommu_hwdom_init, + .hwdom_init = arch_iommu_hwdom_init, .teardown = ipmmu_iommu_domain_teardown, .iotlb_flush = ipmmu_iotlb_flush, .iotlb_flush_all = ipmmu_iotlb_flush_all, diff --git a/xen/drivers/passthrough/arm/smmu-v3.c b/xen/drivers/passthrough/arm/smmu-v3.c index d115df7320..71b022fe7f 100644 --- a/xen/drivers/passthrough/arm/smmu-v3.c +++ b/xen/drivers/passthrough/arm/smmu-v3.c @@ -3402,21 +3402,6 @@ static int arm_smmu_iommu_xen_domain_init(struct domain *d) } -static void __hwdom_init arm_smmu_iommu_hwdom_init(struct domain *d) -{ - /* Set to false options not supported on ARM. */ - if (iommu_hwdom_inclusive) - printk(XENLOG_WARNING - "map-inclusive dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_inclusive = false; - if (iommu_hwdom_reserved == 1) - printk(XENLOG_WARNING - "map-reserved dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_reserved = 0; - - arch_iommu_hwdom_init(d); -} - static void arm_smmu_iommu_xen_domain_teardown(struct domain *d) { struct arm_smmu_xen_domain *xen_domain = dom_iommu(d)->arch.priv; @@ -3427,7 +3412,7 @@ static void arm_smmu_iommu_xen_domain_teardown(struct domain *d) static const struct iommu_ops arm_smmu_iommu_ops = { .init = arm_smmu_iommu_xen_domain_init, - .hwdom_init = arm_smmu_iommu_hwdom_init, + .hwdom_init = arch_iommu_hwdom_init, .teardown = arm_smmu_iommu_xen_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, .iotlb_flush_all = arm_smmu_iotlb_flush_all, diff --git a/xen/drivers/passthrough/arm/smmu.c b/xen/drivers/passthrough/arm/smmu.c index c9dfc4caa0..b186c28dff 100644 --- a/xen/drivers/passthrough/arm/smmu.c +++ b/xen/drivers/passthrough/arm/smmu.c @@ -2849,21 +2849,6 @@ static int arm_smmu_iommu_domain_init(struct domain *d) return 0; } -static void __hwdom_init arm_smmu_iommu_hwdom_init(struct domain *d) -{ - /* Set to false options not supported on ARM. */ - if ( iommu_hwdom_inclusive ) - printk(XENLOG_WARNING - "map-inclusive dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_inclusive = false; - if ( iommu_hwdom_reserved == 1 ) - printk(XENLOG_WARNING - "map-reserved dom0-iommu option is not supported on ARM\n"); - iommu_hwdom_reserved = 0; - - arch_iommu_hwdom_init(d); -} - static void arm_smmu_iommu_domain_teardown(struct domain *d) { struct arm_smmu_xen_domain *xen_domain = dom_iommu(d)->arch.priv; @@ -2874,7 +2859,7 @@ static void arm_smmu_iommu_domain_teardown(struct domain *d) static const struct iommu_ops arm_smmu_iommu_ops = { .init = arm_smmu_iommu_domain_init, - .hwdom_init = arm_smmu_iommu_hwdom_init, + .hwdom_init = arch_iommu_hwdom_init, .add_device = arm_smmu_dt_add_device_generic, .teardown = arm_smmu_iommu_domain_teardown, .iotlb_flush = arm_smmu_iotlb_flush, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263605.456361 (Exim 4.92) (envelope-from ) id 1nEtHP-0004hV-Ut; Tue, 01 Feb 2022 13:33:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263605.456361; Tue, 01 Feb 2022 13:33:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHP-0004hN-S2; Tue, 01 Feb 2022 13:33:07 +0000 Received: by outflank-mailman (input) for mailman id 263605; Tue, 01 Feb 2022 13:33:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHO-0004hH-OF for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHO-00043K-Mf for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtHO-0001qn-Kz for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZVZNk/MDkSZVn3YzHzpLXiTwf5MjmkN9/1FBFoC+NtY=; b=UQkh4frYHVNBW/C4wkA0KKxfwV tBtUKKkkBzyrpewdlgUKMx0XXeKBBG465CiM8eJDPOi0FcCOwwNFXO6quv1rOBD3i2U9r2pzLDllg XD/oxuTHsJ+hib/A3+UxuZjRKzAAQdC38zNhMNacuRzQ/bQv73wHYz93OaNANxK/yRcg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Tue, 01 Feb 2022 13:33:06 +0000 commit 15b7611efd497c4b65f350483857082cb70fc348 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6e44148a09..fd8ab25723 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -266,7 +266,7 @@ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263606.456365 (Exim 4.92) (envelope-from ) id 1nEtHa-0004jB-02; Tue, 01 Feb 2022 13:33:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263606.456365; Tue, 01 Feb 2022 13:33:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHZ-0004j3-TT; Tue, 01 Feb 2022 13:33:17 +0000 Received: by outflank-mailman (input) for mailman id 263606; Tue, 01 Feb 2022 13:33:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHY-0004it-R6 for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHY-00043O-QN for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtHY-0001re-Os for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1rno0GeAPd86xsTmJKXlqtQd5dQJ/fpbuZXEKEI5VcQ=; b=HiesGiZaHGXkVOPqvMXbwKpyyF b4Hj+cWBii8ugIwGOAKnWdH4XRX/DxZY3PH9AMeIHdG3IEraCLrXtkhbueaVgegI7LbZjXnWk42Qp 4gyFFT5ACv3FwPBMtD+z0deOQtXGBrj0Zjuwb7rJ9+6BRV713UAlU6n/j4cejyXL9o0I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Tue, 01 Feb 2022 13:33:16 +0000 commit ec083bf552c35e10347449e21809f4780f8155d2 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c18cc8aa49..8a550d0a09 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263607.456369 (Exim 4.92) (envelope-from ) id 1nEtHk-0004ma-1x; Tue, 01 Feb 2022 13:33:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263607.456369; Tue, 01 Feb 2022 13:33:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHj-0004mQ-V1; Tue, 01 Feb 2022 13:33:27 +0000 Received: by outflank-mailman (input) for mailman id 263607; Tue, 01 Feb 2022 13:33:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHi-0004m6-Ue for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHi-00043i-Tr for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtHi-0001sJ-Sa for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eyULlRbImWoJeJbQZIMk1wXb8k2VifLndnl1TAGEWnU=; b=vGGmWCLEGilXpfDPs+18gnjQUN dCE0n5PKtk/g7ewbIPsHOrb2QWa5Jhim5AN1w4429FLW6b4h1ipy1qQGQVKSC0FHjQwVXZM6QC7da pZTNttD5GMwIcKAouoQ6USZQkABohpLpcXW5KCo/3DJFvu62eGYGz4z745bBW3gSyMIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Tue, 01 Feb 2022 13:33:26 +0000 commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8a550d0a09..2072daf662 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263608.456373 (Exim 4.92) (envelope-from ) id 1nEtHu-0004pl-3J; Tue, 01 Feb 2022 13:33:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263608.456373; Tue, 01 Feb 2022 13:33:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHu-0004pd-0I; Tue, 01 Feb 2022 13:33:38 +0000 Received: by outflank-mailman (input) for mailman id 263608; Tue, 01 Feb 2022 13:33:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHt-0004pM-1w for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtHt-00043s-18 for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtHs-0001t1-W0 for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xp7l0LX1lwTzHD8sSun41nQLylehV+yBEzBtEtbK4vA=; b=0nSwh117Ycdgp2rZpNZBd2/sTE Kllx/DyU9E0FyS6hfiSxBtZAvNSuD6l/p4P2qDP+3ogJehSIGB2H16Bd05iIrZ80opTn1jp7H45Rr eO82hottsVPoTXMve8y4Vsx4OR6GjLdEx9KS+VurhE3HdxzdXsTFfULTNvhyl7Sp+DdU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Tue, 01 Feb 2022 13:33:36 +0000 commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263609.456377 (Exim 4.92) (envelope-from ) id 1nEtI4-0004se-57; Tue, 01 Feb 2022 13:33:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263609.456377; Tue, 01 Feb 2022 13:33:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtI4-0004sW-25; Tue, 01 Feb 2022 13:33:48 +0000 Received: by outflank-mailman (input) for mailman id 263609; Tue, 01 Feb 2022 13:33:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtI3-0004sN-5Y for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtI3-000442-4o for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtI3-0001tj-3Y for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fw+FKfJnr6SmO8YJHYdJf93CCoDLlz0tDh+XZFWMfEw=; b=YRA4tH7lG+RVFgsy+0aT3+z1rB 1E7ojuwj+V0IzpcnvQrQk6ZPm2xxWkNlmEVNDL7nMUXHuJMayYUIO9l6KzkkcmdgCmM31Y9P1W81j Iz3hNSIBVumsLXZXr7KiLqQjUJk+NJxIqOQ0JTkcTzlqjgyPFGPOe3BUplVfmJjqFR7w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Tue, 01 Feb 2022 13:33:47 +0000 commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 4 ++++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index cfbedc3198..dc0edd9ed0 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index e716005145..115f8f6517 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1930,9 +1930,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 08c0f2d9df..1cfdf96207 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -323,6 +323,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -379,7 +381,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2072daf662..b2fd86ebe5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1270,6 +1270,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1278,15 +1281,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:33:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:33:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263610.456381 (Exim 4.92) (envelope-from ) id 1nEtIE-0004vd-6s; Tue, 01 Feb 2022 13:33:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263610.456381; Tue, 01 Feb 2022 13:33:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIE-0004vV-3b; Tue, 01 Feb 2022 13:33:58 +0000 Received: by outflank-mailman (input) for mailman id 263610; Tue, 01 Feb 2022 13:33:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtID-0004vK-9L for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtID-00044S-8Z for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtID-0001uI-7E for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:33:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uCVqCEU7Xdp52IOdHD7LtGs5rfCUB6O0UbTi9wnMLwY=; b=chtY9iJQB0e2lBdLyx8IaH44cq KO7edtq5pWiWFZ1n23cnIxEV/9EEtdUDGMYzBgn5gLtEyexF6ZIxY5to+SMZxvScxFIsac9P6u30v YOXKuWhl6X5KM2E02fgwgFFs7fZRJ+CEGRpa3fWlYGg8g3RtnVqZ6HeT9QiKL1Q2AN38=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Tue, 01 Feb 2022 13:33:57 +0000 commit 378f2e6df31442396f0afda19794c5c6091d96f9 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/include/asm/hvm/svm/svm.h | 3 +++ xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f87484b7ce..a8e37dbb1f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/asm/hvm/svm/svm.h index 05e9685026..09c32044ec 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 1cfdf96207..22ae4c1b2d 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -380,7 +380,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b2fd86ebe5..ee862089b7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -936,7 +937,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1031,12 +1033,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:34:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:34:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263611.456385 (Exim 4.92) (envelope-from ) id 1nEtIP-0004z1-9V; Tue, 01 Feb 2022 13:34:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263611.456385; Tue, 01 Feb 2022 13:34:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIP-0004yt-6d; Tue, 01 Feb 2022 13:34:09 +0000 Received: by outflank-mailman (input) for mailman id 263611; Tue, 01 Feb 2022 13:34:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIN-0004yh-CX for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIN-00044w-Bw for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtIN-0001vF-Ap for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s0Lytik44TwDGBvCHiBHNIvF7nfXxgDCFpSyKhuTmX8=; b=173bVht5Gg5Dq9nYf/C/rYQXBK VOz7FU4I8OKsqGqruhcJxIxV4Pp47MAVGng3lIG88bvMQ0gSSK67Xk9c2EJypWLx0Hshm5SNVfRmO 5vq9nOlDL9R8hJ+UpIOCjtFuL8LzM8MmGPrXw90RPPVczVtdaHNU/y9mTtIvP8NqnsCk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Tue, 01 Feb 2022 13:34:07 +0000 commit 614cec7d79d76786f5638a6e4da0576b57732ca1 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++----- xen/arch/x86/include/asm/msr.h | 9 +++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 +++ xen/arch/x86/x86_64/asm-offsets.c | 1 + 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 649892643f..287dac101a 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -126,6 +126,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:34:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:34:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263612.456389 (Exim 4.92) (envelope-from ) id 1nEtIZ-00051a-B2; Tue, 01 Feb 2022 13:34:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263612.456389; Tue, 01 Feb 2022 13:34:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIZ-00051R-86; Tue, 01 Feb 2022 13:34:19 +0000 Received: by outflank-mailman (input) for mailman id 263612; Tue, 01 Feb 2022 13:34:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIX-000517-Fs for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIX-000456-FD for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtIX-0001wG-EE for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B1S5ADOxKBHZ3J4ug19rk2W6kgVZn8R0Rb6z04hu3RA=; b=wYuQWa/Cc3xbPsHVOUQUzxQqFc zDlrZNXs0vKQyqpHT2pVLbElkKWpTIV/WG+s8fGr9iWUi3hprHkUCq0gGZ6dHCdkYHIJSi4tGMAcq fi1Q8N2ygGOzNsIF6IkeOTo1msIEEqAh9zmKN5/Dk8i+aCLs9WqkdEgNRR45CZFkFz+A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Tue, 01 Feb 2022 13:34:17 +0000 commit 22b9add22b4a9af37305c8441fec12cb26bd142b Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index bb6b8e560a..5459fbf4d4 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2471,10 +2471,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2485,10 +2489,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 5e80c8b47c..4ac5b5a048 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -265,7 +265,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -442,7 +442,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -450,6 +451,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -526,7 +528,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 13:34:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 13:34:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263613.456393 (Exim 4.92) (envelope-from ) id 1nEtIj-00054a-Cp; Tue, 01 Feb 2022 13:34:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263613.456393; Tue, 01 Feb 2022 13:34:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIj-00054Q-9i; Tue, 01 Feb 2022 13:34:29 +0000 Received: by outflank-mailman (input) for mailman id 263613; Tue, 01 Feb 2022 13:34:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIh-00054E-Ka for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEtIh-00045A-Jo for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEtIh-0001xA-Hb for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 13:34:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GIJuQ+uWYoUUoIkE+LTugY8Oz0ENX02jsFXEoC1N+18=; b=UxgzMceC5zEm81hxaCYWXsaMgQ 5/4ycK0nPpA4XrgyRL36tAWtI7PulkfeM0gfYv4U1RjNSl9WuXDZsXOtSZ9S2ZENOpkpUzouODvm2 +vLn3gSsEQWC5BAsA1VO+OHoXq8zN+JFt785QEdDDD7IBI7bPTwdT5XAPdxtTXTB9t0E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Tue, 01 Feb 2022 13:34:27 +0000 commit a7e7c7260cde78a148810db5320cbf39686c3e09 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index b5af48324a..e24dd283e7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -433,6 +433,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -456,11 +458,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -530,11 +535,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 5459fbf4d4..c4ce3f75ab 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index fd8ab25723..957df23b65 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -256,18 +256,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 470cd76d1c..39c8b0c774 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -277,16 +277,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 01 14:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Feb 2022 14:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263630.456419 (Exim 4.92) (envelope-from ) id 1nEuO5-0004DP-UW; Tue, 01 Feb 2022 14:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263630.456419; Tue, 01 Feb 2022 14:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEuO5-0004DH-RZ; Tue, 01 Feb 2022 14:44:05 +0000 Received: by outflank-mailman (input) for mailman id 263630; Tue, 01 Feb 2022 14:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEuO4-0004DB-Il for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 14:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nEuO4-0005Rp-Hh for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 14:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nEuO4-0007Qf-Gh for xen-changelog@lists.xenproject.org; Tue, 01 Feb 2022 14:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tpevtCrjAAdcBfBa0Yu1S98FBYzGxvMO2w9ouledgN0=; b=FBHB3AtILsWcShh7CAugdzY+io vmxhJtPi79wKQxhwrRzVG+zu7t17zggF+ILdTnDxrJ+K85AA9aDRF+t9rBQMk6Q0SOlw14qqaNqqP Qgx0HfHZ0SIF3a1Hk/b2OlgCNdtp7fd+A9y/0aQhWz4rc+aM8pdMVCkSQOH+MNl0mj1s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Tue, 01 Feb 2022 14:44:04 +0000 commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 14:41:38 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 09:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 09:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263902.456763 (Exim 4.92) (envelope-from ) id 1nFC0g-00030D-9p; Wed, 02 Feb 2022 09:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263902.456763; Wed, 02 Feb 2022 09:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0g-000305-6n; Wed, 02 Feb 2022 09:33:06 +0000 Received: by outflank-mailman (input) for mailman id 263902; Wed, 02 Feb 2022 09:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0e-0002zy-IS for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0e-0006Fk-HV for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFC0e-0007jG-GQ for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IOQvgAbzF2D271humOe1hXS0c2AFienqwyv4tm3NkFE=; b=27MUj6qsXEmpHvH8XoBmYYNjxX QUhLRIpYlazojidB9oXaZdTVSJdy8PVJfcIDiDxux5lFIuWLAFl7o0Y6hFNRLHyOwzhHHrR6Yx6at +0Jbn+vMHppyGuTX5txjHmuEqAy6Bgn+GUPHv9/kQm71Xc4QJoHmoyWb/z4Vv5JbBqrk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] EFI: always map EfiRuntimeServices{Code,Data} Message-Id: Date: Wed, 02 Feb 2022 09:33:04 +0000 commit e3abdc626a732c780f54c783075694c3f951edae Author: Sergey Temerkhanov AuthorDate: Wed Feb 2 10:24:56 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:24:56 2022 +0100 EFI: always map EfiRuntimeServices{Code,Data} This helps overcome problems observed with some UEFI implementations which don't set the Attributes field in memery descriptors properly. Signed-off-by: Sergey Temerkhanov Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu Reviewed-by: Julien Grall --- xen/common/efi/boot.c | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 5ceb535ad0..12fd0844bd 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1094,7 +1094,13 @@ static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *Syste { EFI_MEMORY_DESCRIPTOR *desc = efi_memmap + i; - if ( desc->Attribute & EFI_MEMORY_RUNTIME ) + /* + * Runtime services regions are always mapped here. + * Attributes may be adjusted in efi_init_memory(). + */ + if ( (desc->Attribute & EFI_MEMORY_RUNTIME) || + desc->Type == EfiRuntimeServicesCode || + desc->Type == EfiRuntimeServicesData ) desc->VirtualStart = desc->PhysicalStart; else desc->VirtualStart = INVALID_VIRTUAL_ADDRESS; @@ -1545,13 +1551,36 @@ void __init efi_init_memory(void) ROUNDUP(desc->PhysicalStart + len, PAGE_SIZE)); } - if ( !efi_enabled(EFI_RS) || - (!(desc->Attribute & EFI_MEMORY_RUNTIME) && - (!map_bs || - (desc->Type != EfiBootServicesCode && - desc->Type != EfiBootServicesData))) ) + if ( !efi_enabled(EFI_RS) ) continue; + if ( !(desc->Attribute & EFI_MEMORY_RUNTIME) ) + { + switch ( desc->Type ) + { + default: + continue; + + /* + * Adjust runtime services regions. Keep in sync with + * efi_exit_boot(). + */ + case EfiRuntimeServicesCode: + case EfiRuntimeServicesData: + printk(XENLOG_WARNING + "Setting RUNTIME attribute for %013" PRIx64 "-%013" PRIx64 "\n", + desc->PhysicalStart, desc->PhysicalStart + len - 1); + desc->Attribute |= EFI_MEMORY_RUNTIME; + break; + + case EfiBootServicesCode: + case EfiBootServicesData: + if ( !map_bs ) + continue; + break; + } + } + desc->VirtualStart = INVALID_VIRTUAL_ADDRESS; smfn = PFN_DOWN(desc->PhysicalStart); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 09:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 09:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263903.456767 (Exim 4.92) (envelope-from ) id 1nFC0q-00032v-Cm; Wed, 02 Feb 2022 09:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263903.456767; Wed, 02 Feb 2022 09:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0q-00032m-9W; Wed, 02 Feb 2022 09:33:16 +0000 Received: by outflank-mailman (input) for mailman id 263903; Wed, 02 Feb 2022 09:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0o-00032Q-Lw for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0o-0006G7-L8 for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFC0o-0007kD-K6 for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U8sPdOvKM5v/QvBbE94ZxSQABZdp9Es5GnbelCGPDwg=; b=lv7h6uoRynalPs8x6dMV/ccwIH SpMikDY+hCjOE9uVQv6w15S11bdMXgT5sf9CzT2cIGudtmg2P4B8FXyjSVi5V94oQhim9hzGgyG45 ewmjslYmdD7qKo0p71fvGuDdAE15AJig/AFXJOjgqPmD5aogD7upaeUo+nz0lqSC+P34=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] memory: XENMEM_add_to_physmap (almost) wrapping checks Message-Id: Date: Wed, 02 Feb 2022 09:33:14 +0000 commit ef0f94a48fd7b6a33b4460e545572c65573cc3e0 Author: Jan Beulich AuthorDate: Wed Feb 2 10:26:06 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:26:06 2022 +0100 memory: XENMEM_add_to_physmap (almost) wrapping checks Determining that behavior is correct (i.e. results in failure) for a passed in GFN equaling INVALID_GFN is non-trivial. Make this quite a bit more obvious by checking input in generic code - both for singular requests to not match the value and for range ones to not pass / wrap through it. For Arm similarly make more obvious that no wrapping of MFNs passed for XENMAPSPACE_dev_mmio and thus to map_dev_mmio_region() can occur: Drop the "nr" parameter of the function to avoid future callers appearing which might not themselves check for wrapping. Otherwise the respective ASSERT() in rangeset_contains_range() could trigger. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/p2m.h | 5 +---- xen/arch/arm/mm.c | 2 +- xen/arch/arm/p2m.c | 13 +++++-------- xen/common/grant_table.c | 3 +++ xen/common/memory.c | 18 ++++++++++++++++++ 5 files changed, 28 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/include/asm/p2m.h b/xen/arch/arm/include/asm/p2m.h index 8f11d9c97b..8cce459b67 100644 --- a/xen/arch/arm/include/asm/p2m.h +++ b/xen/arch/arm/include/asm/p2m.h @@ -295,10 +295,7 @@ int unmap_regions_p2mt(struct domain *d, unsigned long nr, mfn_t mfn); -int map_dev_mmio_region(struct domain *d, - gfn_t gfn, - unsigned long nr, - mfn_t mfn); +int map_dev_mmio_page(struct domain *d, gfn_t gfn, mfn_t mfn); int p2m_insert_mapping(struct domain *d, gfn_t start_gfn, unsigned long nr, mfn_t mfn, p2m_type_t t); diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index eea926d823..b1eae767c2 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1479,7 +1479,7 @@ int xenmem_add_to_physmap_one( break; } case XENMAPSPACE_dev_mmio: - rc = map_dev_mmio_region(d, gfn, 1, _mfn(idx)); + rc = map_dev_mmio_page(d, gfn, _mfn(idx)); return rc; default: diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index fb71fa4c1c..02cf852d4c 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1355,21 +1355,18 @@ int unmap_mmio_regions(struct domain *d, return p2m_remove_mapping(d, start_gfn, nr, mfn); } -int map_dev_mmio_region(struct domain *d, - gfn_t gfn, - unsigned long nr, - mfn_t mfn) +int map_dev_mmio_page(struct domain *d, gfn_t gfn, mfn_t mfn) { int res; - if ( !(nr && iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn) + nr - 1)) ) + if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn)) ) return 0; - res = p2m_insert_mapping(d, gfn, nr, mfn, p2m_mmio_direct_c); + res = p2m_insert_mapping(d, gfn, 1, mfn, p2m_mmio_direct_c); if ( res < 0 ) { - printk(XENLOG_G_ERR "Unable to map MFNs [%#"PRI_mfn" - %#"PRI_mfn" in Dom%d\n", - mfn_x(mfn), mfn_x(mfn) + nr - 1, d->domain_id); + printk(XENLOG_G_ERR "Unable to map MFN %#"PRI_mfn" in %pd\n", + mfn_x(mfn), d); return res; } diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ed1e2fabce..233c4bfcbe 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4157,7 +4157,10 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) bool status = false; if ( gfn_eq(gfn, INVALID_GFN) ) + { + ASSERT_UNREACHABLE(); return -EINVAL; + } grant_write_lock(gt); diff --git a/xen/common/memory.c b/xen/common/memory.c index 30d255da35..0d7c413df8 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -832,6 +832,9 @@ int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp, return -EACCES; } + if ( gfn_eq(_gfn(xatp->gpfn), INVALID_GFN) ) + return -EINVAL; + if ( xatp->space == XENMAPSPACE_gmfn_foreign ) extra.foreign_domid = DOMID_INVALID; @@ -842,6 +845,18 @@ int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp, if ( xatp->size < start ) return -EILSEQ; + if ( xatp->gpfn + xatp->size < xatp->gpfn || + xatp->idx + xatp->size < xatp->idx ) + { + /* + * Make sure INVALID_GFN is the highest representable value, i.e. + * guaranteeing that it won't fall in the middle of the + * [xatp->gpfn, xatp->gpfn + xatp->size) range checked above. + */ + BUILD_BUG_ON(INVALID_GFN_RAW + 1); + return -EOVERFLOW; + } + xatp->idx += start; xatp->gpfn += start; xatp->size -= start; @@ -962,6 +977,9 @@ static int xenmem_add_to_physmap_batch(struct domain *d, extent, 1)) ) return -EFAULT; + if ( gfn_eq(_gfn(gpfn), INVALID_GFN) ) + return -EINVAL; + rc = xenmem_add_to_physmap_one(d, xatpb->space, extra, idx, _gfn(gpfn)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 09:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 09:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263904.456772 (Exim 4.92) (envelope-from ) id 1nFC10-00036J-E6; Wed, 02 Feb 2022 09:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263904.456772; Wed, 02 Feb 2022 09:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC10-00036B-B2; Wed, 02 Feb 2022 09:33:26 +0000 Received: by outflank-mailman (input) for mailman id 263904; Wed, 02 Feb 2022 09:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0y-00035v-Qo for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFC0y-0006GQ-OF for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFC0y-0007kz-NM for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 09:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8qo8X1w884dAWObHSn5iHuk5ZeT5yrSKYlyhtf6LR/Q=; b=aTC9Vq7+COF2JFGI/Ovt2rJW+t aDYOZP+AL/zYn3DPSy7CcfUadGYfGyXgyeOQAloyiR3mtUq7iVYzWND9j7PIO1Ju4hxmNdHiIYfLn f7/CSiQdnL7sMritzes6tw0n0/yFdkqbMDejz/13mi5rXvH9DWJ7FjuKwk3DjlbFYq/A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mwait-idle: enable interrupts before C1 on Xeons Message-Id: Date: Wed, 02 Feb 2022 09:33:24 +0000 commit b17e0ec72eded037297f34a233655aad23f64711 Author: Artem Bityutskiy AuthorDate: Wed Feb 2 10:28:29 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:28:29 2022 +0100 x86/mwait-idle: enable interrupts before C1 on Xeons Enable local interrupts before requesting C1 on the last two generations of Intel Xeon platforms: Sky Lake, Cascade Lake, Cooper Lake, Ice Lake. This decreases average C1 interrupt latency by about 5-10%, as measured with the 'wult' tool. The '->enter()' function of the driver enters C-states with local interrupts disabled by executing the 'monitor' and 'mwait' pair of instructions. If an interrupt happens, the CPU exits the C-state and continues executing instructions after 'mwait'. It does not jump to the interrupt handler, because local interrupts are disabled. The cpuidle subsystem enables interrupts a bit later, after doing some housekeeping. With this patch, we enable local interrupts before requesting C1. In this case, if the CPU wakes up because of an interrupt, it will jump to the interrupt handler right away. The cpuidle housekeeping will be done after the pending interrupt(s) are handled. Enabling interrupts before entering a C-state has measurable impact for faster C-states, like C1. Deeper, but slower C-states like C6 do not really benefit from this sort of change, because their latency is a lot higher comparing to the delay added by cpuidle housekeeping. This change was also tested with cyclictest and dbench. In case of Ice Lake, the average cyclictest latency decreased by 5.1%, and the average 'dbench' throughput increased by about 0.8%. Both tests were run for 4 hours with only C1 enabled (all other idle states, including 'POLL', were disabled). CPU frequency was pinned to HFM, and uncore frequency was pinned to the maximum value. The other platforms had similar single-digit percentage improvements. It is worth noting that this patch affects 'cpuidle' statistics a tiny bit. Before this patch, C1 residency did not include the interrupt handling time, but with this patch, it will include it. This is similar to what happens in case of the 'POLL' state, which also runs with interrupts enabled. Suggested-by: Len Brown Signed-off-by: Artem Bityutskiy [Linux commit: c227233ad64c77e57db738ab0e46439db71822a3] We don't have a pointer into cpuidle_state_table[] readily available. To compensate, propagate the flag into struct acpi_processor_cx. Unlike Linux we want to - disable IRQs again after MWAITing, as subsequently invoked functions assume so, - avoid enabling IRQs if cstate_restore_tsc() is not a no-op, to avoid interfering with, in particular, the time rendezvous. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 22 +++++++++++++++++++--- xen/include/xen/cpuidle.h | 1 + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 12524eefd4..24d073d315 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -107,6 +107,11 @@ static const struct cpuidle_state { } *cpuidle_state_table; #define CPUIDLE_FLAG_DISABLED 0x1 +/* + * Enable interrupts before entering the C-state. On some platforms and for + * some C-states, this may measurably decrease interrupt latency. + */ +#define CPUIDLE_FLAG_IRQ_ENABLE 0x8000 /* * Set this flag for states where the HW flushes the TLB for us * and so we don't need cross-calls to keep it consistent. @@ -539,7 +544,7 @@ static struct cpuidle_state __read_mostly skl_cstates[] = { static struct cpuidle_state __read_mostly skx_cstates[] = { { .name = "C1", - .flags = MWAIT2flg(0x00), + .flags = MWAIT2flg(0x00) | CPUIDLE_FLAG_IRQ_ENABLE, .exit_latency = 2, .target_residency = 2, }, @@ -561,7 +566,7 @@ static struct cpuidle_state __read_mostly skx_cstates[] = { static const struct cpuidle_state icx_cstates[] = { { .name = "C1", - .flags = MWAIT2flg(0x00), + .flags = MWAIT2flg(0x00) | CPUIDLE_FLAG_IRQ_ENABLE, .exit_latency = 1, .target_residency = 1, }, @@ -842,9 +847,15 @@ static void mwait_idle(void) update_last_cx_stat(power, cx, before); - if (cpu_is_haltable(cpu)) + if (cpu_is_haltable(cpu)) { + if (cx->irq_enable_early) + local_irq_enable(); + mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); + local_irq_disable(); + } + after = alternative_call(cpuidle_get_tick); cstate_restore_tsc(); @@ -1335,6 +1346,11 @@ static int mwait_idle_cpu_init(struct notifier_block *nfb, cx->latency = cpuidle_state_table[cstate].exit_latency; cx->target_residency = cpuidle_state_table[cstate].target_residency; + if ((cpuidle_state_table[cstate].flags & + CPUIDLE_FLAG_IRQ_ENABLE) && + /* cstate_restore_tsc() needs to be a no-op */ + boot_cpu_has(X86_FEATURE_NONSTOP_TSC)) + cx->irq_enable_early = true; dev->count++; } diff --git a/xen/include/xen/cpuidle.h b/xen/include/xen/cpuidle.h index af50d37bb7..bd24a31e12 100644 --- a/xen/include/xen/cpuidle.h +++ b/xen/include/xen/cpuidle.h @@ -42,6 +42,7 @@ struct acpi_processor_cx u8 idx; u8 type; /* ACPI_STATE_Cn */ u8 entry_method; /* ACPI_CSTATE_EM_xxx */ + bool irq_enable_early; u32 address; u32 latency; u32 target_residency; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263972.456874 (Exim 4.92) (envelope-from ) id 1nFCQl-0002WR-6F; Wed, 02 Feb 2022 10:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263972.456874; Wed, 02 Feb 2022 10:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQl-0002W3-3F; Wed, 02 Feb 2022 10:00:03 +0000 Received: by outflank-mailman (input) for mailman id 263972; Wed, 02 Feb 2022 10:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQj-0002E5-ML for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQj-0006rY-Lc for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCQj-0000zW-KP for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FwhaN2FtTGrnPewBfCxQW9JNREbW8Nd/vmjuZlQplOw=; b=D7Yi+ds0IT4ijJMzx5tCFc0Ddy kwZQfBiHHB53QmpWRBg6EEIc/i/2VWWKTtD55yUoOinw96/AYBMXHm8htWvdpAbsCOMwu3Zs6jpy5 x5xUZjvW3zou3prCDBBFM09yg7WwjdBidY8cO3x3IHWpTn9P25tq6uiSgq4uWYKmwqws=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Wed, 02 Feb 2022 10:00:01 +0000 commit 15b7611efd497c4b65f350483857082cb70fc348 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6e44148a09..fd8ab25723 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -266,7 +266,7 @@ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263973.456878 (Exim 4.92) (envelope-from ) id 1nFCQv-0002tI-81; Wed, 02 Feb 2022 10:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263973.456878; Wed, 02 Feb 2022 10:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQv-0002tA-4q; Wed, 02 Feb 2022 10:00:13 +0000 Received: by outflank-mailman (input) for mailman id 263973; Wed, 02 Feb 2022 10:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQt-0002sw-PQ for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCQt-0006rz-Og for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCQt-00011R-Nl for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HBF3uE/n4/pkA6Dpzo2Bsw2D+SE7l4aJic3mLdMXgfs=; b=E/kwINuOLsAftvagWQ3cn9+YpP L83hzfGpU9DU0wcC6rppPTBji+jvSGULcJKDcRK3++i44PqsKkMD3hosCYMnN4s7vPTSu8aXVw+7G JmRuAYU2gYeCcmorT74gLOh0Tj+mV7WCbXIZtN7FJ9MDsExN9nYl7LvZ/FNKifMb5llU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Wed, 02 Feb 2022 10:00:11 +0000 commit ec083bf552c35e10347449e21809f4780f8155d2 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c18cc8aa49..8a550d0a09 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263975.456883 (Exim 4.92) (envelope-from ) id 1nFCR5-0002wM-9m; Wed, 02 Feb 2022 10:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263975.456883; Wed, 02 Feb 2022 10:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCR5-0002wE-6M; Wed, 02 Feb 2022 10:00:23 +0000 Received: by outflank-mailman (input) for mailman id 263975; Wed, 02 Feb 2022 10:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCR3-0002vz-SJ for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCR3-0006sC-Rg for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCR3-00012X-Qp for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UPsxWK+AicYnAeP/smsuuW7mdY1k7efyzVi+24Q6E2o=; b=1cCBHkj3T0KRQ19ll8N4z0pe0Y Hl5RlYS6atgINrNOkSmQIj955GvgcxY8pGJ0MITvBIAkU20yZgT2ldjsBqABE0vfl7Ab9VFzJCKpt kzmxLZEhOGWo2IWkm/7UmJucjSeeBWIDtZZv0S89cEOme+xt7hX7rJw963BfgPNyFcNQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Wed, 02 Feb 2022 10:00:21 +0000 commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8a550d0a09..2072daf662 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263976.456887 (Exim 4.92) (envelope-from ) id 1nFCRF-0002yx-B5; Wed, 02 Feb 2022 10:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263976.456887; Wed, 02 Feb 2022 10:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRF-0002yp-7u; Wed, 02 Feb 2022 10:00:33 +0000 Received: by outflank-mailman (input) for mailman id 263976; Wed, 02 Feb 2022 10:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRD-0002yV-VT for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRD-0006sh-Up for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCRD-00013Y-Tq for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RdCbzMpfde5k7Np74bXDkwLqG8Gr76eM5mog+VcmaWQ=; b=3f+nR40EnO8a0mXAYvRRExR+zx KxbvH9kPas7lxMTLnk7qeQBsYgWhW9SXbl6axSHCxyOgVi0lXCkmWfJwdmjqzz2zAu7aba+iRYgiE jbxEWAqhThyhibBIlPLfNotVIvmSflnbXG9afOHIGimpX3h59+FRtJ7d1Ja/vrTbZYLk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Wed, 02 Feb 2022 10:00:31 +0000 commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263977.456891 (Exim 4.92) (envelope-from ) id 1nFCRP-00032V-Dk; Wed, 02 Feb 2022 10:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263977.456891; Wed, 02 Feb 2022 10:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRP-00032N-Aq; Wed, 02 Feb 2022 10:00:43 +0000 Received: by outflank-mailman (input) for mailman id 263977; Wed, 02 Feb 2022 10:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRO-00032E-2e for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRO-0006st-1v for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCRO-00014Q-15 for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=75cL6GbGjpg8nzAK3ORoAIHT4OUoWWPgXDW6mZZQYzc=; b=ay1WNSjK0GFK9rzu3fEa0am4uZ ObdaQKmblGMf8T+oymYPrH9ylleXqyz6GNwYsuwGtcWKs7QFXcMdnAJOwNMEEToJ41/KMP2/H1h18 YnodaxmhMLmak5vKuT65phUTl613Mu0NUEpXSG3xf/frOUp5qKTCigPM/QdDdhWwspvc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Wed, 02 Feb 2022 10:00:42 +0000 commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 4 ++++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index cfbedc3198..dc0edd9ed0 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index e716005145..115f8f6517 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1930,9 +1930,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 08c0f2d9df..1cfdf96207 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -323,6 +323,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -379,7 +381,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2072daf662..b2fd86ebe5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1270,6 +1270,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1278,15 +1281,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263978.456895 (Exim 4.92) (envelope-from ) id 1nFCRZ-00035D-FI; Wed, 02 Feb 2022 10:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263978.456895; Wed, 02 Feb 2022 10:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRZ-000355-CL; Wed, 02 Feb 2022 10:00:53 +0000 Received: by outflank-mailman (input) for mailman id 263978; Wed, 02 Feb 2022 10:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRY-00034v-5v for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRY-0006t3-5G for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCRY-000153-4O for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j8ZSMvg58MnKjSVKC2mY3kiBU4ZyOuQ4lR69cyG4J7w=; b=LpGTnfsumBKpjoMglbnPWfnucA caED2jKQIjrJMidqRsI09j88D8G3EenUVgwWOHX2xSMjZp7txAS7xt5dD63ZN03yIOcAwuWlDkId+ c9Gd27pmIxgJaMMFYD3zMf2v3W2WXSMN84GRy6PIZFnaiA4ZZbt4brzIF5zKJVZgoLWc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Wed, 02 Feb 2022 10:00:52 +0000 commit 378f2e6df31442396f0afda19794c5c6091d96f9 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/include/asm/hvm/svm/svm.h | 3 +++ xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f87484b7ce..a8e37dbb1f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/asm/hvm/svm/svm.h index 05e9685026..09c32044ec 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 1cfdf96207..22ae4c1b2d 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -380,7 +380,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b2fd86ebe5..ee862089b7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -936,7 +937,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1031,12 +1033,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:01:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:01:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263979.456898 (Exim 4.92) (envelope-from ) id 1nFCRj-00037m-HC; Wed, 02 Feb 2022 10:01:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263979.456898; Wed, 02 Feb 2022 10:01:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRj-00037f-Dv; Wed, 02 Feb 2022 10:01:03 +0000 Received: by outflank-mailman (input) for mailman id 263979; Wed, 02 Feb 2022 10:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRi-00037O-97 for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRi-0006tQ-8O for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCRi-000165-7T for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=426S62BDrgcKcSodQQt5PKIhW5JnDLl7HGgmiz+5xrU=; b=Nf1s2H16Bei1KnEuy6TX8gere2 8+ptHbekjqHnPZQvb0Ip6TZ22O1PQihr0OwNsuqMJgID9LG7/ssxpCQM2G18n3P1ANPqKgbsLDNXG Wg8Wae0vssvgeJJ1RJlZBEDuPUlcClwCwNHR7XoPiGpyleOJf1YNEPeARf/ppBF5LZD0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Wed, 02 Feb 2022 10:01:02 +0000 commit 614cec7d79d76786f5638a6e4da0576b57732ca1 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++----- xen/arch/x86/include/asm/msr.h | 9 +++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 +++ xen/arch/x86/x86_64/asm-offsets.c | 1 + 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 649892643f..287dac101a 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -126,6 +126,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:01:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:01:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263980.456903 (Exim 4.92) (envelope-from ) id 1nFCRt-0003Ay-JD; Wed, 02 Feb 2022 10:01:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263980.456903; Wed, 02 Feb 2022 10:01:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRt-0003Aq-Fw; Wed, 02 Feb 2022 10:01:13 +0000 Received: by outflank-mailman (input) for mailman id 263980; Wed, 02 Feb 2022 10:01:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRs-0003AZ-CE for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCRs-0006vN-Bd for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCRs-000178-Ao for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n7IcNwVBZ6ZKgC7t8nZXxvt8zteR67IdnE02zcwWkVY=; b=a5dO+RVybhA34QVYA/CdH3W1mW Gq7eDP4A7VSJk5woiTJW1vK7oBc0c+rxz5sDvUZ1vcYfQFwS+wV87/hO3ijTQUQ4doOQGcMOdylJe SarbC/791rejUlyVoFHP8laWbIEGbHwtJcNHLjYB4szfJwAnBiwIfMOoCC92F5LQAT2s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Wed, 02 Feb 2022 10:01:12 +0000 commit 22b9add22b4a9af37305c8441fec12cb26bd142b Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index bb6b8e560a..5459fbf4d4 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2471,10 +2471,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2485,10 +2489,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 5e80c8b47c..4ac5b5a048 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -265,7 +265,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -442,7 +442,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -450,6 +451,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -526,7 +528,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 10:01:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 10:01:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.263981.456907 (Exim 4.92) (envelope-from ) id 1nFCS3-0003DO-Kc; Wed, 02 Feb 2022 10:01:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 263981.456907; Wed, 02 Feb 2022 10:01:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCS3-0003DG-HX; Wed, 02 Feb 2022 10:01:23 +0000 Received: by outflank-mailman (input) for mailman id 263981; Wed, 02 Feb 2022 10:01:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCS2-0003D6-Ge for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFCS2-0006vW-Ft for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFCS2-00017q-E6 for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 10:01:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qCLcBhlnkJ1n9xuQU4CzIsUQNwwznaboNx7wUV27WFI=; b=ngJqH01FIHFn/nLarqEdnxozj2 xSOPC8Vr7ok8RHktah3/t1oGePit7OYVcj+pVbtYKZKgRQTNvH5tcaUKejw0Mudm+tziRb87w1sXH KkOKx1jLNDjGBoZnc5DGVx0ySDGW144BnVy/eDtKVX2JvvCSyrWT1luetOMlYfIbmMY0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Wed, 02 Feb 2022 10:01:22 +0000 commit a7e7c7260cde78a148810db5320cbf39686c3e09 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 13:20:44 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index b5af48324a..e24dd283e7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -433,6 +433,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -456,11 +458,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -530,11 +535,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 5459fbf4d4..c4ce3f75ab 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index fd8ab25723..957df23b65 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -256,18 +256,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 470cd76d1c..39c8b0c774 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -277,16 +277,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 02 19:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Feb 2022 19:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264421.457519 (Exim 4.92) (envelope-from ) id 1nFLXv-0004LH-CW; Wed, 02 Feb 2022 19:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264421.457519; Wed, 02 Feb 2022 19:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFLXv-0004L9-9d; Wed, 02 Feb 2022 19:44:03 +0000 Received: by outflank-mailman (input) for mailman id 264421; Wed, 02 Feb 2022 19:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFLXu-0004L1-3b for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 19:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFLXu-00019O-2m for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 19:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFLXu-0006jk-1m for xen-changelog@lists.xenproject.org; Wed, 02 Feb 2022 19:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MXymrxLHB2KZzRcOflhwH+W01skDNsug9UdQmvbE9fE=; b=DBzUp/3RyGFQzptaZlmBqVDegL btrlYm/9YwLBMQcPpeyVXSx5fdpDU0WR6V7VI6hgcEs5nddsDc5y2n9lKaaNyRbAXX8c+vgYos/ng O/E7F0mGwsW9IsIhUruBu0t4dbaysTEoLwezJYNZf7CuO4bBWVkZiPmzh7w2q2dtctf8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Wed, 02 Feb 2022 19:44:02 +0000 commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 1 14:41:38 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 08:00:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 08:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264497.457600 (Exim 4.92) (envelope-from ) id 1nFX2B-0001Lt-U6; Thu, 03 Feb 2022 08:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264497.457600; Thu, 03 Feb 2022 08:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2B-0001LM-QB; Thu, 03 Feb 2022 08:00:03 +0000 Received: by outflank-mailman (input) for mailman id 264497; Thu, 03 Feb 2022 08:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX29-0000fn-RU for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX29-00005G-NU for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFX29-0007oc-MO for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HSnaBmbRPLG54yFKm5MlSQaEiJZI5CL/0TvImFngHNM=; b=wuwOlFjC1I1G6R1WXtiWUYv/D2 CrHTXB8l2nQiAZcbMMsQ82j+mVMbSMHk+ecweyf4PuX3IKNVPNgbRZ7r9tKGRVQCxvbU5HxFla5MZ CWsQxV4K5rdfbw4kRKnWWTr66MTb6aik1OensBWqzpuvYSXKceB74RY0t0u5CaDZdD8w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] EFI: always map EfiRuntimeServices{Code,Data} Message-Id: Date: Thu, 03 Feb 2022 08:00:01 +0000 commit e3abdc626a732c780f54c783075694c3f951edae Author: Sergey Temerkhanov AuthorDate: Wed Feb 2 10:24:56 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:24:56 2022 +0100 EFI: always map EfiRuntimeServices{Code,Data} This helps overcome problems observed with some UEFI implementations which don't set the Attributes field in memery descriptors properly. Signed-off-by: Sergey Temerkhanov Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu Reviewed-by: Julien Grall --- xen/common/efi/boot.c | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 5ceb535ad0..12fd0844bd 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1094,7 +1094,13 @@ static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *Syste { EFI_MEMORY_DESCRIPTOR *desc = efi_memmap + i; - if ( desc->Attribute & EFI_MEMORY_RUNTIME ) + /* + * Runtime services regions are always mapped here. + * Attributes may be adjusted in efi_init_memory(). + */ + if ( (desc->Attribute & EFI_MEMORY_RUNTIME) || + desc->Type == EfiRuntimeServicesCode || + desc->Type == EfiRuntimeServicesData ) desc->VirtualStart = desc->PhysicalStart; else desc->VirtualStart = INVALID_VIRTUAL_ADDRESS; @@ -1545,13 +1551,36 @@ void __init efi_init_memory(void) ROUNDUP(desc->PhysicalStart + len, PAGE_SIZE)); } - if ( !efi_enabled(EFI_RS) || - (!(desc->Attribute & EFI_MEMORY_RUNTIME) && - (!map_bs || - (desc->Type != EfiBootServicesCode && - desc->Type != EfiBootServicesData))) ) + if ( !efi_enabled(EFI_RS) ) continue; + if ( !(desc->Attribute & EFI_MEMORY_RUNTIME) ) + { + switch ( desc->Type ) + { + default: + continue; + + /* + * Adjust runtime services regions. Keep in sync with + * efi_exit_boot(). + */ + case EfiRuntimeServicesCode: + case EfiRuntimeServicesData: + printk(XENLOG_WARNING + "Setting RUNTIME attribute for %013" PRIx64 "-%013" PRIx64 "\n", + desc->PhysicalStart, desc->PhysicalStart + len - 1); + desc->Attribute |= EFI_MEMORY_RUNTIME; + break; + + case EfiBootServicesCode: + case EfiBootServicesData: + if ( !map_bs ) + continue; + break; + } + } + desc->VirtualStart = INVALID_VIRTUAL_ADDRESS; smfn = PFN_DOWN(desc->PhysicalStart); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 08:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 08:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264502.457604 (Exim 4.92) (envelope-from ) id 1nFX2L-0001jY-3M; Thu, 03 Feb 2022 08:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264502.457604; Thu, 03 Feb 2022 08:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2K-0001jQ-W7; Thu, 03 Feb 2022 08:00:13 +0000 Received: by outflank-mailman (input) for mailman id 264502; Thu, 03 Feb 2022 08:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2J-0001j8-SG for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2J-0000fF-RP for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFX2J-0007qJ-QL for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=abL8xbjDPOfEfViAxSvByI4J7t2V0ysGhDiaU5v+zyA=; b=nivey0S4qiIq54cEbl7GM7W643 BZLMtKgxCcn0oDAyAAHuGMZIobKtlm3F50VnHDrexcW3sMTYnsd6Pqby3zQbrGmTmOTnyz5AmPQ/1 by7e230CSl++GpjxzFJ0JzyiQO/5Pm4hbXisG4MUvfYMDP+HkwipSB+k2c2ASbQLgbDA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] memory: XENMEM_add_to_physmap (almost) wrapping checks Message-Id: Date: Thu, 03 Feb 2022 08:00:11 +0000 commit ef0f94a48fd7b6a33b4460e545572c65573cc3e0 Author: Jan Beulich AuthorDate: Wed Feb 2 10:26:06 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:26:06 2022 +0100 memory: XENMEM_add_to_physmap (almost) wrapping checks Determining that behavior is correct (i.e. results in failure) for a passed in GFN equaling INVALID_GFN is non-trivial. Make this quite a bit more obvious by checking input in generic code - both for singular requests to not match the value and for range ones to not pass / wrap through it. For Arm similarly make more obvious that no wrapping of MFNs passed for XENMAPSPACE_dev_mmio and thus to map_dev_mmio_region() can occur: Drop the "nr" parameter of the function to avoid future callers appearing which might not themselves check for wrapping. Otherwise the respective ASSERT() in rangeset_contains_range() could trigger. Signed-off-by: Jan Beulich Reviewed-by: Julien Grall --- xen/arch/arm/include/asm/p2m.h | 5 +---- xen/arch/arm/mm.c | 2 +- xen/arch/arm/p2m.c | 13 +++++-------- xen/common/grant_table.c | 3 +++ xen/common/memory.c | 18 ++++++++++++++++++ 5 files changed, 28 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/include/asm/p2m.h b/xen/arch/arm/include/asm/p2m.h index 8f11d9c97b..8cce459b67 100644 --- a/xen/arch/arm/include/asm/p2m.h +++ b/xen/arch/arm/include/asm/p2m.h @@ -295,10 +295,7 @@ int unmap_regions_p2mt(struct domain *d, unsigned long nr, mfn_t mfn); -int map_dev_mmio_region(struct domain *d, - gfn_t gfn, - unsigned long nr, - mfn_t mfn); +int map_dev_mmio_page(struct domain *d, gfn_t gfn, mfn_t mfn); int p2m_insert_mapping(struct domain *d, gfn_t start_gfn, unsigned long nr, mfn_t mfn, p2m_type_t t); diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index eea926d823..b1eae767c2 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1479,7 +1479,7 @@ int xenmem_add_to_physmap_one( break; } case XENMAPSPACE_dev_mmio: - rc = map_dev_mmio_region(d, gfn, 1, _mfn(idx)); + rc = map_dev_mmio_page(d, gfn, _mfn(idx)); return rc; default: diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index fb71fa4c1c..02cf852d4c 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1355,21 +1355,18 @@ int unmap_mmio_regions(struct domain *d, return p2m_remove_mapping(d, start_gfn, nr, mfn); } -int map_dev_mmio_region(struct domain *d, - gfn_t gfn, - unsigned long nr, - mfn_t mfn) +int map_dev_mmio_page(struct domain *d, gfn_t gfn, mfn_t mfn) { int res; - if ( !(nr && iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn) + nr - 1)) ) + if ( !iomem_access_permitted(d, mfn_x(mfn), mfn_x(mfn)) ) return 0; - res = p2m_insert_mapping(d, gfn, nr, mfn, p2m_mmio_direct_c); + res = p2m_insert_mapping(d, gfn, 1, mfn, p2m_mmio_direct_c); if ( res < 0 ) { - printk(XENLOG_G_ERR "Unable to map MFNs [%#"PRI_mfn" - %#"PRI_mfn" in Dom%d\n", - mfn_x(mfn), mfn_x(mfn) + nr - 1, d->domain_id); + printk(XENLOG_G_ERR "Unable to map MFN %#"PRI_mfn" in %pd\n", + mfn_x(mfn), d); return res; } diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index ed1e2fabce..233c4bfcbe 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4157,7 +4157,10 @@ int gnttab_map_frame(struct domain *d, unsigned long idx, gfn_t gfn, mfn_t *mfn) bool status = false; if ( gfn_eq(gfn, INVALID_GFN) ) + { + ASSERT_UNREACHABLE(); return -EINVAL; + } grant_write_lock(gt); diff --git a/xen/common/memory.c b/xen/common/memory.c index 30d255da35..0d7c413df8 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -832,6 +832,9 @@ int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp, return -EACCES; } + if ( gfn_eq(_gfn(xatp->gpfn), INVALID_GFN) ) + return -EINVAL; + if ( xatp->space == XENMAPSPACE_gmfn_foreign ) extra.foreign_domid = DOMID_INVALID; @@ -842,6 +845,18 @@ int xenmem_add_to_physmap(struct domain *d, struct xen_add_to_physmap *xatp, if ( xatp->size < start ) return -EILSEQ; + if ( xatp->gpfn + xatp->size < xatp->gpfn || + xatp->idx + xatp->size < xatp->idx ) + { + /* + * Make sure INVALID_GFN is the highest representable value, i.e. + * guaranteeing that it won't fall in the middle of the + * [xatp->gpfn, xatp->gpfn + xatp->size) range checked above. + */ + BUILD_BUG_ON(INVALID_GFN_RAW + 1); + return -EOVERFLOW; + } + xatp->idx += start; xatp->gpfn += start; xatp->size -= start; @@ -962,6 +977,9 @@ static int xenmem_add_to_physmap_batch(struct domain *d, extent, 1)) ) return -EFAULT; + if ( gfn_eq(_gfn(gpfn), INVALID_GFN) ) + return -EINVAL; + rc = xenmem_add_to_physmap_one(d, xatpb->space, extra, idx, _gfn(gpfn)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 08:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 08:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264503.457608 (Exim 4.92) (envelope-from ) id 1nFX2V-0001pt-5M; Thu, 03 Feb 2022 08:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264503.457608; Thu, 03 Feb 2022 08:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2V-0001pk-1h; Thu, 03 Feb 2022 08:00:23 +0000 Received: by outflank-mailman (input) for mailman id 264503; Thu, 03 Feb 2022 08:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2T-0001pW-VR for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFX2T-0000fW-UZ for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFX2T-0007qx-Tj for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 08:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mkOpVzvB+tKae2S4DFtt106YQuLOwEKYiex/t4Cuq3E=; b=YIASTwIcQlYUl7KCkcu7opo+wK couDaSFcNxgaoUjJggQEUVXvEKrWnpDxto4pgtgdxlnjg/qcUJQ58ckfg8MqucMeJeYWnI33qPfu4 eA3OyXcngspRHZgE1LkxmsWWUWulDZeVAihgZVSuy5vOuyT8nC55dQa3T00lUuD8ahXc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mwait-idle: enable interrupts before C1 on Xeons Message-Id: Date: Thu, 03 Feb 2022 08:00:21 +0000 commit b17e0ec72eded037297f34a233655aad23f64711 Author: Artem Bityutskiy AuthorDate: Wed Feb 2 10:28:29 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 2 10:28:29 2022 +0100 x86/mwait-idle: enable interrupts before C1 on Xeons Enable local interrupts before requesting C1 on the last two generations of Intel Xeon platforms: Sky Lake, Cascade Lake, Cooper Lake, Ice Lake. This decreases average C1 interrupt latency by about 5-10%, as measured with the 'wult' tool. The '->enter()' function of the driver enters C-states with local interrupts disabled by executing the 'monitor' and 'mwait' pair of instructions. If an interrupt happens, the CPU exits the C-state and continues executing instructions after 'mwait'. It does not jump to the interrupt handler, because local interrupts are disabled. The cpuidle subsystem enables interrupts a bit later, after doing some housekeeping. With this patch, we enable local interrupts before requesting C1. In this case, if the CPU wakes up because of an interrupt, it will jump to the interrupt handler right away. The cpuidle housekeeping will be done after the pending interrupt(s) are handled. Enabling interrupts before entering a C-state has measurable impact for faster C-states, like C1. Deeper, but slower C-states like C6 do not really benefit from this sort of change, because their latency is a lot higher comparing to the delay added by cpuidle housekeeping. This change was also tested with cyclictest and dbench. In case of Ice Lake, the average cyclictest latency decreased by 5.1%, and the average 'dbench' throughput increased by about 0.8%. Both tests were run for 4 hours with only C1 enabled (all other idle states, including 'POLL', were disabled). CPU frequency was pinned to HFM, and uncore frequency was pinned to the maximum value. The other platforms had similar single-digit percentage improvements. It is worth noting that this patch affects 'cpuidle' statistics a tiny bit. Before this patch, C1 residency did not include the interrupt handling time, but with this patch, it will include it. This is similar to what happens in case of the 'POLL' state, which also runs with interrupts enabled. Suggested-by: Len Brown Signed-off-by: Artem Bityutskiy [Linux commit: c227233ad64c77e57db738ab0e46439db71822a3] We don't have a pointer into cpuidle_state_table[] readily available. To compensate, propagate the flag into struct acpi_processor_cx. Unlike Linux we want to - disable IRQs again after MWAITing, as subsequently invoked functions assume so, - avoid enabling IRQs if cstate_restore_tsc() is not a no-op, to avoid interfering with, in particular, the time rendezvous. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 22 +++++++++++++++++++--- xen/include/xen/cpuidle.h | 1 + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 12524eefd4..24d073d315 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -107,6 +107,11 @@ static const struct cpuidle_state { } *cpuidle_state_table; #define CPUIDLE_FLAG_DISABLED 0x1 +/* + * Enable interrupts before entering the C-state. On some platforms and for + * some C-states, this may measurably decrease interrupt latency. + */ +#define CPUIDLE_FLAG_IRQ_ENABLE 0x8000 /* * Set this flag for states where the HW flushes the TLB for us * and so we don't need cross-calls to keep it consistent. @@ -539,7 +544,7 @@ static struct cpuidle_state __read_mostly skl_cstates[] = { static struct cpuidle_state __read_mostly skx_cstates[] = { { .name = "C1", - .flags = MWAIT2flg(0x00), + .flags = MWAIT2flg(0x00) | CPUIDLE_FLAG_IRQ_ENABLE, .exit_latency = 2, .target_residency = 2, }, @@ -561,7 +566,7 @@ static struct cpuidle_state __read_mostly skx_cstates[] = { static const struct cpuidle_state icx_cstates[] = { { .name = "C1", - .flags = MWAIT2flg(0x00), + .flags = MWAIT2flg(0x00) | CPUIDLE_FLAG_IRQ_ENABLE, .exit_latency = 1, .target_residency = 1, }, @@ -842,9 +847,15 @@ static void mwait_idle(void) update_last_cx_stat(power, cx, before); - if (cpu_is_haltable(cpu)) + if (cpu_is_haltable(cpu)) { + if (cx->irq_enable_early) + local_irq_enable(); + mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); + local_irq_disable(); + } + after = alternative_call(cpuidle_get_tick); cstate_restore_tsc(); @@ -1335,6 +1346,11 @@ static int mwait_idle_cpu_init(struct notifier_block *nfb, cx->latency = cpuidle_state_table[cstate].exit_latency; cx->target_residency = cpuidle_state_table[cstate].target_residency; + if ((cpuidle_state_table[cstate].flags & + CPUIDLE_FLAG_IRQ_ENABLE) && + /* cstate_restore_tsc() needs to be a no-op */ + boot_cpu_has(X86_FEATURE_NONSTOP_TSC)) + cx->irq_enable_early = true; dev->count++; } diff --git a/xen/include/xen/cpuidle.h b/xen/include/xen/cpuidle.h index af50d37bb7..bd24a31e12 100644 --- a/xen/include/xen/cpuidle.h +++ b/xen/include/xen/cpuidle.h @@ -42,6 +42,7 @@ struct acpi_processor_cx u8 idx; u8 type; /* ACPI_STATE_Cn */ u8 entry_method; /* ACPI_CSTATE_EM_xxx */ + bool irq_enable_early; u32 address; u32 latency; u32 target_residency; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 12:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 12:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264667.457833 (Exim 4.92) (envelope-from ) id 1nFax7-0002pS-VQ; Thu, 03 Feb 2022 12:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264667.457833; Thu, 03 Feb 2022 12:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFax7-0002pK-SB; Thu, 03 Feb 2022 12:11:05 +0000 Received: by outflank-mailman (input) for mailman id 264667; Thu, 03 Feb 2022 12:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFax6-0002pE-GL for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFax6-0004zQ-C7 for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFax6-0008Mh-B5 for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EX7eWtJUqZa6Ew9+Aia0/jAMXWw/RW/RsN6/B1WoUjo=; b=Pr9JwXVeuK1cw0kJfW3pUzbbJB X4joZBd1aK0I1iYbkXvisTnGmWZ4uesbM3OHWcP+dew6TM3qpsVCMiTF++BHpG5cLYDjrkKc4qlqG 8kwUn92F+5uV5pr7pHfypN3jirMyyGWwBx2RTSAAkc6Zs4V/1rFpbojs+dFonulaFJJ4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] MAINTAINERS: Anthony is stable branch tools maintainer Message-Id: Date: Thu, 03 Feb 2022 12:11:04 +0000 commit 0b7aba57b310cfc41287a88c4f9198739706dd71 Author: Jan Beulich AuthorDate: Thu Feb 3 13:06:01 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:06:01 2022 +0100 MAINTAINERS: Anthony is stable branch tools maintainer Signed-off-by: Jan Beulich Acked-by: Anthony PERARD --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index fab396b4e1..863eef827c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -60,7 +60,7 @@ The maintainer for this branch is: Tools backport requests should also be copied to: - TODO - Loooking for new tools stable maintainer + Anthony Perard Unstable Subsystem Maintainers -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 12:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 12:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264668.457836 (Exim 4.92) (envelope-from ) id 1nFaxI-0002re-0I; Thu, 03 Feb 2022 12:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264668.457836; Thu, 03 Feb 2022 12:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFaxH-0002rW-Te; Thu, 03 Feb 2022 12:11:15 +0000 Received: by outflank-mailman (input) for mailman id 264668; Thu, 03 Feb 2022 12:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFaxG-0002rH-LJ for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFaxG-000511-KV for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFaxG-0008Nt-JT for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lR8Yr53Z2SVQxIDCm2OpbnpOSADpTB8w4vUcF2aT7Iw=; b=wSVQpM0C5Kd5Y5dyQn2FUe+YAM oEZxGh+x48NrVGJ9pTq/x3sgnTYGbHy0yIEhNtJ+bFzBINAdylFnhU3Fckk5rMnhGNNc//j82mvtP lh0tcBp7KBbHtPFOD4upJ+255fNaLB4mbQKpY0tBvmIODtBjdQ9gH77gHy0EDiLcC9B0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] MAINTAINERS: Anthony is stable branch tools maintainer Message-Id: Date: Thu, 03 Feb 2022 12:11:14 +0000 commit 3a9450fe5eb0fda8b7069f37d21ce2655bb59da6 Author: Jan Beulich AuthorDate: Thu Feb 3 13:06:59 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:06:59 2022 +0100 MAINTAINERS: Anthony is stable branch tools maintainer Signed-off-by: Jan Beulich Acked-by: Anthony PERARD --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index f4c08d0b19..91064c09f9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -60,7 +60,7 @@ The maintainer for this branch is: Tools backport requests should also be copied to: - TODO - Loooking for new tools stable maintainer + Anthony Perard Unstable Subsystem Maintainers -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 12:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 12:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264669.457840 (Exim 4.92) (envelope-from ) id 1nFb7m-0003qT-Qd; Thu, 03 Feb 2022 12:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264669.457840; Thu, 03 Feb 2022 12:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7m-0003qL-Nf; Thu, 03 Feb 2022 12:22:06 +0000 Received: by outflank-mailman (input) for mailman id 264669; Thu, 03 Feb 2022 12:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7k-0003qF-Nq for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7k-0005C6-K0 for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFb7k-0000eK-J3 for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OosQPtWK6nuLAX+NcVGrH0r4k+0KtoqodLjpveJPzXw=; b=lF5ftX6CqSP+lIbYCdPXfarnEM +BG1V71Tkfph7IUv+c18zIuXDZg2Q176S2rXXPG7JEcbdJsfk7GZ2oJ/SGkO8bIc3UJ2+CEzQtdvy hBWntNRGULvmOKZ8wTVDcM12uvAtEHRKx2iHQMn9+DuJmdFWpYsqOjRS+DboDmyQw/1w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vpci: shrink critical section in vpci_{read/write} Message-Id: Date: Thu, 03 Feb 2022 12:22:04 +0000 commit d055114f6db3e4bd57b6d832a03445f0f9c598bc Author: Roger Pau Monné AuthorDate: Thu Feb 3 13:12:21 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:12:21 2022 +0100 vpci: shrink critical section in vpci_{read/write} Shrink critical section in vpci_{read/write} as racing calls to vpci_{read,write}_hw() shouldn't be a problem. Those are just wrappers around pci_conf_{read,write} functions, and the required locking (in case of using the IO ports) is already taken care in pci_conf_{read,write}. Please note, that we anyways split 64bit writes into two 32bit ones without taking the lock for the whole duration of the access, so it is possible to see a partially updated state as a result of a 64bit write: the PCI(e) specification don't seem to specify whether the ECAM is allowed to split memory transactions into multiple Configuration Requests and whether those could then interleave with requests from a different CPU. Signed-off-by: Roger Pau Monné Signed-off-by: Oleksandr Andrushchenko Acked-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/drivers/vpci/vpci.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 657697fe34..fb0947179b 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -370,6 +370,7 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int size) break; ASSERT(data_offset < size); } + spin_unlock(&pdev->vpci->lock); if ( data_offset < size ) { @@ -379,7 +380,6 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int size) data = merge_result(data, tmp_data, size - data_offset, data_offset); } - spin_unlock(&pdev->vpci->lock); return data & (0xffffffff >> (32 - 8 * size)); } @@ -475,13 +475,12 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, break; ASSERT(data_offset < size); } + spin_unlock(&pdev->vpci->lock); if ( data_offset < size ) /* Tailing gap, write the remaining. */ vpci_write_hw(sbdf, reg + data_offset, size - data_offset, data >> (data_offset * 8)); - - spin_unlock(&pdev->vpci->lock); } /* Helper function to check an access size and alignment on vpci space. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 03 12:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Feb 2022 12:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264670.457844 (Exim 4.92) (envelope-from ) id 1nFb7w-0003sM-SF; Thu, 03 Feb 2022 12:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264670.457844; Thu, 03 Feb 2022 12:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7w-0003sE-PA; Thu, 03 Feb 2022 12:22:16 +0000 Received: by outflank-mailman (input) for mailman id 264670; Thu, 03 Feb 2022 12:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7u-0003ry-Ob for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFb7u-0005CB-Nk for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFb7u-0000ex-Me for xen-changelog@lists.xenproject.org; Thu, 03 Feb 2022 12:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6Ep+LEH+7EXBpHqvu7Uz3qvnlAiBAlo1MG2Wy7HVEIs=; b=6N8gJNbeLrsaqR+LrlCOIau+Fi TnHeXEkwNHM8TvvPSskSN3BxX98nd9YoPwOsfe5u/1xtk0AJbiUL44++L1MZYgRIgzSax8/ENViPQ gV+LGt650BPIKwOe8HkH5aM0ym00qv0Zt274P8T6LgKnMeWvcSA8orwX2lF1omx4IyY8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/pci: detect when BARs are not suitably positioned Message-Id: Date: Thu, 03 Feb 2022 12:22:14 +0000 commit 75cc460a1b8cfd8e5d2c4302234ee194defe4872 Author: Roger Pau Monné AuthorDate: Thu Feb 3 13:13:19 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:13:19 2022 +0100 xen/pci: detect when BARs are not suitably positioned One of the boxes where I was attempting to boot Xen in PVH dom0 mode has quirky firmware, as it will handover with a PCI device with memory decoding enabled and a BAR of size 4K at address 0. Such BAR overlaps with a RAM range on the e820. This interacts badly with the dom0 PVH build, as BARs will be setup on the p2m before RAM, so if there's a BAR positioned over a RAM region it will trigger a domain crash when the dom0 builder attempts to populate that region with a regular RAM page. It's in general a very bad idea to have a BAR overlapping with any memory region defined in the memory map, so add some sanity checks for devices that are added with memory decoding enabled in order to assure that BARs are not placed on top of memory regions defined in the memory map. If overlaps are detected just disable the memory decoding bit for the device and expect the hardware domain to properly position the BAR. Note apply_quirks must be called before check_pdev so that ignore_bars is set when calling the later. PCI_HEADER_{NORMAL,BRIDGE}_NR_BARS needs to be moved into pci_regs.h so it's defined even in the absence of vPCI. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/mm.c | 23 ++++++++++++++ xen/drivers/passthrough/pci.c | 71 ++++++++++++++++++++++++++++++++++++++++++- xen/include/xen/mm.h | 2 ++ xen/include/xen/pci_regs.h | 2 ++ xen/include/xen/vpci.h | 2 -- 5 files changed, 97 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1397f83e41..98edf5b89c 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -783,6 +783,29 @@ bool is_iomem_page(mfn_t mfn) return (page_get_owner(page) == dom_io); } +/* Input ranges are inclusive. */ +bool is_memory_hole(mfn_t start, mfn_t end) +{ + unsigned long s = mfn_x(start); + unsigned long e = mfn_x(end); + unsigned int i; + + for ( i = 0; i < e820.nr_map; i++ ) + { + const struct e820entry *entry = &e820.map[i]; + + if ( !entry->size ) + continue; + + /* Do not allow overlaps with any memory range. */ + if ( s <= PFN_DOWN(entry->addr + entry->size - 1) && + PFN_DOWN(entry->addr) <= e ) + return false; + } + + return true; +} + static int update_xen_mappings(unsigned long mfn, unsigned int cacheattr) { int err = 0; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 1fad80362f..e8b09d77d8 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -233,6 +233,9 @@ static void check_pdev(const struct pci_dev *pdev) PCI_STATUS_REC_TARGET_ABORT | PCI_STATUS_REC_MASTER_ABORT | \ PCI_STATUS_SIG_SYSTEM_ERROR | PCI_STATUS_DETECTED_PARITY) u16 val; + unsigned int nbars = 0, rom_pos = 0, i; + static const char warn[] = XENLOG_WARNING + "%pp disabled: %sBAR [%#lx, %#lx] overlaps with memory map\n"; if ( command_mask ) { @@ -251,6 +254,8 @@ static void check_pdev(const struct pci_dev *pdev) switch ( pci_conf_read8(pdev->sbdf, PCI_HEADER_TYPE) & 0x7f ) { case PCI_HEADER_TYPE_BRIDGE: + nbars = PCI_HEADER_BRIDGE_NR_BARS; + rom_pos = PCI_ROM_ADDRESS1; if ( !bridge_ctl_mask ) break; val = pci_conf_read16(pdev->sbdf, PCI_BRIDGE_CONTROL); @@ -267,11 +272,75 @@ static void check_pdev(const struct pci_dev *pdev) } break; + case PCI_HEADER_TYPE_NORMAL: + nbars = PCI_HEADER_NORMAL_NR_BARS; + rom_pos = PCI_ROM_ADDRESS; + break; + case PCI_HEADER_TYPE_CARDBUS: /* TODO */ break; } #undef PCI_STATUS_CHECK + + /* Check if BARs overlap with other memory regions. */ + val = pci_conf_read16(pdev->sbdf, PCI_COMMAND); + if ( !(val & PCI_COMMAND_MEMORY) || pdev->ignore_bars ) + return; + + pci_conf_write16(pdev->sbdf, PCI_COMMAND, val & ~PCI_COMMAND_MEMORY); + for ( i = 0; i < nbars; ) + { + uint64_t addr, size; + unsigned int reg = PCI_BASE_ADDRESS_0 + i * 4; + int rc = 1; + + if ( (pci_conf_read32(pdev->sbdf, reg) & PCI_BASE_ADDRESS_SPACE) != + PCI_BASE_ADDRESS_SPACE_MEMORY ) + goto next; + + rc = pci_size_mem_bar(pdev->sbdf, reg, &addr, &size, + (i == nbars - 1) ? PCI_BAR_LAST : 0); + if ( rc < 0 ) + /* Unable to size, better leave memory decoding disabled. */ + return; + if ( size && !is_memory_hole(maddr_to_mfn(addr), + maddr_to_mfn(addr + size - 1)) ) + { + /* + * Return without enabling memory decoding if BAR position is not + * in IO suitable memory. Let the hardware domain re-position the + * BAR. + */ + printk(warn, + &pdev->sbdf, "", PFN_DOWN(addr), PFN_DOWN(addr + size - 1)); + return; + } + + next: + ASSERT(rc > 0); + i += rc; + } + + if ( rom_pos && + (pci_conf_read32(pdev->sbdf, rom_pos) & PCI_ROM_ADDRESS_ENABLE) ) + { + uint64_t addr, size; + int rc = pci_size_mem_bar(pdev->sbdf, rom_pos, &addr, &size, + PCI_BAR_ROM); + + if ( rc < 0 ) + return; + if ( size && !is_memory_hole(maddr_to_mfn(addr), + maddr_to_mfn(addr + size - 1)) ) + { + printk(warn, &pdev->sbdf, "ROM ", PFN_DOWN(addr), + PFN_DOWN(addr + size - 1)); + return; + } + } + + pci_conf_write16(pdev->sbdf, PCI_COMMAND, val); } static void apply_quirks(struct pci_dev *pdev) @@ -399,8 +468,8 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) break; } - check_pdev(pdev); apply_quirks(pdev); + check_pdev(pdev); return pdev; } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 5db26ed477..3be754da92 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -554,6 +554,8 @@ int __must_check steal_page(struct domain *d, struct page_info *page, int page_is_ram_type(unsigned long mfn, unsigned long mem_type); /* Returns the page type(s). */ unsigned int page_get_ram_type(mfn_t mfn); +/* Check if a range falls into a hole in the memory map. */ +bool is_memory_hole(mfn_t start, mfn_t end); /* Prepare/destroy a ring for a dom0 helper. Helper with talk * with Xen on behalf of this domain. */ diff --git a/xen/include/xen/pci_regs.h b/xen/include/xen/pci_regs.h index cc4ee3b83e..ee8e82be36 100644 --- a/xen/include/xen/pci_regs.h +++ b/xen/include/xen/pci_regs.h @@ -88,6 +88,8 @@ * 0xffffffff to the register, and reading it back. Only * 1 bits are decoded. */ +#define PCI_HEADER_NORMAL_NR_BARS 6 +#define PCI_HEADER_BRIDGE_NR_BARS 2 #define PCI_BASE_ADDRESS_0 0x10 /* 32 bits */ #define PCI_BASE_ADDRESS_1 0x14 /* 32 bits [htype 0,1 only] */ #define PCI_BASE_ADDRESS_2 0x18 /* 32 bits [htype 0 only] */ diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 3f32de9d7e..e8ac1eb395 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -80,8 +80,6 @@ struct vpci { bool prefetchable : 1; /* Store whether the BAR is mapped into guest p2m. */ bool enabled : 1; -#define PCI_HEADER_NORMAL_NR_BARS 6 -#define PCI_HEADER_BRIDGE_NR_BARS 2 } bars[PCI_HEADER_NORMAL_NR_BARS + 1]; /* At most 6 BARS + 1 expansion ROM BAR. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 03:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 03:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.264987.458242 (Exim 4.92) (envelope-from ) id 1nFp03-0006D4-4o; Fri, 04 Feb 2022 03:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 264987.458242; Fri, 04 Feb 2022 03:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFp03-0006Cv-1b; Fri, 04 Feb 2022 03:11:03 +0000 Received: by outflank-mailman (input) for mailman id 264987; Fri, 04 Feb 2022 03:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFp01-0006Cl-LG for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 03:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFp01-0006fb-KR for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 03:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFp01-0007WL-JS for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 03:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DU0VuHmXY4TpymC4lOU/6uLppt9uilYJf5spdKTgV4A=; b=YjLDptp9dKH4UGbaoYL6HQWPB2 4zZkQ6lNsbA2VwAuNsLY0m0WeB7MYli+r//6zsOD270rNGKpoQ2u9JKjVm9L6Ns3QFQbbCPSqK0Zc ANOfhjlevLIHPuuKQ+hcHxhiNsGUPu5qGWiEIU49G9VajPnBMSENsi+z3WOUvLuXTgb8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] MAINTAINERS: Anthony is stable branch tools maintainer Message-Id: Date: Fri, 04 Feb 2022 03:11:01 +0000 commit 3a9450fe5eb0fda8b7069f37d21ce2655bb59da6 Author: Jan Beulich AuthorDate: Thu Feb 3 13:06:59 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:06:59 2022 +0100 MAINTAINERS: Anthony is stable branch tools maintainer Signed-off-by: Jan Beulich Acked-by: Anthony PERARD --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index f4c08d0b19..91064c09f9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -60,7 +60,7 @@ The maintainer for this branch is: Tools backport requests should also be copied to: - TODO - Loooking for new tools stable maintainer + Anthony Perard Unstable Subsystem Maintainers -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 05:11:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 05:11:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265002.458256 (Exim 4.92) (envelope-from ) id 1nFqsB-00012O-5R; Fri, 04 Feb 2022 05:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265002.458256; Fri, 04 Feb 2022 05:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFqsB-00012H-2W; Fri, 04 Feb 2022 05:11:03 +0000 Received: by outflank-mailman (input) for mailman id 265002; Fri, 04 Feb 2022 05:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFqs9-00012B-J6 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 05:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFqs9-0000hA-IL for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 05:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFqs9-0006pi-HK for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 05:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tPTswSDXP7wWHoGQow2Zm4uaQwgQLq/M6X4uxrgeajw=; b=lLmm1YLzwAxbBso/Cjf6GncEs3 ZiULeE71PeEaj/27BTLyKdjT4cwyMzxUEnB/iM0VSZxmc0W2f0X5pXd8ZTjM3YNVP7eqDBQQh8210 a/nP2Cxl7HOzQOsME3iwUkcPwj7avhRAtptZbAm4xVwshOLAh09ksX4t3xaKFSNo5Btk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] MAINTAINERS: Anthony is stable branch tools maintainer Message-Id: Date: Fri, 04 Feb 2022 05:11:01 +0000 commit 0b7aba57b310cfc41287a88c4f9198739706dd71 Author: Jan Beulich AuthorDate: Thu Feb 3 13:06:01 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:06:01 2022 +0100 MAINTAINERS: Anthony is stable branch tools maintainer Signed-off-by: Jan Beulich Acked-by: Anthony PERARD --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index fab396b4e1..863eef827c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -60,7 +60,7 @@ The maintainer for this branch is: Tools backport requests should also be copied to: - TODO - Loooking for new tools stable maintainer + Anthony Perard Unstable Subsystem Maintainers -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 11:00:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 11:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265377.458734 (Exim 4.92) (envelope-from ) id 1nFwJv-0007xx-CT; Fri, 04 Feb 2022 11:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265377.458734; Fri, 04 Feb 2022 11:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwJv-0007xZ-9G; Fri, 04 Feb 2022 11:00:03 +0000 Received: by outflank-mailman (input) for mailman id 265377; Fri, 04 Feb 2022 11:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwJu-0007nr-DY for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwJu-0007KB-Bs for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFwJu-0004v5-As for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZBtQpjq4nNbfT9gA6ikFwvxU45G5gaNV2czXW6mQ4Z8=; b=3gw88qU+4IYv6BWjUjseF0QFXL 8qQYPI9fxrg4bO+0m6y3xkbCHraCEPpE62ZvdGQwLYexHRo0hf7XXgp2RIkvpj18IGhi9pzr8wpFI Hzdw4P2zYDw6efOM2X6PYh6aUytCLv1a36DU8RaAtyv6glZ4wJdrr63qkrtz3XOfzJA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vpci: shrink critical section in vpci_{read/write} Message-Id: Date: Fri, 04 Feb 2022 11:00:02 +0000 commit d055114f6db3e4bd57b6d832a03445f0f9c598bc Author: Roger Pau Monné AuthorDate: Thu Feb 3 13:12:21 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:12:21 2022 +0100 vpci: shrink critical section in vpci_{read/write} Shrink critical section in vpci_{read/write} as racing calls to vpci_{read,write}_hw() shouldn't be a problem. Those are just wrappers around pci_conf_{read,write} functions, and the required locking (in case of using the IO ports) is already taken care in pci_conf_{read,write}. Please note, that we anyways split 64bit writes into two 32bit ones without taking the lock for the whole duration of the access, so it is possible to see a partially updated state as a result of a 64bit write: the PCI(e) specification don't seem to specify whether the ECAM is allowed to split memory transactions into multiple Configuration Requests and whether those could then interleave with requests from a different CPU. Signed-off-by: Roger Pau Monné Signed-off-by: Oleksandr Andrushchenko Acked-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/drivers/vpci/vpci.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 657697fe34..fb0947179b 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -370,6 +370,7 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int size) break; ASSERT(data_offset < size); } + spin_unlock(&pdev->vpci->lock); if ( data_offset < size ) { @@ -379,7 +380,6 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int size) data = merge_result(data, tmp_data, size - data_offset, data_offset); } - spin_unlock(&pdev->vpci->lock); return data & (0xffffffff >> (32 - 8 * size)); } @@ -475,13 +475,12 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, break; ASSERT(data_offset < size); } + spin_unlock(&pdev->vpci->lock); if ( data_offset < size ) /* Tailing gap, write the remaining. */ vpci_write_hw(sbdf, reg + data_offset, size - data_offset, data >> (data_offset * 8)); - - spin_unlock(&pdev->vpci->lock); } /* Helper function to check an access size and alignment on vpci space. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 11:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 11:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265378.458738 (Exim 4.92) (envelope-from ) id 1nFwK5-0008WB-F5; Fri, 04 Feb 2022 11:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265378.458738; Fri, 04 Feb 2022 11:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwK5-0008W3-CD; Fri, 04 Feb 2022 11:00:13 +0000 Received: by outflank-mailman (input) for mailman id 265378; Fri, 04 Feb 2022 11:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwK4-0008Vv-GE for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nFwK4-0007KL-FN for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nFwK4-0004wm-EX for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 11:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YTCKfM7j0SPiPtO5JaI92SWGk0vE41r0xFbWAbc1W2U=; b=OYoXlJ+HgaSeeeodrHdvC/HJdD nb8gahHAzs1ueJxqtW3Eo1klTwHe0oDuxglRcxiyVw13SpakQ0QHqvhIUBZmK99xoxpaSJeGzjnW4 xTffcF9N7/u7Kj+eYyyUkNVzCu6uXtrjYzSz7wOmOUy8plCsQ03WMQIpD9lu0ZY2Hc4k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/pci: detect when BARs are not suitably positioned Message-Id: Date: Fri, 04 Feb 2022 11:00:12 +0000 commit 75cc460a1b8cfd8e5d2c4302234ee194defe4872 Author: Roger Pau Monné AuthorDate: Thu Feb 3 13:13:19 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 3 13:13:19 2022 +0100 xen/pci: detect when BARs are not suitably positioned One of the boxes where I was attempting to boot Xen in PVH dom0 mode has quirky firmware, as it will handover with a PCI device with memory decoding enabled and a BAR of size 4K at address 0. Such BAR overlaps with a RAM range on the e820. This interacts badly with the dom0 PVH build, as BARs will be setup on the p2m before RAM, so if there's a BAR positioned over a RAM region it will trigger a domain crash when the dom0 builder attempts to populate that region with a regular RAM page. It's in general a very bad idea to have a BAR overlapping with any memory region defined in the memory map, so add some sanity checks for devices that are added with memory decoding enabled in order to assure that BARs are not placed on top of memory regions defined in the memory map. If overlaps are detected just disable the memory decoding bit for the device and expect the hardware domain to properly position the BAR. Note apply_quirks must be called before check_pdev so that ignore_bars is set when calling the later. PCI_HEADER_{NORMAL,BRIDGE}_NR_BARS needs to be moved into pci_regs.h so it's defined even in the absence of vPCI. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/mm.c | 23 ++++++++++++++ xen/drivers/passthrough/pci.c | 71 ++++++++++++++++++++++++++++++++++++++++++- xen/include/xen/mm.h | 2 ++ xen/include/xen/pci_regs.h | 2 ++ xen/include/xen/vpci.h | 2 -- 5 files changed, 97 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 1397f83e41..98edf5b89c 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -783,6 +783,29 @@ bool is_iomem_page(mfn_t mfn) return (page_get_owner(page) == dom_io); } +/* Input ranges are inclusive. */ +bool is_memory_hole(mfn_t start, mfn_t end) +{ + unsigned long s = mfn_x(start); + unsigned long e = mfn_x(end); + unsigned int i; + + for ( i = 0; i < e820.nr_map; i++ ) + { + const struct e820entry *entry = &e820.map[i]; + + if ( !entry->size ) + continue; + + /* Do not allow overlaps with any memory range. */ + if ( s <= PFN_DOWN(entry->addr + entry->size - 1) && + PFN_DOWN(entry->addr) <= e ) + return false; + } + + return true; +} + static int update_xen_mappings(unsigned long mfn, unsigned int cacheattr) { int err = 0; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 1fad80362f..e8b09d77d8 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -233,6 +233,9 @@ static void check_pdev(const struct pci_dev *pdev) PCI_STATUS_REC_TARGET_ABORT | PCI_STATUS_REC_MASTER_ABORT | \ PCI_STATUS_SIG_SYSTEM_ERROR | PCI_STATUS_DETECTED_PARITY) u16 val; + unsigned int nbars = 0, rom_pos = 0, i; + static const char warn[] = XENLOG_WARNING + "%pp disabled: %sBAR [%#lx, %#lx] overlaps with memory map\n"; if ( command_mask ) { @@ -251,6 +254,8 @@ static void check_pdev(const struct pci_dev *pdev) switch ( pci_conf_read8(pdev->sbdf, PCI_HEADER_TYPE) & 0x7f ) { case PCI_HEADER_TYPE_BRIDGE: + nbars = PCI_HEADER_BRIDGE_NR_BARS; + rom_pos = PCI_ROM_ADDRESS1; if ( !bridge_ctl_mask ) break; val = pci_conf_read16(pdev->sbdf, PCI_BRIDGE_CONTROL); @@ -267,11 +272,75 @@ static void check_pdev(const struct pci_dev *pdev) } break; + case PCI_HEADER_TYPE_NORMAL: + nbars = PCI_HEADER_NORMAL_NR_BARS; + rom_pos = PCI_ROM_ADDRESS; + break; + case PCI_HEADER_TYPE_CARDBUS: /* TODO */ break; } #undef PCI_STATUS_CHECK + + /* Check if BARs overlap with other memory regions. */ + val = pci_conf_read16(pdev->sbdf, PCI_COMMAND); + if ( !(val & PCI_COMMAND_MEMORY) || pdev->ignore_bars ) + return; + + pci_conf_write16(pdev->sbdf, PCI_COMMAND, val & ~PCI_COMMAND_MEMORY); + for ( i = 0; i < nbars; ) + { + uint64_t addr, size; + unsigned int reg = PCI_BASE_ADDRESS_0 + i * 4; + int rc = 1; + + if ( (pci_conf_read32(pdev->sbdf, reg) & PCI_BASE_ADDRESS_SPACE) != + PCI_BASE_ADDRESS_SPACE_MEMORY ) + goto next; + + rc = pci_size_mem_bar(pdev->sbdf, reg, &addr, &size, + (i == nbars - 1) ? PCI_BAR_LAST : 0); + if ( rc < 0 ) + /* Unable to size, better leave memory decoding disabled. */ + return; + if ( size && !is_memory_hole(maddr_to_mfn(addr), + maddr_to_mfn(addr + size - 1)) ) + { + /* + * Return without enabling memory decoding if BAR position is not + * in IO suitable memory. Let the hardware domain re-position the + * BAR. + */ + printk(warn, + &pdev->sbdf, "", PFN_DOWN(addr), PFN_DOWN(addr + size - 1)); + return; + } + + next: + ASSERT(rc > 0); + i += rc; + } + + if ( rom_pos && + (pci_conf_read32(pdev->sbdf, rom_pos) & PCI_ROM_ADDRESS_ENABLE) ) + { + uint64_t addr, size; + int rc = pci_size_mem_bar(pdev->sbdf, rom_pos, &addr, &size, + PCI_BAR_ROM); + + if ( rc < 0 ) + return; + if ( size && !is_memory_hole(maddr_to_mfn(addr), + maddr_to_mfn(addr + size - 1)) ) + { + printk(warn, &pdev->sbdf, "ROM ", PFN_DOWN(addr), + PFN_DOWN(addr + size - 1)); + return; + } + } + + pci_conf_write16(pdev->sbdf, PCI_COMMAND, val); } static void apply_quirks(struct pci_dev *pdev) @@ -399,8 +468,8 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, u8 bus, u8 devfn) break; } - check_pdev(pdev); apply_quirks(pdev); + check_pdev(pdev); return pdev; } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 5db26ed477..3be754da92 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -554,6 +554,8 @@ int __must_check steal_page(struct domain *d, struct page_info *page, int page_is_ram_type(unsigned long mfn, unsigned long mem_type); /* Returns the page type(s). */ unsigned int page_get_ram_type(mfn_t mfn); +/* Check if a range falls into a hole in the memory map. */ +bool is_memory_hole(mfn_t start, mfn_t end); /* Prepare/destroy a ring for a dom0 helper. Helper with talk * with Xen on behalf of this domain. */ diff --git a/xen/include/xen/pci_regs.h b/xen/include/xen/pci_regs.h index cc4ee3b83e..ee8e82be36 100644 --- a/xen/include/xen/pci_regs.h +++ b/xen/include/xen/pci_regs.h @@ -88,6 +88,8 @@ * 0xffffffff to the register, and reading it back. Only * 1 bits are decoded. */ +#define PCI_HEADER_NORMAL_NR_BARS 6 +#define PCI_HEADER_BRIDGE_NR_BARS 2 #define PCI_BASE_ADDRESS_0 0x10 /* 32 bits */ #define PCI_BASE_ADDRESS_1 0x14 /* 32 bits [htype 0,1 only] */ #define PCI_BASE_ADDRESS_2 0x18 /* 32 bits [htype 0 only] */ diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 3f32de9d7e..e8ac1eb395 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -80,8 +80,6 @@ struct vpci { bool prefetchable : 1; /* Store whether the BAR is mapped into guest p2m. */ bool enabled : 1; -#define PCI_HEADER_NORMAL_NR_BARS 6 -#define PCI_HEADER_BRIDGE_NR_BARS 2 } bars[PCI_HEADER_NORMAL_NR_BARS + 1]; /* At most 6 BARS + 1 expansion ROM BAR. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 15:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 15:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265687.459116 (Exim 4.92) (envelope-from ) id 1nG0PW-00035F-7Z; Fri, 04 Feb 2022 15:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265687.459116; Fri, 04 Feb 2022 15:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG0PW-000357-4Z; Fri, 04 Feb 2022 15:22:06 +0000 Received: by outflank-mailman (input) for mailman id 265687; Fri, 04 Feb 2022 15:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG0PU-000351-6u for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 15:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG0PU-0003S4-3v for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 15:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG0PU-00070P-2m for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 15:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N8CT5Q0xPtvJmbAqgJxTgaLWeMmaxrbHYt8iaPXnpYw=; b=ZDy+qt+IgJhzYUsFJkZzDZfIrW /Tr0vUCz+RCYPQ6r6ZOdZvv8X497WG9sQ0MxzQQmwFPCpsCy2hdaNQVn/0VFlP6p4KBQVqnXjKhBr BuzHpWQjQegSp3vT+LH7golSHDPzw3lSW2JQGdhjsWkciu5mMmxG94DlqoZHE74VWgg8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/guest: Fix comment regarding CPUID compatibility Message-Id: Date: Fri, 04 Feb 2022 15:22:04 +0000 commit 820cc393434097f3b7976acdccbf1d96071d6d23 Author: Andrew Cooper AuthorDate: Thu Feb 3 18:03:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 14:44:29 2022 +0000 tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- tools/libs/guest/xg_cpuid_x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index b9e827ce7e..57f81eb0a0 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -497,9 +497,19 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, if ( restore ) { /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -509,7 +519,6 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } - /* Clamp maximum leaves to the ones supported on 4.12. */ p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); p->feat.max_subleaf = 0; p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265689.459121 (Exim 4.92) (envelope-from ) id 1nG1gr-0002Ez-VL; Fri, 04 Feb 2022 16:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265689.459121; Fri, 04 Feb 2022 16:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1gr-0002En-Rk; Fri, 04 Feb 2022 16:44:05 +0000 Received: by outflank-mailman (input) for mailman id 265689; Fri, 04 Feb 2022 16:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1gq-0002Eh-Fb for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1gq-0005Jb-BY for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1gq-0004tF-9o for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r6E8sJH4QNQAu6lswuT4dLX68PJ/8X6Xm4aOVB2NrI8=; b=4W5VcMlVn6+mfcAYclHIG4U3wh 4hOR1toFL9EyXSXFPkmJMDRAhDK9UVvU8dYcCX3AMxT6+xi91DgNCBdrVZT5mjWuFiArtnDgbRuTA eX7TefVvKlremUQbwuXaEJ3qQ7Wkbll5dhnatVgv1LUk7X2gCKjaGMIPfLAxiFqc5rGw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Fri, 04 Feb 2022 16:44:04 +0000 commit e253d0a65cca3770f404241f2435791b61159cd6 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265690.459124 (Exim 4.92) (envelope-from ) id 1nG1h0-0002Gc-WE; Fri, 04 Feb 2022 16:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265690.459124; Fri, 04 Feb 2022 16:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1h0-0002GU-TK; Fri, 04 Feb 2022 16:44:14 +0000 Received: by outflank-mailman (input) for mailman id 265690; Fri, 04 Feb 2022 16:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1h0-0002GJ-Fc for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1h0-0005Jf-Eq for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1h0-0004uT-Du for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XTnPxrndHW31Gk0GS36Y8sqbLPJr1eUgcbJNbhAU1HA=; b=1bfkdnXfmacRdHVLIpzuF0xQJi xGIjLspO0OoHqsaiFx5W1ItNShI1KlCGtxvADj+gKiafnjpHjyQN77icdbgmA+Gx9R3M5DSeVWZ8c URlx1LAO9XtUpW17QizxUBNWZOzpnhwpQSzk4bGkoZ44Tx6CLWR+Qnz6dUop0kr/bzas=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/guest: Fix comment regarding CPUID compatibility Message-Id: Date: Fri, 04 Feb 2022 16:44:14 +0000 commit 47dbbe3878a002bb9bfa7ab24c0e7dc57b894ac7 Author: Andrew Cooper AuthorDate: Thu Feb 3 18:03:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libs/guest/xg_cpuid_x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index 198892ebdf..6ea14c4c56 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -498,9 +498,19 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, if ( restore ) { /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -510,7 +520,6 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } - /* Clamp maximum leaves to the ones supported on 4.12. */ p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); p->feat.max_subleaf = 0; p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265691.459128 (Exim 4.92) (envelope-from ) id 1nG1hB-0002JG-1U; Fri, 04 Feb 2022 16:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265691.459128; Fri, 04 Feb 2022 16:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hA-0002J8-Ul; Fri, 04 Feb 2022 16:44:24 +0000 Received: by outflank-mailman (input) for mailman id 265691; Fri, 04 Feb 2022 16:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hA-0002J1-JE for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hA-0005Jw-IP for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1hA-0004vt-HT for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XQQ5uz0muCktu9QD8etueaxsblx+hdQS9+PXZbukCLU=; b=XEXkp20XL4z/lPyDALe92iHnz6 KRaN9Ave2+LXnYxDNsV2f5qyT7VFtzkb/MlRA6umWG0AyRilkW+TkVIdila3B6mzVar8Q6ZoSQ+lL ng/ges9WBoCQgp12wdZTn4bL0YMNH/ijjbNG3/iHYgFgzdHzLHdKKMFsrnfYJMC8Z1qk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:44:24 +0000 commit 5f27e51cce99c422a7e506f9a0eeda195b767464 Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 6820527df0..1fe658d902 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1373,6 +1373,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1388,7 +1389,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1408,7 +1410,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 71cbfa8ee3..5839bee2c9 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -435,6 +435,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -508,18 +526,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 10039c2d22..657a329561 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -277,6 +277,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265692.459133 (Exim 4.92) (envelope-from ) id 1nG1hL-0002Md-3I; Fri, 04 Feb 2022 16:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265692.459133; Fri, 04 Feb 2022 16:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hK-0002MR-WF; Fri, 04 Feb 2022 16:44:35 +0000 Received: by outflank-mailman (input) for mailman id 265692; Fri, 04 Feb 2022 16:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hK-0002MJ-MP for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hK-0005K7-Ld for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1hK-0004xG-Kc for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cm6fhzVIzz/Wx3WkflL6gm6Jd+t6g5RL+19ikeOtp8g=; b=MPTiaz7Au8pVlq8TUfjvVoGuHN 8M6au9lx3SOwGt0lvu6BZhok13ol6LjIyk1toaCFZmFF6odeWkHsn7UcK6Ih2R3Zf8hK/ThipkMdI 2XfE2JLkbq5yU7lA4X9r+obYd6yvccu+yRQXI2ygA1yTD2jj7+A6Q59NYiJxeQdR/RjY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Fri, 04 Feb 2022 16:44:34 +0000 commit df2e2952b8c8087988f240a08a9417aa503cbd1c Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f62c775b9d..3d45b05af2 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,7 +264,7 @@ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265693.459136 (Exim 4.92) (envelope-from ) id 1nG1hW-0002QU-4V; Fri, 04 Feb 2022 16:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265693.459136; Fri, 04 Feb 2022 16:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hW-0002QM-1W; Fri, 04 Feb 2022 16:44:46 +0000 Received: by outflank-mailman (input) for mailman id 265693; Fri, 04 Feb 2022 16:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hU-0002Py-Pm for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hU-0005Ka-P2 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1hU-0004yW-Nq for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t0xYkIgTNlenSVOfZN0YKwLvs4BLzsqCqND+giR9qRo=; b=DkSMobsI9v3x1GTS6qKvQnIlR5 1kzM959RJELjaLdMEKx0OgyHLcnRVsFjY+ZEAgk5P+xJwjT3Yk0J+iQyns8yydkxVu33Wt42qFflz uAGJQZspDQTc9ZGjt6iPEDutMT63MbX8HJz3ZCtaAqAbtUmBQ1a4S3U+OvMAYiIcABi4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:44:44 +0000 commit 7f34b6a895d10744bab32fc843246c45da444d8b Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c18cc8aa49..8a550d0a09 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:44:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:44:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265694.459140 (Exim 4.92) (envelope-from ) id 1nG1hg-0002Sx-65; Fri, 04 Feb 2022 16:44:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265694.459140; Fri, 04 Feb 2022 16:44:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hg-0002Sp-35; Fri, 04 Feb 2022 16:44:56 +0000 Received: by outflank-mailman (input) for mailman id 265694; Fri, 04 Feb 2022 16:44:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1he-0002Sc-Sl for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1he-0005Km-Ry for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1he-0004zf-RA for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YgBfK6gBEC5M0oOvobgXv6q6+Tcir+vq2pFYOPoiNmk=; b=H+UbRip8U+fDWO70hzOo7EdTDN m0QfrE+wAa3lNG4aYd3Hv8Q2Jg1G2ft2aXnZfatwgLGl72peW3Z15SEo45GFr3smmmR5d4ieeUqFb EIFs+7WcvlNzULjzatCQ59Zwj5ydmf902iJVRyjfM9C8z9ZjPDroQ8DZxrfLLL1dI58c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:44:54 +0000 commit 08fc03c855c071e9b1aaaa96403f2a90433336a7 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8a550d0a09..2072daf662 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265695.459144 (Exim 4.92) (envelope-from ) id 1nG1hq-0002Wa-92; Fri, 04 Feb 2022 16:45:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265695.459144; Fri, 04 Feb 2022 16:45:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hq-0002WP-62; Fri, 04 Feb 2022 16:45:06 +0000 Received: by outflank-mailman (input) for mailman id 265695; Fri, 04 Feb 2022 16:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hp-0002Vz-0K for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1ho-0005LP-Vs for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1ho-00051H-Uk for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lx6QeXnmGAf/VERyu2jgMaqJwpQLQN2e/6xTI1kTmCo=; b=fb3lU0XN3RN7vAoaBsxa0DCdml URSRy1LExh2vBrrevrfy76QNOErLU8CYdowY28YeTzGqp9mw98NB6YQujiBTC8q+QiMFz3Vi9hgq7 IBKa//yXx/hVgJIyQe53o+RYFfwysO57raFltQKI7bzOhZpQ/rTZMLumICE7Od35ij8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Fri, 04 Feb 2022 16:45:04 +0000 commit 72ef02da23861f686c349a6808b2f4c9adc15f9f Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265696.459148 (Exim 4.92) (envelope-from ) id 1nG1i0-0002ZX-AT; Fri, 04 Feb 2022 16:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265696.459148; Fri, 04 Feb 2022 16:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1i0-0002ZP-7Z; Fri, 04 Feb 2022 16:45:16 +0000 Received: by outflank-mailman (input) for mailman id 265696; Fri, 04 Feb 2022 16:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hz-0002Z4-4b for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1hz-0005Lc-3s for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1hz-00052S-2j for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Uglq8lMTG80ryLNTcoucvyY3hla39R8wWWYxgv151Bc=; b=rzVDhXf9G4kjmp67v3YQTdRF+8 5XjVPcFM8hd4IOJAA00FuQkPMNL53jflwoOF42wkJL4rizTQm0TvZt/o7JJUWTrARfda9C5ObM1Eg Gsu5jasTPNrFYFbQcnmeMG88eW9DQ5gMaHby7cd9mfwgJe9vxD3se5W0MysRUE0sxG0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:45:15 +0000 commit 6ef732726add103ee8f63293e326ad43b1643239 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index da47cdea14..369691dd13 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1944,9 +1944,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 329cfdb6c9..ee3e86cc78 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -322,6 +322,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -378,7 +380,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2072daf662..b2fd86ebe5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1270,6 +1270,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1278,15 +1281,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index a74ad4bc4c..8ea4aecc5e 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265697.459152 (Exim 4.92) (envelope-from ) id 1nG1iA-0002bu-C7; Fri, 04 Feb 2022 16:45:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265697.459152; Fri, 04 Feb 2022 16:45:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iA-0002bm-99; Fri, 04 Feb 2022 16:45:26 +0000 Received: by outflank-mailman (input) for mailman id 265697; Fri, 04 Feb 2022 16:45:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1i9-0002bc-8B for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1i9-0005Lm-7P for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1i9-00053e-6Y for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S4/GSnPmL6OVH/c8IgnD6zORa8MDLoP1pjpawbOlGnQ=; b=NBVlSx3//AfKwBaWn14LqLJbMD CZNjb8T8ANua473sBWrIgp7r0fwYys8P+O9TFEeeUoNj52DxZefFwc93NyTiQVgs99tvxAyudauSb QOhH6I3TAD2i92aPl/e8T2+4qeIcKE2xdIbPzfZqUk49rRm7Yem4iM3xygwvMccHVJv8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Fri, 04 Feb 2022 16:45:25 +0000 commit e7ccc7a8ab92502a12dc31f652b0ca3b1be04b7e Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f87484b7ce..a8e37dbb1f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index ee3e86cc78..54237c6c6d 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -379,7 +379,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b2fd86ebe5..ee862089b7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -936,7 +937,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1031,12 +1033,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 05e9685026..09c32044ec 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265698.459156 (Exim 4.92) (envelope-from ) id 1nG1iK-0002f2-DW; Fri, 04 Feb 2022 16:45:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265698.459156; Fri, 04 Feb 2022 16:45:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iK-0002eu-Ad; Fri, 04 Feb 2022 16:45:36 +0000 Received: by outflank-mailman (input) for mailman id 265698; Fri, 04 Feb 2022 16:45:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iJ-0002ef-Bh for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iJ-0005Lx-B2 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1iJ-00054m-9m for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x2zCmhY94HiwlDXJNIowmY3RT9s/JjJg0iv68qO/QEA=; b=mCw+aEU0MAwOM/ojfVmztAisMr jra8rY36WspW3aAH9p6gNXCgjcJmZ4FoCvWv+fCYmfU6fbY8g24ngz3IYheU/rMMw4REh6iPe9GEr k6w2g9HwmrAJweXRq0aEkPHk4NepFCaKuRtkdw86mEuEh6G98BM8RG/cM1ToYN7nPFc8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:45:35 +0000 commit 142c6bd63468b147299f1393e8347d76fe6c3270 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 649892643f..287dac101a 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -126,6 +126,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265699.459160 (Exim 4.92) (envelope-from ) id 1nG1iU-0002iA-F5; Fri, 04 Feb 2022 16:45:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265699.459160; Fri, 04 Feb 2022 16:45:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iU-0002i1-CD; Fri, 04 Feb 2022 16:45:46 +0000 Received: by outflank-mailman (input) for mailman id 265699; Fri, 04 Feb 2022 16:45:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iT-0002hs-FW for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iT-0005MQ-Eo for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1iT-00055b-DU for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CxfD/sPTfczmnLWPLB7D8Ohl2V44qbPeLnAC3snx6Jg=; b=A0tXYwEod61cSUQovJeDz0zR3h p5rmacpBR3K/+4ekrHrNevWOVNmYa6V7tql4FFwu3QIhs5l6zNoCcMQj5Jt4I7ZE29TKVeRx6fznX 6AZmKCda4EmZLj+A2sDp7FGvVL9n/7TpeI7/0JtPPh3rTIDTPeRvMFZHERswqbpTlLpU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Fri, 04 Feb 2022 16:45:45 +0000 commit 5c704f0e5ffd609ee98bb2240fe56e1be0611d63 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 74b2b0e092..9c99f8a032 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2471,10 +2471,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2485,10 +2489,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 5839bee2c9..119ebfa91c 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -264,7 +264,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -442,7 +442,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -450,6 +451,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -526,7 +528,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:45:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:45:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265700.459164 (Exim 4.92) (envelope-from ) id 1nG1ie-0002lQ-Hr; Fri, 04 Feb 2022 16:45:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265700.459164; Fri, 04 Feb 2022 16:45:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1ie-0002lI-F4; Fri, 04 Feb 2022 16:45:56 +0000 Received: by outflank-mailman (input) for mailman id 265700; Fri, 04 Feb 2022 16:45:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1id-0002l7-JE for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1id-0005MU-IY for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1id-00057L-HL for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:45:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GuoBQubaiGdEQPQblg0Hq9qb3x73l6xUy0E6NDCqIZM=; b=z/dWiRogUVfQtWPYa3bFyb828a 92b+BNdkuA0+fKJ1bGD+dIBF4Add+crSu1unT2IIoU6ibZ5t8fL1M2IU/lK7ZPbOcFU5QGF5tHjPS H6mpzNJ2jE+tJuBUWKwzX27tEGrpsS9fv8XLrYI8GV3h9QpQHbxdCxVrzi65GO6urtQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Fri, 04 Feb 2022 16:45:55 +0000 commit 0da8f3d23f86dafc4781cb75f46722841b87bdbf Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 151944f657..c7f07ef7a6 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -396,6 +396,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -419,11 +421,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -493,11 +498,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 9c99f8a032..332de61993 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 3d45b05af2..228a5dc29e 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -254,18 +254,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b953648b65..517d632b50 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -277,16 +277,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265701.459168 (Exim 4.92) (envelope-from ) id 1nG1ip-0002o2-JZ; Fri, 04 Feb 2022 16:46:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265701.459168; Fri, 04 Feb 2022 16:46:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1ip-0002nu-Gc; Fri, 04 Feb 2022 16:46:07 +0000 Received: by outflank-mailman (input) for mailman id 265701; Fri, 04 Feb 2022 16:46:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1io-0002no-3i for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1io-0005Mr-2y for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1io-0005AV-27 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2vZ6EZ2l1hBb7/g7S49RLPX2Glzsp8jeDWldjmOO57w=; b=Lg0tTWyj8xTOBGubo8MS5I0zg5 7KTvohy+7lp3lTKzFqVV4x7SXm38cvCIreAKrKJd61dtiabRNRAP0H0l1cr4jTWfUU+LMhVmYxmKq GgeqR7WO9oQRqFUkDQTBLKXjTLnlbLe6CShn0Ey/gqw2if+VRUpOZt+YZqt5JT9kcUC4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/amd: split LFENCE dispatch serializing setup logic into helper Message-Id: Date: Fri, 04 Feb 2022 16:46:06 +0000 commit 576218ea82f0fd3e26c5d57fe9e2f5997fd34e01 Author: Roger Pau Monné AuthorDate: Thu Apr 15 13:45:09 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:48 2022 +0000 x86/amd: split LFENCE dispatch serializing setup logic into helper Split the logic to attempt to setup LFENCE to be dispatch serializing on AMD into a helper, so it can be shared with Hygon. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 3e9460ec93341fa6a80ecf99832aa5d9975339c9) --- xen/arch/x86/cpu/amd.c | 62 ++++++++++++++++++++++++++---------------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 27 +-------------------- 3 files changed, 36 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 10495aca35..b2d940697f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -642,6 +642,38 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +void amd_init_lfence(struct cpuinfo_x86 *c) +{ + uint64_t value; + + /* + * Attempt to set lfence to be Dispatch Serialising. This MSR almost + * certainly isn't virtualised (and Xen at least will leak the real + * value in but silently discard writes), as well as being per-core + * rather than per-thread, so do a full safe read/write/readback cycle + * in the worst case. + */ + if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) + /* Unable to read. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) + /* Already dispatch serialising. */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (wrmsr_safe(MSR_AMD64_DE_CFG, + value | AMD64_DE_CFG_LFENCE_SERIALISE) || + rdmsr_safe(MSR_AMD64_DE_CFG, value) || + !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) + /* Attempt to set failed. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else + /* Successfully enabled! */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); +} + /* * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf @@ -736,37 +768,11 @@ static void init_amd(struct cpuinfo_x86 *c) if (c == &boot_cpu_data && !cpu_has(c, X86_FEATURE_RSTR_FP_ERR_PTRS)) setup_force_cpu_cap(X86_BUG_FPU_PTRS); - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ if (c->x86 == 0x0f || c->x86 == 0x11) /* Always dispatch serialising on this hardare. */ __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ { - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - } + else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ + amd_init_lfence(c); amd_init_ssbd(c); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 2550957801..1a5b3918b3 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,4 +20,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index ccfa27201d..3845e0cf0e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -32,32 +32,7 @@ static void init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); + amd_init_lfence(c); amd_init_ssbd(c); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265702.459172 (Exim 4.92) (envelope-from ) id 1nG1iz-0002qu-LG; Fri, 04 Feb 2022 16:46:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265702.459172; Fri, 04 Feb 2022 16:46:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iz-0002qm-IL; Fri, 04 Feb 2022 16:46:17 +0000 Received: by outflank-mailman (input) for mailman id 265702; Fri, 04 Feb 2022 16:46:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iy-0002qY-7l for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1iy-0005OU-6p for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1iy-0005Ba-5g for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7wCCrYC4wrGptaAVYh3TzfA9pYReShOla83gD86ITgA=; b=dVWjZ0vhdT7wbY+3eK9NHEHvav 9dZM7n1BfKkGiXloMm6w3gpD56H2YoLYV45frWfC85fK9sYzYKwv7q0GyMNkA0H2NaOqowxRZrQE6 BGiSeXZqS3VEQ7iPd92pFLTpjHsgq2CZ0WNXwfNae1c+mQLOfT/ik5svznk7bou1exkY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: support LFENCE always serialising CPUID bit Message-Id: Date: Fri, 04 Feb 2022 16:46:16 +0000 commit 0d89d04f630a0a54e1411144969fb3dfb4f5400e Author: Roger Pau Monné AuthorDate: Thu Apr 15 16:47:31 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/cpuid: support LFENCE always serialising CPUID bit AMD Milan (Zen3) CPUs have an LFENCE Always Serialising CPUID bit in leaf 80000021.eax. Previous AMD versions used to have a user settable bit in DE_CFG MSR to select whether LFENCE was dispatch serialising, which Xen always attempts to set. The forcefully always on setting is due to the addition of SEV-SNP so that a VMM cannot break the confidentiality of a guest. In order to support this new CPUID bit move the LFENCE_DISPATCH synthetic CPUID bit to map the hardware bit (leaving a hole in the synthetic range) and either rely on the bit already being set by the native CPUID output, or attempt to fake it in Xen by modifying the DE_CFG MSR. This requires adding one more entry to the featureset to support leaf 80000021.eax. The bit is always exposed to guests by default even if the underlying hardware doesn't support leaf 80000021. Note that Xen doesn't allow guests to change the DE_CFG value, so once set by Xen LFENCE will always be serialising. Note that the access to DE_CFG by guests is left as-is: reads will unconditionally return LFENCE_SERIALISE bit set, while writes are silently dropped. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper [Always expose to guests by default] Signed-off-by: Andrew Cooper (cherry picked from commit e9b4fe26364950258c9f57f0f68eccb778eeadbb) x86/cpuid: do not expand max leaves on restore When restoring limit the maximum leaves to the ones supported by Xen 4.12 in order to not expand the maximum leaves a guests sees. Note this is unlikely to cause real issues. Guests restored from Xen versions 4.13 or greater will contain CPUID data on the stream that will override the values set by xc_cpuid_apply_policy. Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID bit") Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich (cherry picked from commit 111c8c33a8a18588f3da3c5dbb7f5c63ddb98ce5) tools/libxenguest: Fix max_extd_leaf calculation for legacy restore 0x1c is lower than any value which will actually be observed in p->extd.max_leaf, but higher than the logical 9 leaves worth of extended data on Intel systems, causing x86_cpuid_copy_to_buffer() to fail with -ENOBUFS. Correct the calculation. The problem was first noticed in c/s 34990446ca9 "libxl: don't ignore the return value from xc_cpuid_apply_policy" but introduced earlier. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Reported-by: Olaf Hering Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5fa174cbf54cc625a023b8e7170e359dd150c072) tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libs/guest/xg_cpuid_x86.c | 22 +++++++++++++---- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 6 +++++ xen/arch/x86/cpu/amd.c | 7 ++++++ xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/cpuid.c | 15 +++++++++++- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/public/arch-x86/cpufeatureset.h | 3 +++ xen/include/xen/lib/x86/cpuid.h | 37 ++++++++++++++++++++++++++++- 9 files changed, 90 insertions(+), 7 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index c6c806884a..ead547f302 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -497,12 +497,22 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, goto out; } - /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. - */ if ( restore ) { + /* + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. + */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -511,6 +521,10 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, { p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } + + p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); + p->feat.max_subleaf = 0; + p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); } if ( featureset ) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 6e094dfacc..9f55073f0a 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -293,6 +293,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_decode", 0x8000000a, NA, CPUID_REG_EDX, 7, 1}, {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, + {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, {NULL, 0, NA, CPUID_REG_INV, 0, 0} diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index b9fb918cdd..92c40b045c 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -183,6 +183,11 @@ static const char *const str_7a1[32] = [ 4] = "avx-vnni", [ 5] = "avx512-bf16", }; +static const char *const str_e21a[32] = +{ + [ 2] = "lfence+", +}; + static const struct { const char *name; const char *abbr; @@ -200,6 +205,7 @@ static const struct { { "0x80000008.ebx", "e8b", str_e8b }, { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, + { "0x80000021.eax", "e21a", str_e21a }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b2d940697f..176c1de8a9 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -646,6 +646,13 @@ void amd_init_lfence(struct cpuinfo_x86 *c) { uint64_t value; + /* + * Some hardware has LFENCE dispatch serialising always enabled, + * nothing to do on that case. + */ + if (test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability)) + return; + /* * Attempt to set lfence to be Dispatch Serialising. This MSR almost * certainly isn't virtualised (and Xen at least will leak the real diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index cab3befeac..292f764d9e 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -419,6 +419,9 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000008) c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] = cpuid_ebx(0x80000008); + if (c->extended_cpuid_level >= 0x80000021) + c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] + = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ if ( c->cpuid_level >= 0x00000007 ) { diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index eefcde902e..8d43c018e6 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -308,6 +308,7 @@ static void __init calculate_raw_policy(void) static void __init calculate_host_policy(void) { struct cpuid_policy *p = &host_cpuid_policy; + unsigned int max_extd_leaf; *p = raw_cpuid_policy; @@ -315,7 +316,19 @@ static void __init calculate_host_policy(void) min_t(uint32_t, p->basic.max_leaf, ARRAY_SIZE(p->basic.raw) - 1); p->feat.max_subleaf = min_t(uint32_t, p->feat.max_subleaf, ARRAY_SIZE(p->feat.raw) - 1); - p->extd.max_leaf = 0x80000000 | min_t(uint32_t, p->extd.max_leaf & 0xffff, + + max_extd_leaf = p->extd.max_leaf; + + /* + * For AMD/Hygon hardware before Zen3, we unilaterally modify LFENCE to be + * dispatch serialising for Spectre mitigations. Extend max_extd_leaf + * beyond what hardware supports, to include the feature leaf containing + * this information. + */ + if ( cpu_has_lfence_dispatch ) + max_extd_leaf = max(max_extd_leaf, 0x80000021); + + p->extd.max_leaf = 0x80000000 | min_t(uint32_t, max_extd_leaf & 0xffff, ARRAY_SIZE(p->extd.raw) - 1); cpuid_featureset_to_policy(boot_cpu_data.x86_capability, p); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index d7e42d9bb6..6c8f432aee 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -24,7 +24,7 @@ XEN_CPUFEATURE(APERFMPERF, X86_SYNTH( 8)) /* APERFMPERF */ XEN_CPUFEATURE(MFENCE_RDTSC, X86_SYNTH( 9)) /* MFENCE synchronizes RDTSC */ XEN_CPUFEATURE(XEN_SMEP, X86_SYNTH(10)) /* SMEP gets used by Xen itself */ XEN_CPUFEATURE(XEN_SMAP, X86_SYNTH(11)) /* SMAP gets used by Xen itself */ -XEN_CPUFEATURE(LFENCE_DISPATCH, X86_SYNTH(12)) /* lfence set as Dispatch Serialising */ +/* Bit 12 - unused. */ XEN_CPUFEATURE(IND_THUNK_LFENCE, X86_SYNTH(13)) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, X86_SYNTH(14)) /* Use IND_THUNK_JMP */ XEN_CPUFEATURE(SC_BRANCH_HARDEN, X86_SYNTH(15)) /* Conditional Branch Hardening */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 496582feff..4a1462db65 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -288,6 +288,9 @@ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(AVX_VNNI, 10*32+ 4) /*A AVX-VNNI Instructions */ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ +/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ +XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index f4ef8a9f2f..a4d254ea96 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -15,6 +15,7 @@ #define FEATURESET_e8b 8 /* 0x80000008.ebx */ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ +#define FEATURESET_e21a 11 /* 0x80000021.eax */ struct cpuid_leaf { @@ -84,7 +85,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) -#define CPUID_GUEST_NR_EXTD_AMD (0x1cu + 1) +#define CPUID_GUEST_NR_EXTD_AMD (0x21u + 1) #define CPUID_GUEST_NR_EXTD MAX(CPUID_GUEST_NR_EXTD_INTEL, \ CPUID_GUEST_NR_EXTD_AMD) @@ -264,6 +265,38 @@ struct cpuid_policy }; uint32_t nc:8, :4, apic_id_size:4, :16; uint32_t /* d */:32; + + uint64_t :64, :64; /* Leaf 0x80000009. */ + uint64_t :64, :64; /* Leaf 0x8000000a - SVM rev and features. */ + uint64_t :64, :64; /* Leaf 0x8000000b. */ + uint64_t :64, :64; /* Leaf 0x8000000c. */ + uint64_t :64, :64; /* Leaf 0x8000000d. */ + uint64_t :64, :64; /* Leaf 0x8000000e. */ + uint64_t :64, :64; /* Leaf 0x8000000f. */ + uint64_t :64, :64; /* Leaf 0x80000010. */ + uint64_t :64, :64; /* Leaf 0x80000011. */ + uint64_t :64, :64; /* Leaf 0x80000012. */ + uint64_t :64, :64; /* Leaf 0x80000013. */ + uint64_t :64, :64; /* Leaf 0x80000014. */ + uint64_t :64, :64; /* Leaf 0x80000015. */ + uint64_t :64, :64; /* Leaf 0x80000016. */ + uint64_t :64, :64; /* Leaf 0x80000017. */ + uint64_t :64, :64; /* Leaf 0x80000018. */ + uint64_t :64, :64; /* Leaf 0x80000019 - TLB 1GB Identifiers. */ + uint64_t :64, :64; /* Leaf 0x8000001a - Performance related info. */ + uint64_t :64, :64; /* Leaf 0x8000001b - IBS feature information. */ + uint64_t :64, :64; /* Leaf 0x8000001c. */ + uint64_t :64, :64; /* Leaf 0x8000001d - Cache properties. */ + uint64_t :64, :64; /* Leaf 0x8000001e - Extd APIC/Core/Node IDs. */ + uint64_t :64, :64; /* Leaf 0x8000001f - AMD Secure Encryption. */ + uint64_t :64, :64; /* Leaf 0x80000020 - Platform QoS. */ + + /* Leaf 0x80000021 - Extended Feature 2 */ + union { + uint32_t e21a; + struct { DECL_BITFIELD(e21a); }; + }; + uint32_t /* b */:32, /* c */:32, /* d */:32; }; } extd; @@ -293,6 +326,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_e8b] = p->extd.e8b; fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; + fs[FEATURESET_e21a] = p->extd.e21a; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -310,6 +344,7 @@ static inline void cpuid_featureset_to_policy( p->extd.e8b = fs[FEATURESET_e8b]; p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; + p->extd.e21a = fs[FEATURESET_e21a]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265703.459176 (Exim 4.92) (envelope-from ) id 1nG1j9-0002uD-O8; Fri, 04 Feb 2022 16:46:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265703.459176; Fri, 04 Feb 2022 16:46:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1j9-0002u5-LE; Fri, 04 Feb 2022 16:46:27 +0000 Received: by outflank-mailman (input) for mailman id 265703; Fri, 04 Feb 2022 16:46:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1j8-0002tu-B1 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1j8-0005Oi-AB for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1j8-0005CZ-9F for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UfSPv3ipwNv2Ldn9nWYZGHj6alS4cXdCxzVvIGvUf0o=; b=L1EZ44MnUjvwQ/POYmwjg0YCV+ FuEEae084bp9LcsTpM/+y9wUDmduteb/59wRkp6y/Y9aklBFFmMcUH6lp/G7IHrvJLKgvhVfqAs9Q jabk0wnmHD3nf45N9bwuHXfTO489Q0z1xNj1nQZIK5SZrAiE/X3f9blrOJy73FEl5BxU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Fri, 04 Feb 2022 16:46:26 +0000 commit 0bec5b0c6ee24477f3f307243753a4eacca14155 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265706.459179 (Exim 4.92) (envelope-from ) id 1nG1jJ-0002xF-Pl; Fri, 04 Feb 2022 16:46:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265706.459179; Fri, 04 Feb 2022 16:46:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jJ-0002x7-Mj; Fri, 04 Feb 2022 16:46:37 +0000 Received: by outflank-mailman (input) for mailman id 265706; Fri, 04 Feb 2022 16:46:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jI-0002wz-E5 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jI-0005Ov-DJ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1jI-0005DI-Cb for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pEk9CWqwAcCdz/6S4HhGzCezamoRua8CbjTJhzNJ7vw=; b=L7iujM6jLRtHlAVli374lV5M59 2m7dP81IOzFIjkMmXNzO/Hj5x88n4KPlifOQ7qOxZepXgRMI9IV0XSRy5xQYyr+3FivIP/lSpsf/4 vVzt1992dQQtSRZm+7dHB7fwkCIlRQTkh7QiHS6cx7O4a9fr4ezrALKIgA6eDcHrYkfQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:46:36 +0000 commit beb522fc036cec82ba9f49d5187eba28bb293474 Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index f572c68d4d..ddd001a6ad 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1370,6 +1370,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1385,7 +1386,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1405,7 +1407,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 79d40a0074..334dcddacf 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -420,6 +420,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -493,18 +511,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 10039c2d22..657a329561 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -277,6 +277,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265707.459184 (Exim 4.92) (envelope-from ) id 1nG1jT-000306-RG; Fri, 04 Feb 2022 16:46:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265707.459184; Fri, 04 Feb 2022 16:46:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jT-0002zy-OK; Fri, 04 Feb 2022 16:46:47 +0000 Received: by outflank-mailman (input) for mailman id 265707; Fri, 04 Feb 2022 16:46:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jS-0002zi-Gq for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jS-0005PF-G8 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1jS-0005E1-FZ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4vbmf250sqJgX5bM69gNsMeSMG9NZYsbWX6uXsHywpk=; b=TX9Elug+XblV3rSj6pGfUPqiVu eZVKKKwwD6oLi4/ykkTdAambIzPhxzzn+9xzA9WHw+yNqHFXMQCYr+q1/a6PK4mscVkZm30ktTIvx VuK2YpS48KDwLqWZRCzjMugva8C55fgEIP8GrW19uhQ4SRrTVSx3vPFwvTVR5T5WzskU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Fri, 04 Feb 2022 16:46:46 +0000 commit 82b2033090150ef25090b7e58d4820e04cedc736 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 4a1462db65..2ffeff0ae5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -263,7 +263,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:46:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:46:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265708.459188 (Exim 4.92) (envelope-from ) id 1nG1jd-00035n-T5; Fri, 04 Feb 2022 16:46:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265708.459188; Fri, 04 Feb 2022 16:46:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jd-00035e-QF; Fri, 04 Feb 2022 16:46:57 +0000 Received: by outflank-mailman (input) for mailman id 265708; Fri, 04 Feb 2022 16:46:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jc-00034V-Jn for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jc-0005PJ-JA for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1jc-0005Ev-IJ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:46:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1wQW/9NtnkYTxGtAJhzG8WEZBON+sKy6fYl+9Ys5sEE=; b=PFDr9Fmo5RJD0phr4w/HR7mAGs 4I1E3LeSwzFsxHZTw+55JV0SY6apJfeVTPBPbWGIq9AcJG2riji678OI18+BXIYNv+oy2WUf9wGud kbp9pfQ7LU4YswXzG2uec8ktlY1IijdhJFQm9zRrZjCqlSe7NTSTgjla0AcfVsLotg7o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:46:56 +0000 commit ca3fcbde2513f18806a50fe5a9791e1cbb7c4205 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f70535b6e7..e85b0c0c7d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -987,19 +987,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265709.459192 (Exim 4.92) (envelope-from ) id 1nG1jn-00038X-Uw; Fri, 04 Feb 2022 16:47:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265709.459192; Fri, 04 Feb 2022 16:47:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jn-00038P-Rl; Fri, 04 Feb 2022 16:47:07 +0000 Received: by outflank-mailman (input) for mailman id 265709; Fri, 04 Feb 2022 16:47:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jm-00038F-Mn for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jm-0005Pg-M8 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1jm-0005G7-LW for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PFp2raS2X2rsufYjEwsB+vBmTEKqE3TvPDFrj18Y+cw=; b=BbIVF5rT6qyJK9iIrJxbeD09YP Zc34iw8sLwwj7pXEu+YItU/Sy/lTxSbxAWSxdY2ka8XPsDYcauzoRXhe/C0ydV/WjnQWsc4yVf0aM QkVw0fGkXG69tu04DBcGBopeSv4fiJ1dD1ei10xsuAqWJLLNmCo5l29H0EF5JcbOJY9k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:47:06 +0000 commit 3bc15a1a646e338e3f670a0d5fd2924b5d1edef0 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e85b0c0c7d..84d5de8856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -907,6 +907,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -944,11 +946,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -979,10 +981,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1001,11 +1000,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1220,7 +1220,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265710.459196 (Exim 4.92) (envelope-from ) id 1nG1jy-0003BF-07; Fri, 04 Feb 2022 16:47:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265710.459196; Fri, 04 Feb 2022 16:47:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jx-0003B7-TO; Fri, 04 Feb 2022 16:47:17 +0000 Received: by outflank-mailman (input) for mailman id 265710; Fri, 04 Feb 2022 16:47:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jw-0003Av-Q2 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1jw-0005Pq-PK for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1jw-0005H9-OG for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3D6afN5PN8TPn7s4hn7cJ4ucXuUdbrDZBvhbALdcj7U=; b=pka9OKvCaIKega8oaveM2TU48L Iew4igBBjqvQ+E0IqecNGD7rM4qsprm46bYhaGqilcWZgIwZN2pXzzlV5Q2LbJmQnA4rAl7z8vAuT 3oQK417qa7TgMxNE0WKL6BS+q8KPqIRBgxhevbZS/E4PgRBEcB+yRxAEg+0bIQ4LQBe0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Fri, 04 Feb 2022 16:47:16 +0000 commit 21dd4ef9a6a59655cfa06550e331557e197324fa Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265711.459200 (Exim 4.92) (envelope-from ) id 1nG1k8-0003E2-1q; Fri, 04 Feb 2022 16:47:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265711.459200; Fri, 04 Feb 2022 16:47:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1k7-0003Du-V4; Fri, 04 Feb 2022 16:47:27 +0000 Received: by outflank-mailman (input) for mailman id 265711; Fri, 04 Feb 2022 16:47:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1k6-0003Dk-TJ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1k6-0005QL-Sb for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1k6-0005I8-Rq for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xe5wAZRvAT6HelACd3xNCbByk/sA8v5AwkGzGbVYafg=; b=uDqThSGWLijpfhqbB7XQAZh/Hp Hab9UrqD70UZ0y7hFZnBNZH9pwk5EKCSNR1BddTK3s1IFhKqUFgPSYngF7P9S6WDWXf7sp6vxn/8E rxlUqGvms/get0J1FtDhMVXptpiesVScTqOp+yU3MbDWJtqORp/RsB8+da2knuX3fGhw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:47:26 +0000 commit 73b4e89746dcdb017ac331ca819f615f255fc5c0 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 59955aadb9..b1f96f71b6 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1936,9 +1936,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index f1dda9d305..bad978f627 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -322,6 +322,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -378,7 +380,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 84d5de8856..b41f85936e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1222,6 +1222,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1230,15 +1233,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index a74ad4bc4c..8ea4aecc5e 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265712.459205 (Exim 4.92) (envelope-from ) id 1nG1kI-0003HO-50; Fri, 04 Feb 2022 16:47:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265712.459205; Fri, 04 Feb 2022 16:47:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kI-0003HG-1d; Fri, 04 Feb 2022 16:47:38 +0000 Received: by outflank-mailman (input) for mailman id 265712; Fri, 04 Feb 2022 16:47:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kH-0003H7-0B for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kG-0005Qv-Vj for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1kG-0005J7-Uy for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IDnEJM1Xou0d9TmIwKyGWWV8KGTcGzNS48vjjfmZkxw=; b=bkgHqNdhFGxQiqsAYt3GSPhXnS 6M540q7SrMG8zF3H04K4Iq0lkHkLISiabv4na1u9SmMDiyzNoMV+rF/Kw4q1o+zUi3rVzeWoVJ8Qf CvEqQ0JtETt+S7xiYCu99YBLX7dS6ABVsSpNpp0EaSXrR0N4nxcUJqZXMSyJ308BapAw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Fri, 04 Feb 2022 16:47:36 +0000 commit b21f5076bbf3de17c88c3a4ae1be814f0fbd0874 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 176c1de8a9..1ee687d0d2 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index bad978f627..d5b538e4b6 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -379,7 +379,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b41f85936e..fc4ef370a0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -907,7 +908,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1002,12 +1004,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 1598d01017..6a43e4febb 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265713.459208 (Exim 4.92) (envelope-from ) id 1nG1kS-0003KW-6H; Fri, 04 Feb 2022 16:47:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265713.459208; Fri, 04 Feb 2022 16:47:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kS-0003KO-3C; Fri, 04 Feb 2022 16:47:48 +0000 Received: by outflank-mailman (input) for mailman id 265713; Fri, 04 Feb 2022 16:47:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kR-0003KE-3A for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kR-0005RN-2U for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1kR-0005K5-1n for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ld55HmWoOBOLYBhZijo7fdFV+HDquGiVK6umoFtwxJA=; b=oqHbZRYT7wqB9w3PnX4NLC8gzc bxYxPoY8n0bjNKgYhTKh/PqYH4Qd5bRRGCEzFHRc68xR59VqVPnaGtlkMwP2L4B1xdwCbYS+N16fF rJX13LkUfjHci2JIi+GoFu8whYewLj0QukP5Q8oiuW1PbnhOLoDePk0dvLqHLxnaXU60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:47:47 +0000 commit 5a76649547d7be5439dbe0efc8b37efd293d5120 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index ce030b124f..6dbf3bf697 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -124,6 +124,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:47:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:47:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265714.459212 (Exim 4.92) (envelope-from ) id 1nG1kc-0003NJ-7w; Fri, 04 Feb 2022 16:47:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265714.459212; Fri, 04 Feb 2022 16:47:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kc-0003NB-4p; Fri, 04 Feb 2022 16:47:58 +0000 Received: by outflank-mailman (input) for mailman id 265714; Fri, 04 Feb 2022 16:47:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kb-0003N2-6g for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kb-0005RZ-5y for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1kb-0005MM-50 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:47:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A3QT9pxbfnPN0OatwjjwN2qWElQIGXuIb1OOM43oWl8=; b=xosjxab+77jw9mee624u5Z50yb 4wCnCjAmhm+5O2HN2Ih26FhuJkY0LNnFj5SbDOWEXOXb9b7JD4jO6PRtwLi+y4tq/1Csd/89MlWHV tprlK4cRZaQ2Yp6QX0i9tcYm4xqmKqhIDWc7LpXAcphCMwu0ujoTH+mINMFK/TN6wGaU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Fri, 04 Feb 2022 16:47:57 +0000 commit a7d7136673950ce70cf19cd9d0aae6caa5b24438 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 79ea791b63..294d45d63f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2470,10 +2470,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2484,10 +2488,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 334dcddacf..de9953aac3 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -249,7 +249,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -427,7 +427,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -435,6 +436,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -511,7 +513,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265716.459216 (Exim 4.92) (envelope-from ) id 1nG1kn-0003QE-9S; Fri, 04 Feb 2022 16:48:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265716.459216; Fri, 04 Feb 2022 16:48:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kn-0003Q7-6M; Fri, 04 Feb 2022 16:48:09 +0000 Received: by outflank-mailman (input) for mailman id 265716; Fri, 04 Feb 2022 16:48:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kl-0003Py-AO for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kl-0005Rr-9W for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1kl-0005Nn-8a for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ozxvgg6lJqyB6hQWBaRgx98xuJmiiI/kWhEVMohd9eI=; b=wumeVm9KRKbhv5jg5W5bJNk7RJ r1nNc5UGF86itBB6Vd9CYW9cm8d+XQxTuXprIAZO3x9aBlvrn82uF7Vl1Yay476tEAwymuYePsuhp R6Md1LvaCij3DyY1ehj+ukJDDeCXpUnJR9sk2hWK3NlDWpXOgn+UsKh9oDIP9dEa2TzQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Fri, 04 Feb 2022 16:48:07 +0000 commit 7f3b726c6a73ed82d6825f52763bf8943aea5316 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 8d43c018e6..880480208b 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -394,6 +394,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -417,11 +419,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -485,11 +490,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 294d45d63f..3f0df0b16a 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 2ffeff0ae5..bafc898774 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -254,17 +254,17 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 36f67750e5..a45995d246 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -275,16 +275,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265717.459221 (Exim 4.92) (envelope-from ) id 1nG1kx-0003Sw-Bg; Fri, 04 Feb 2022 16:48:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265717.459221; Fri, 04 Feb 2022 16:48:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kx-0003So-85; Fri, 04 Feb 2022 16:48:19 +0000 Received: by outflank-mailman (input) for mailman id 265717; Fri, 04 Feb 2022 16:48:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kv-0003Se-Rr for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1kv-0005Rv-R5 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1kv-0005Qp-QS for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uzrwspyPvSOIhaZxrIuhLTThc7PE1OPVh2DZnEiwzfg=; b=jAcRZNLzi+QyQjgLrVIyIP8oui pePa8OqVu232sLwOnX/7z688mGMpsNWULtC24IUZvd+AUDrKV9iR3XQ8ulpC1BzVkP8mZhEe4cQCU roDpZWWSEBIWuErKDlY5GfdfJgACqm19CzQC2/aTgRrdayFQm17m8p3oArtjMhTxPuPQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/amd: split LFENCE dispatch serializing setup logic into helper Message-Id: Date: Fri, 04 Feb 2022 16:48:17 +0000 commit 219542eab05f3ee20fb5c9ffdd0fb60d44e80d16 Author: Roger Pau Monné AuthorDate: Thu Apr 15 13:45:09 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:39 2022 +0000 x86/amd: split LFENCE dispatch serializing setup logic into helper Split the logic to attempt to setup LFENCE to be dispatch serializing on AMD into a helper, so it can be shared with Hygon. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 3e9460ec93341fa6a80ecf99832aa5d9975339c9) --- xen/arch/x86/cpu/amd.c | 62 ++++++++++++++++++++++++++---------------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 27 +-------------------- 3 files changed, 36 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index c780397f18..d33b7cf999 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -642,6 +642,38 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +void amd_init_lfence(struct cpuinfo_x86 *c) +{ + uint64_t value; + + /* + * Attempt to set lfence to be Dispatch Serialising. This MSR almost + * certainly isn't virtualised (and Xen at least will leak the real + * value in but silently discard writes), as well as being per-core + * rather than per-thread, so do a full safe read/write/readback cycle + * in the worst case. + */ + if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) + /* Unable to read. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) + /* Already dispatch serialising. */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (wrmsr_safe(MSR_AMD64_DE_CFG, + value | AMD64_DE_CFG_LFENCE_SERIALISE) || + rdmsr_safe(MSR_AMD64_DE_CFG, value) || + !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) + /* Attempt to set failed. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else + /* Successfully enabled! */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); +} + /* * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf @@ -736,37 +768,11 @@ static void init_amd(struct cpuinfo_x86 *c) if (c == &boot_cpu_data && !cpu_has(c, X86_FEATURE_RSTR_FP_ERR_PTRS)) setup_force_cpu_cap(X86_BUG_FPU_PTRS); - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ if (c->x86 == 0x0f || c->x86 == 0x11) /* Always dispatch serialising on this hardare. */ __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ { - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - } + else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ + amd_init_lfence(c); amd_init_ssbd(c); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 2550957801..1a5b3918b3 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,4 +20,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index ccfa27201d..3845e0cf0e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -32,32 +32,7 @@ static void init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); + amd_init_lfence(c); amd_init_ssbd(c); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265718.459224 (Exim 4.92) (envelope-from ) id 1nG1l7-0003WK-EB; Fri, 04 Feb 2022 16:48:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265718.459224; Fri, 04 Feb 2022 16:48:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1l7-0003WD-BR; Fri, 04 Feb 2022 16:48:29 +0000 Received: by outflank-mailman (input) for mailman id 265718; Fri, 04 Feb 2022 16:48:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1l5-0003W0-VI for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1l5-0005S1-UR for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1l5-0005Ra-Tg for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lxx0sOezEmsL4f6fREr8L/3nNZe4E6bZSNNbT9njQ7M=; b=cm0j836miQb24AI3idRJIPeoIz fUAyI7YANTLnA/t9Duk29U6xTp1kfAMKB9KUoggl/oYaGFq2J76FNGcM0ZtRM9+jKX3yDHIcfOTqT rUtyMOWbpV8+cfG+PYZEBfUDasCiuVWLHGWtrR81JHbaGOVF8THdZzAQAVy0HMArpvs4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: support LFENCE always serialising CPUID bit Message-Id: Date: Fri, 04 Feb 2022 16:48:27 +0000 commit 1a914256dca50ecd98e02f2783bc82c0d2b85b04 Author: Roger Pau Monné AuthorDate: Thu Apr 15 16:47:31 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/cpuid: support LFENCE always serialising CPUID bit AMD Milan (Zen3) CPUs have an LFENCE Always Serialising CPUID bit in leaf 80000021.eax. Previous AMD versions used to have a user settable bit in DE_CFG MSR to select whether LFENCE was dispatch serialising, which Xen always attempts to set. The forcefully always on setting is due to the addition of SEV-SNP so that a VMM cannot break the confidentiality of a guest. In order to support this new CPUID bit move the LFENCE_DISPATCH synthetic CPUID bit to map the hardware bit (leaving a hole in the synthetic range) and either rely on the bit already being set by the native CPUID output, or attempt to fake it in Xen by modifying the DE_CFG MSR. This requires adding one more entry to the featureset to support leaf 80000021.eax. The bit is always exposed to guests by default even if the underlying hardware doesn't support leaf 80000021. Note that Xen doesn't allow guests to change the DE_CFG value, so once set by Xen LFENCE will always be serialising. Note that the access to DE_CFG by guests is left as-is: reads will unconditionally return LFENCE_SERIALISE bit set, while writes are silently dropped. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper [Always expose to guests by default] Signed-off-by: Andrew Cooper (cherry picked from commit e9b4fe26364950258c9f57f0f68eccb778eeadbb) x86/cpuid: do not expand max leaves on restore When restoring limit the maximum leaves to the ones supported by Xen 4.12 in order to not expand the maximum leaves a guests sees. Note this is unlikely to cause real issues. Guests restored from Xen versions 4.13 or greater will contain CPUID data on the stream that will override the values set by xc_cpuid_apply_policy. Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID bit") Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich (cherry picked from commit 111c8c33a8a18588f3da3c5dbb7f5c63ddb98ce5) tools/libxenguest: Fix max_extd_leaf calculation for legacy restore 0x1c is lower than any value which will actually be observed in p->extd.max_leaf, but higher than the logical 9 leaves worth of extended data on Intel systems, causing x86_cpuid_copy_to_buffer() to fail with -ENOBUFS. Correct the calculation. The problem was first noticed in c/s 34990446ca9 "libxl: don't ignore the return value from xc_cpuid_apply_policy" but introduced earlier. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Reported-by: Olaf Hering Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5fa174cbf54cc625a023b8e7170e359dd150c072) tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libxc/xc_cpuid_x86.c | 22 +++++++++++++---- tools/libxl/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 6 +++++ xen/arch/x86/cpu/amd.c | 7 ++++++ xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/cpuid.c | 15 +++++++++++- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/public/arch-x86/cpufeatureset.h | 3 +++ xen/include/xen/lib/x86/cpuid.h | 37 ++++++++++++++++++++++++++++- 9 files changed, 90 insertions(+), 7 deletions(-) diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c index 512eb1f78f..a0202ecbc9 100644 --- a/tools/libxc/xc_cpuid_x86.c +++ b/tools/libxc/xc_cpuid_x86.c @@ -497,12 +497,22 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, goto out; } - /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. - */ if ( restore ) { + /* + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. + */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -511,6 +521,10 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, { p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } + + p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); + p->feat.max_subleaf = 0; + p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); } if ( featureset ) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index ce93c5a796..a06f7a6606 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -290,6 +290,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_decode", 0x8000000a, NA, CPUID_REG_EDX, 7, 1}, {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, + {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, {NULL, 0, NA, CPUID_REG_INV, 0, 0} diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0056baf666..bfe20c0c5f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -183,6 +183,11 @@ static const char *const str_7a1[32] = /* 4 */ [ 5] = "avx512_bf16", }; +static const char *const str_e21a[32] = +{ + [ 2] = "lfence+", +}; + static const struct { const char *name; const char *abbr; @@ -200,6 +205,7 @@ static const struct { { "0x80000008.ebx", "e8b", str_e8b }, { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, + { "0x80000021.eax", "e21a", str_e21a }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d33b7cf999..beff504842 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -646,6 +646,13 @@ void amd_init_lfence(struct cpuinfo_x86 *c) { uint64_t value; + /* + * Some hardware has LFENCE dispatch serialising always enabled, + * nothing to do on that case. + */ + if (test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability)) + return; + /* * Attempt to set lfence to be Dispatch Serialising. This MSR almost * certainly isn't virtualised (and Xen at least will leak the real diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 743fbb65ab..8a37d863a8 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -419,6 +419,9 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000008) c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] = cpuid_ebx(0x80000008); + if (c->extended_cpuid_level >= 0x80000021) + c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] + = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ if ( c->cpuid_level >= 0x00000007 ) { diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 5229eba595..390f4a5e56 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -308,6 +308,7 @@ static void __init calculate_raw_policy(void) static void __init calculate_host_policy(void) { struct cpuid_policy *p = &host_cpuid_policy; + unsigned int max_extd_leaf; *p = raw_cpuid_policy; @@ -315,7 +316,19 @@ static void __init calculate_host_policy(void) min_t(uint32_t, p->basic.max_leaf, ARRAY_SIZE(p->basic.raw) - 1); p->feat.max_subleaf = min_t(uint32_t, p->feat.max_subleaf, ARRAY_SIZE(p->feat.raw) - 1); - p->extd.max_leaf = 0x80000000 | min_t(uint32_t, p->extd.max_leaf & 0xffff, + + max_extd_leaf = p->extd.max_leaf; + + /* + * For AMD/Hygon hardware before Zen3, we unilaterally modify LFENCE to be + * dispatch serialising for Spectre mitigations. Extend max_extd_leaf + * beyond what hardware supports, to include the feature leaf containing + * this information. + */ + if ( cpu_has_lfence_dispatch ) + max_extd_leaf = max(max_extd_leaf, 0x80000021); + + p->extd.max_leaf = 0x80000000 | min_t(uint32_t, max_extd_leaf & 0xffff, ARRAY_SIZE(p->extd.raw) - 1); cpuid_featureset_to_policy(boot_cpu_data.x86_capability, p); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index d7e42d9bb6..6c8f432aee 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -24,7 +24,7 @@ XEN_CPUFEATURE(APERFMPERF, X86_SYNTH( 8)) /* APERFMPERF */ XEN_CPUFEATURE(MFENCE_RDTSC, X86_SYNTH( 9)) /* MFENCE synchronizes RDTSC */ XEN_CPUFEATURE(XEN_SMEP, X86_SYNTH(10)) /* SMEP gets used by Xen itself */ XEN_CPUFEATURE(XEN_SMAP, X86_SYNTH(11)) /* SMAP gets used by Xen itself */ -XEN_CPUFEATURE(LFENCE_DISPATCH, X86_SYNTH(12)) /* lfence set as Dispatch Serialising */ +/* Bit 12 - unused. */ XEN_CPUFEATURE(IND_THUNK_LFENCE, X86_SYNTH(13)) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, X86_SYNTH(14)) /* Use IND_THUNK_JMP */ XEN_CPUFEATURE(SC_BRANCH_HARDEN, X86_SYNTH(15)) /* Conditional Branch Hardening */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c1b61385b1..bd74dd1a72 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -285,6 +285,9 @@ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ /* Intel-defined CPU features, CPUID level 0x00000007:1.eax, word 10 */ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ +/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ +XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index f4ef8a9f2f..a4d254ea96 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -15,6 +15,7 @@ #define FEATURESET_e8b 8 /* 0x80000008.ebx */ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ +#define FEATURESET_e21a 11 /* 0x80000021.eax */ struct cpuid_leaf { @@ -84,7 +85,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) -#define CPUID_GUEST_NR_EXTD_AMD (0x1cu + 1) +#define CPUID_GUEST_NR_EXTD_AMD (0x21u + 1) #define CPUID_GUEST_NR_EXTD MAX(CPUID_GUEST_NR_EXTD_INTEL, \ CPUID_GUEST_NR_EXTD_AMD) @@ -264,6 +265,38 @@ struct cpuid_policy }; uint32_t nc:8, :4, apic_id_size:4, :16; uint32_t /* d */:32; + + uint64_t :64, :64; /* Leaf 0x80000009. */ + uint64_t :64, :64; /* Leaf 0x8000000a - SVM rev and features. */ + uint64_t :64, :64; /* Leaf 0x8000000b. */ + uint64_t :64, :64; /* Leaf 0x8000000c. */ + uint64_t :64, :64; /* Leaf 0x8000000d. */ + uint64_t :64, :64; /* Leaf 0x8000000e. */ + uint64_t :64, :64; /* Leaf 0x8000000f. */ + uint64_t :64, :64; /* Leaf 0x80000010. */ + uint64_t :64, :64; /* Leaf 0x80000011. */ + uint64_t :64, :64; /* Leaf 0x80000012. */ + uint64_t :64, :64; /* Leaf 0x80000013. */ + uint64_t :64, :64; /* Leaf 0x80000014. */ + uint64_t :64, :64; /* Leaf 0x80000015. */ + uint64_t :64, :64; /* Leaf 0x80000016. */ + uint64_t :64, :64; /* Leaf 0x80000017. */ + uint64_t :64, :64; /* Leaf 0x80000018. */ + uint64_t :64, :64; /* Leaf 0x80000019 - TLB 1GB Identifiers. */ + uint64_t :64, :64; /* Leaf 0x8000001a - Performance related info. */ + uint64_t :64, :64; /* Leaf 0x8000001b - IBS feature information. */ + uint64_t :64, :64; /* Leaf 0x8000001c. */ + uint64_t :64, :64; /* Leaf 0x8000001d - Cache properties. */ + uint64_t :64, :64; /* Leaf 0x8000001e - Extd APIC/Core/Node IDs. */ + uint64_t :64, :64; /* Leaf 0x8000001f - AMD Secure Encryption. */ + uint64_t :64, :64; /* Leaf 0x80000020 - Platform QoS. */ + + /* Leaf 0x80000021 - Extended Feature 2 */ + union { + uint32_t e21a; + struct { DECL_BITFIELD(e21a); }; + }; + uint32_t /* b */:32, /* c */:32, /* d */:32; }; } extd; @@ -293,6 +326,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_e8b] = p->extd.e8b; fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; + fs[FEATURESET_e21a] = p->extd.e21a; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -310,6 +344,7 @@ static inline void cpuid_featureset_to_policy( p->extd.e8b = fs[FEATURESET_e8b]; p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; + p->extd.e21a = fs[FEATURESET_e21a]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265719.459228 (Exim 4.92) (envelope-from ) id 1nG1lH-0003ZA-G4; Fri, 04 Feb 2022 16:48:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265719.459228; Fri, 04 Feb 2022 16:48:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lH-0003Z2-D6; Fri, 04 Feb 2022 16:48:39 +0000 Received: by outflank-mailman (input) for mailman id 265719; Fri, 04 Feb 2022 16:48:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lG-0003Yt-1x for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lG-0005SG-1H for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1lG-0005SL-0Z for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+K3XDzQHJ4tiGlCuSZYQwQLbEnndfHO5cCF/cuIkBvw=; b=FKabRzCITFTJn65mVExCH09KHI 4oGpME/aKRqYUlu//uuGdz5S7FM4rbq3DP9vsca+CatfdC6b1lwyM0E0J/84c/15wYDtN+CKG9Q5q UxO7HPbL4bou/QaxkKB2NEpMnv/5eXGPQIyN8YtgNqLdCShzIQ3IjkvG4ipeMmC1ZI3s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Fri, 04 Feb 2022 16:48:38 +0000 commit 2c234462f3e7d1e3e0a1101c230c50e854ef6993 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265720.459233 (Exim 4.92) (envelope-from ) id 1nG1lR-0003cJ-IC; Fri, 04 Feb 2022 16:48:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265720.459233; Fri, 04 Feb 2022 16:48:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lR-0003cB-Eb; Fri, 04 Feb 2022 16:48:49 +0000 Received: by outflank-mailman (input) for mailman id 265720; Fri, 04 Feb 2022 16:48:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lQ-0003c1-55 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lQ-0005Sa-4P for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1lQ-0005T8-3l for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sMIF3XoT123sapb/sQsywyvxJPc9d3x+Auy5LUmpa7I=; b=XrTQL7htr5nolG983EHFUzDJOq QqEsyje4lPkCCL3pd967N4hxtk4uQDGgevT5fbCTMDr14+hI5yGCDgIG5mRGSuJLKK3b1Ue6/zVzS e3M0rmf4O8w0MT+L5rtJC3a4lIRaphzYm11FH5uourEv4HFsAldFW/cLOVi4UrSWqzd0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:48:48 +0000 commit ae0cdc8fac6f90970b4e56bd30e270ca1bfcb9da Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 0842936862..487ca4fe0c 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1370,6 +1370,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1385,7 +1386,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1405,7 +1407,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index faaa678f84..8508b74641 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -360,6 +360,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -442,18 +460,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 899318840d..b18790b89d 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -267,6 +267,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:48:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:48:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265721.459238 (Exim 4.92) (envelope-from ) id 1nG1lb-0003fG-LB; Fri, 04 Feb 2022 16:48:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265721.459238; Fri, 04 Feb 2022 16:48:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lb-0003f0-G9; Fri, 04 Feb 2022 16:48:59 +0000 Received: by outflank-mailman (input) for mailman id 265721; Fri, 04 Feb 2022 16:48:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1la-0003ep-7t for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1la-0005Sk-7E for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1la-0005Tv-6Y for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:48:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5AZzCvxxnqFmSjA3uNBqieg1AcSNLdxTAMAjfZ9fe7M=; b=Q62/9hkwnkIlcFbj8ftCyqzi7K 9CrxJs4+t4WaBRH4BnNBBV83vyGUXAxkn4DK8B/xW9uEoOXWHr3K2hblgOZx1i5HDOTpb2OB4dao3 IGGWN0BFEAWscZfDlTVvhgoV/gPek1DonIhLMMlyH4CeHT3d04MDOKObvWX5s2WoXR0A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Fri, 04 Feb 2022 16:48:58 +0000 commit 92dc2dad83115167cff1ce7bef5126de98bc1c26 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bd74dd1a72..cb627e1d59 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -262,7 +262,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265722.459240 (Exim 4.92) (envelope-from ) id 1nG1ll-0003iQ-MB; Fri, 04 Feb 2022 16:49:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265722.459240; Fri, 04 Feb 2022 16:49:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1ll-0003iI-J8; Fri, 04 Feb 2022 16:49:09 +0000 Received: by outflank-mailman (input) for mailman id 265722; Fri, 04 Feb 2022 16:49:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lk-0003iA-BJ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lk-0005T1-AV for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1lk-0005Uz-9g for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gDPlJh2p+hQFGMWjg5HWTgzBtUUHXip8TBszMIeHmdw=; b=Se/7M31b7FGapB46Sblo558y7S nEkXuRoa/X0AruARCF0V2pJeS5RA0EPPf6wWpHgOF50QssfG0cRiCfznSBxRPtPmldivy48MZ/hOK cOEtMKzVeSd35dGSgcmE/fU55lbDejuXZUeQEUlz8g1+x8xiTYe5mFwEa9Xp4o8qyjW4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:49:08 +0000 commit 35d0ea6726f8f013cbf3699a90309136896ae55e Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f70535b6e7..e85b0c0c7d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -987,19 +987,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265723.459244 (Exim 4.92) (envelope-from ) id 1nG1lv-0003l9-Ng; Fri, 04 Feb 2022 16:49:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265723.459244; Fri, 04 Feb 2022 16:49:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lv-0003l1-Kf; Fri, 04 Feb 2022 16:49:19 +0000 Received: by outflank-mailman (input) for mailman id 265723; Fri, 04 Feb 2022 16:49:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lu-0003kp-EL for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1lu-0005T5-DZ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1lu-0005W0-Cs for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B6uAxoNi4HJJ3BssVTkxVQVv32oAlphbUGOba8yW1Vk=; b=uFHV3tNNHaiQAYG72ZuQ7lPoF3 lSc7eKcSodgJzZgSBfZClMHKZDwF2nLGBhynp9k/A5q6n2P3plSBSBLbevl2PE4Ilr7+NTaOmNCFP 6TWqheoE2ZD7TEFYKeuicCngowsFtaZnNJwMXMARw9U6JJ+RqbNJhNZkbR62UjZ+98oc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Fri, 04 Feb 2022 16:49:18 +0000 commit 1a52e3946d9b04eb8a38d561524e42556cdeb4fb Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e85b0c0c7d..84d5de8856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -907,6 +907,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -944,11 +946,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -979,10 +981,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1001,11 +1000,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1220,7 +1220,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265724.459248 (Exim 4.92) (envelope-from ) id 1nG1m5-0003nx-P7; Fri, 04 Feb 2022 16:49:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265724.459248; Fri, 04 Feb 2022 16:49:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1m5-0003np-MF; Fri, 04 Feb 2022 16:49:29 +0000 Received: by outflank-mailman (input) for mailman id 265724; Fri, 04 Feb 2022 16:49:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1m4-0003nd-Ib for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1m4-0005TF-Ht for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1m4-0005XM-Gj for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r/BT9D82vYrCjCpA2y9163l/YdxM87BTB0o5ImwEpyI=; b=RiabGzvuOPDwAWqSe9T28ERSqG eI6Al8Beg6x3bCXIIIAF32roXAp+piABLHCtqGoBj2sVRAeU1ZRcPdCtgqaLrSDhC4N5dqnzlci8n M7UG4Q7C2vIRF0okyXZpKwDnmosNuUdBDr1Gp/3Ngul9weN2wD6jFsL8A7GnXRP7TwhA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Fri, 04 Feb 2022 16:49:28 +0000 commit fc86553008cfa584e034692d36dcb7ce9615dc93 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 604cb7e222..b67f9425b6 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -293,7 +292,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265725.459252 (Exim 4.92) (envelope-from ) id 1nG1mF-0003qh-Qx; Fri, 04 Feb 2022 16:49:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265725.459252; Fri, 04 Feb 2022 16:49:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mF-0003qZ-Nr; Fri, 04 Feb 2022 16:49:39 +0000 Received: by outflank-mailman (input) for mailman id 265725; Fri, 04 Feb 2022 16:49:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mE-0003qR-Ng for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mE-0005TS-Mu for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1mE-0005YQ-LZ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0AVetTVIm84ZF4Nl+jJqpww5zwp9FTI8KSJLToCenmk=; b=riM7unMaK1jBSQ0HMKuNs8k7sI BdY/LOPuedjcEkNq2d9bOjNEgpLryjWAuBzRlWgW7bU7BsvxFcTYJh7fe94YQBcuj5ipTFAZKaRBM hL1j6wL/9yK7HTue25K5jPo4Gl9oZi17wXtT3BqTzeJgZklLx8XSUdrl97dZhgOH2OzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:49:38 +0000 commit 5170ac955ba8e72a42dd95ebac2cd22cf5e875a1 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index b67f9425b6..c856e4df40 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -294,7 +294,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 14654ee4df..d5274f8c21 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1928,9 +1928,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 64503df8e1..7edce1a139 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -321,6 +321,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -377,7 +379,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 84d5de8856..b41f85936e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1222,6 +1222,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1230,15 +1233,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 4d8822f78c..f732175a4f 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265726.459256 (Exim 4.92) (envelope-from ) id 1nG1mP-0003tr-SU; Fri, 04 Feb 2022 16:49:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265726.459256; Fri, 04 Feb 2022 16:49:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mP-0003tj-PS; Fri, 04 Feb 2022 16:49:49 +0000 Received: by outflank-mailman (input) for mailman id 265726; Fri, 04 Feb 2022 16:49:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mO-0003ta-Rl for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mO-0005Tv-Qx for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1mO-0005Zb-PR for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5/aTYcpZUwsggSEmr4pAaGne7hoLYyQc7dhLG9UALBI=; b=wTZdAZa5152UTId0gvXs1jSNM/ lDCaiSXDOZymoRm53/Ek6QCSzYPK1h7D0UEC9rfNWOXd/XO0gZHobEAPU+u3kPXvR4H1aToW15AXV coEwJtSNC7LbSQ9IzKcMYB5PbTF6g+c4gnYzgnPNNoWphw7tPISJ+On5Cq7aMubsGT8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Fri, 04 Feb 2022 16:49:48 +0000 commit 6468c20920bdee7930d61f9360ee27946030bf7b Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c856e4df40..5edb9aa965 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -293,7 +293,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index beff504842..2ef59e22dc 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 7edce1a139..7d535144ec 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -378,7 +378,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b41f85936e..fc4ef370a0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -907,7 +908,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1002,12 +1004,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 055bd4184a..d4dcbbfbea 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:49:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:49:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265727.459261 (Exim 4.92) (envelope-from ) id 1nG1mZ-0003wi-Uk; Fri, 04 Feb 2022 16:49:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265727.459261; Fri, 04 Feb 2022 16:49:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mZ-0003wZ-Qy; Fri, 04 Feb 2022 16:49:59 +0000 Received: by outflank-mailman (input) for mailman id 265727; Fri, 04 Feb 2022 16:49:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mY-0003wQ-VD for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mY-0005UA-UT for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1mY-0005ac-TQ for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:49:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rFtkUtabVKouMeOzfbuIYGCJ8O7KQvoB6LBSDNVQfGo=; b=Qte1YTMFsAATADpfYhmzJQdOKj tFanxlJc8B3jgtAteMcSfNVkYjYzz1thJ17HBeF7pwQn0/9703GgmZ2XspXtHhcygn2mdqXk77DDD wVXxeRXcOYZhmd/2iYlcZzz7eQzPVp2K75U/B4SzRkiQZHi7+L26JfPRM+UrV8sm0U1Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Fri, 04 Feb 2022 16:49:58 +0000 commit 15bb12ed367babfe212c8a90d384b11849d98573 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index fc3d95e4a8..055e6f4564 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -59,11 +59,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + CLGI /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -82,7 +94,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - CLGI sti VMRUN @@ -90,8 +101,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ STGI diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 9f66a69be7..526c9c0012 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -120,6 +120,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index b18790b89d..743c40e2c0 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -287,6 +287,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:50:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:50:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265728.459264 (Exim 4.92) (envelope-from ) id 1nG1mk-0004jb-0f; Fri, 04 Feb 2022 16:50:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265728.459264; Fri, 04 Feb 2022 16:50:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mj-0004jT-U3; Fri, 04 Feb 2022 16:50:09 +0000 Received: by outflank-mailman (input) for mailman id 265728; Fri, 04 Feb 2022 16:50:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mj-0004jJ-33 for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mj-0005UX-2M for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1mj-0005nn-0v for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZOURTcVxGI+S/oeYvmLQ1UGVmlbWv7mwxWL/ReTZVE4=; b=CT+mSUyojUUiwFvgHJFFpK6BLT hctdvuPlLb+x8E8aMoTLNpCWl1iN7hUwb93P+dd2eKNH3NsBpyyyWoPtzntMOMLThYDIBxhY3Hg2L Cs3OoqOmhoU9rZuHv8lar2EnlPJYozHqg4+xKPH0WalhrO4UAaJzUXtO8pk+3R7b5cmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Fri, 04 Feb 2022 16:50:09 +0000 commit 29ea3b45409341500fe6911e32274c602256e0d3 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ac170b9d53..cfdcbebbb7 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2417,10 +2417,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2431,10 +2435,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 8508b74641..02f8b554da 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -236,7 +236,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -367,7 +367,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -375,6 +376,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -460,7 +462,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Feb 04 16:50:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Feb 2022 16:50:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265729.459268 (Exim 4.92) (envelope-from ) id 1nG1mu-0004mT-2T; Fri, 04 Feb 2022 16:50:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265729.459268; Fri, 04 Feb 2022 16:50:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mt-0004mL-VZ; Fri, 04 Feb 2022 16:50:19 +0000 Received: by outflank-mailman (input) for mailman id 265729; Fri, 04 Feb 2022 16:50:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mt-0004mE-7W for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nG1mt-0005Ug-6q for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nG1mt-0005t4-5V for xen-changelog@lists.xenproject.org; Fri, 04 Feb 2022 16:50:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CJEY/ntCCYNQOtFVrnvpIffxR2uQ1tmo5CbreJjFih0=; b=dQ+KmPc54/FRuPdTZwbNEJMy94 su3j9DGOTuh2glkui8ip0+om9PrKujvRGpwbNVEtkzwf58hQid3rzUT6NIrcK6o7vI2IPNWJt+CGr C9RtQwhhvZlY9ycH3qJk7VNkdTQqEI2vPj+LJZNolmu+nRuisxmN1BvxEst1Y0XCV30Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Fri, 04 Feb 2022 16:50:19 +0000 commit f2eaa786062970eee41df1ffba1475f4ab36c234 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 390f4a5e56..cdd18f51ed 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -394,6 +394,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -417,11 +419,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -485,11 +490,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index cfdcbebbb7..68db3c8f88 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -604,6 +604,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index cb627e1d59..ceac28b0d1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -253,17 +253,17 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index ffd9529fdf..bd3a403182 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -275,16 +275,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265912.459476 (Exim 4.92) (envelope-from ) id 1nGDrf-0002Ys-S9; Sat, 05 Feb 2022 05:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265912.459476; Sat, 05 Feb 2022 05:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDrf-0002Yk-Oy; Sat, 05 Feb 2022 05:44:03 +0000 Received: by outflank-mailman (input) for mailman id 265912; Sat, 05 Feb 2022 05:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDre-0002Ye-E8 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDre-0004h6-Bq for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDre-00038U-AX for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ox5MsCgnlwvb3OB1cfaFFlbTgxBEBk3pR5wMB1e5dlc=; b=SxOBMXSd4DD7ncRmjrKxuxVdaz SBAwHfvXcdJ4C3PD6nK3P3O4FzOth10TNJrLrsmtRFt43RKNQmZGiqK1yMjerm5uLr2g0Eam9fhoy Jk7G5AInQ8rDIKJ/ybc30UyZrEebGJyqKIN8wqFGvjzt+D1HB/RaXkShTZGmeuy5huDU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/amd: split LFENCE dispatch serializing setup logic into helper Message-Id: Date: Sat, 05 Feb 2022 05:44:02 +0000 commit 219542eab05f3ee20fb5c9ffdd0fb60d44e80d16 Author: Roger Pau Monné AuthorDate: Thu Apr 15 13:45:09 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:39 2022 +0000 x86/amd: split LFENCE dispatch serializing setup logic into helper Split the logic to attempt to setup LFENCE to be dispatch serializing on AMD into a helper, so it can be shared with Hygon. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 3e9460ec93341fa6a80ecf99832aa5d9975339c9) --- xen/arch/x86/cpu/amd.c | 62 ++++++++++++++++++++++++++---------------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 27 +-------------------- 3 files changed, 36 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index c780397f18..d33b7cf999 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -642,6 +642,38 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +void amd_init_lfence(struct cpuinfo_x86 *c) +{ + uint64_t value; + + /* + * Attempt to set lfence to be Dispatch Serialising. This MSR almost + * certainly isn't virtualised (and Xen at least will leak the real + * value in but silently discard writes), as well as being per-core + * rather than per-thread, so do a full safe read/write/readback cycle + * in the worst case. + */ + if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) + /* Unable to read. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) + /* Already dispatch serialising. */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (wrmsr_safe(MSR_AMD64_DE_CFG, + value | AMD64_DE_CFG_LFENCE_SERIALISE) || + rdmsr_safe(MSR_AMD64_DE_CFG, value) || + !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) + /* Attempt to set failed. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else + /* Successfully enabled! */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); +} + /* * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf @@ -736,37 +768,11 @@ static void init_amd(struct cpuinfo_x86 *c) if (c == &boot_cpu_data && !cpu_has(c, X86_FEATURE_RSTR_FP_ERR_PTRS)) setup_force_cpu_cap(X86_BUG_FPU_PTRS); - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ if (c->x86 == 0x0f || c->x86 == 0x11) /* Always dispatch serialising on this hardare. */ __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ { - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - } + else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ + amd_init_lfence(c); amd_init_ssbd(c); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 2550957801..1a5b3918b3 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,4 +20,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index ccfa27201d..3845e0cf0e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -32,32 +32,7 @@ static void init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); + amd_init_lfence(c); amd_init_ssbd(c); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265913.459479 (Exim 4.92) (envelope-from ) id 1nGDrp-0002ai-Tk; Sat, 05 Feb 2022 05:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265913.459479; Sat, 05 Feb 2022 05:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDrp-0002aa-Qc; Sat, 05 Feb 2022 05:44:13 +0000 Received: by outflank-mailman (input) for mailman id 265913; Sat, 05 Feb 2022 05:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDro-0002aM-GI for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDro-0004hA-FS for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDro-00039v-Ej for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ImIf+Zobe6LsXen0Ud6r09Z/VOl9W0heRvSJMV0Rcx8=; b=sGPV9cVoUxh9o4HOdEFQhvM3ZH CFlEbvCvCyUUFKj7/4C+yNSI7dDj94P2mntd12jOo++u9JXJuVVqqUdVsZj/9tkKr60oUq6mo/DdW HwN6Ot8ngtOYAIkAZb5Qs2a4LkrAvPfFNgaC4v+YIhW4aRBrZD6m1yYRQ9M2boKMrHU0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: support LFENCE always serialising CPUID bit Message-Id: Date: Sat, 05 Feb 2022 05:44:12 +0000 commit 1a914256dca50ecd98e02f2783bc82c0d2b85b04 Author: Roger Pau Monné AuthorDate: Thu Apr 15 16:47:31 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/cpuid: support LFENCE always serialising CPUID bit AMD Milan (Zen3) CPUs have an LFENCE Always Serialising CPUID bit in leaf 80000021.eax. Previous AMD versions used to have a user settable bit in DE_CFG MSR to select whether LFENCE was dispatch serialising, which Xen always attempts to set. The forcefully always on setting is due to the addition of SEV-SNP so that a VMM cannot break the confidentiality of a guest. In order to support this new CPUID bit move the LFENCE_DISPATCH synthetic CPUID bit to map the hardware bit (leaving a hole in the synthetic range) and either rely on the bit already being set by the native CPUID output, or attempt to fake it in Xen by modifying the DE_CFG MSR. This requires adding one more entry to the featureset to support leaf 80000021.eax. The bit is always exposed to guests by default even if the underlying hardware doesn't support leaf 80000021. Note that Xen doesn't allow guests to change the DE_CFG value, so once set by Xen LFENCE will always be serialising. Note that the access to DE_CFG by guests is left as-is: reads will unconditionally return LFENCE_SERIALISE bit set, while writes are silently dropped. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper [Always expose to guests by default] Signed-off-by: Andrew Cooper (cherry picked from commit e9b4fe26364950258c9f57f0f68eccb778eeadbb) x86/cpuid: do not expand max leaves on restore When restoring limit the maximum leaves to the ones supported by Xen 4.12 in order to not expand the maximum leaves a guests sees. Note this is unlikely to cause real issues. Guests restored from Xen versions 4.13 or greater will contain CPUID data on the stream that will override the values set by xc_cpuid_apply_policy. Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID bit") Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich (cherry picked from commit 111c8c33a8a18588f3da3c5dbb7f5c63ddb98ce5) tools/libxenguest: Fix max_extd_leaf calculation for legacy restore 0x1c is lower than any value which will actually be observed in p->extd.max_leaf, but higher than the logical 9 leaves worth of extended data on Intel systems, causing x86_cpuid_copy_to_buffer() to fail with -ENOBUFS. Correct the calculation. The problem was first noticed in c/s 34990446ca9 "libxl: don't ignore the return value from xc_cpuid_apply_policy" but introduced earlier. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Reported-by: Olaf Hering Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5fa174cbf54cc625a023b8e7170e359dd150c072) tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libxc/xc_cpuid_x86.c | 22 +++++++++++++---- tools/libxl/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 6 +++++ xen/arch/x86/cpu/amd.c | 7 ++++++ xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/cpuid.c | 15 +++++++++++- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/public/arch-x86/cpufeatureset.h | 3 +++ xen/include/xen/lib/x86/cpuid.h | 37 ++++++++++++++++++++++++++++- 9 files changed, 90 insertions(+), 7 deletions(-) diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c index 512eb1f78f..a0202ecbc9 100644 --- a/tools/libxc/xc_cpuid_x86.c +++ b/tools/libxc/xc_cpuid_x86.c @@ -497,12 +497,22 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, goto out; } - /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. - */ if ( restore ) { + /* + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. + */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -511,6 +521,10 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, { p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } + + p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); + p->feat.max_subleaf = 0; + p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); } if ( featureset ) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index ce93c5a796..a06f7a6606 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -290,6 +290,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_decode", 0x8000000a, NA, CPUID_REG_EDX, 7, 1}, {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, + {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, {NULL, 0, NA, CPUID_REG_INV, 0, 0} diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0056baf666..bfe20c0c5f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -183,6 +183,11 @@ static const char *const str_7a1[32] = /* 4 */ [ 5] = "avx512_bf16", }; +static const char *const str_e21a[32] = +{ + [ 2] = "lfence+", +}; + static const struct { const char *name; const char *abbr; @@ -200,6 +205,7 @@ static const struct { { "0x80000008.ebx", "e8b", str_e8b }, { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, + { "0x80000021.eax", "e21a", str_e21a }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d33b7cf999..beff504842 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -646,6 +646,13 @@ void amd_init_lfence(struct cpuinfo_x86 *c) { uint64_t value; + /* + * Some hardware has LFENCE dispatch serialising always enabled, + * nothing to do on that case. + */ + if (test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability)) + return; + /* * Attempt to set lfence to be Dispatch Serialising. This MSR almost * certainly isn't virtualised (and Xen at least will leak the real diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 743fbb65ab..8a37d863a8 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -419,6 +419,9 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000008) c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] = cpuid_ebx(0x80000008); + if (c->extended_cpuid_level >= 0x80000021) + c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] + = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ if ( c->cpuid_level >= 0x00000007 ) { diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 5229eba595..390f4a5e56 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -308,6 +308,7 @@ static void __init calculate_raw_policy(void) static void __init calculate_host_policy(void) { struct cpuid_policy *p = &host_cpuid_policy; + unsigned int max_extd_leaf; *p = raw_cpuid_policy; @@ -315,7 +316,19 @@ static void __init calculate_host_policy(void) min_t(uint32_t, p->basic.max_leaf, ARRAY_SIZE(p->basic.raw) - 1); p->feat.max_subleaf = min_t(uint32_t, p->feat.max_subleaf, ARRAY_SIZE(p->feat.raw) - 1); - p->extd.max_leaf = 0x80000000 | min_t(uint32_t, p->extd.max_leaf & 0xffff, + + max_extd_leaf = p->extd.max_leaf; + + /* + * For AMD/Hygon hardware before Zen3, we unilaterally modify LFENCE to be + * dispatch serialising for Spectre mitigations. Extend max_extd_leaf + * beyond what hardware supports, to include the feature leaf containing + * this information. + */ + if ( cpu_has_lfence_dispatch ) + max_extd_leaf = max(max_extd_leaf, 0x80000021); + + p->extd.max_leaf = 0x80000000 | min_t(uint32_t, max_extd_leaf & 0xffff, ARRAY_SIZE(p->extd.raw) - 1); cpuid_featureset_to_policy(boot_cpu_data.x86_capability, p); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index d7e42d9bb6..6c8f432aee 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -24,7 +24,7 @@ XEN_CPUFEATURE(APERFMPERF, X86_SYNTH( 8)) /* APERFMPERF */ XEN_CPUFEATURE(MFENCE_RDTSC, X86_SYNTH( 9)) /* MFENCE synchronizes RDTSC */ XEN_CPUFEATURE(XEN_SMEP, X86_SYNTH(10)) /* SMEP gets used by Xen itself */ XEN_CPUFEATURE(XEN_SMAP, X86_SYNTH(11)) /* SMAP gets used by Xen itself */ -XEN_CPUFEATURE(LFENCE_DISPATCH, X86_SYNTH(12)) /* lfence set as Dispatch Serialising */ +/* Bit 12 - unused. */ XEN_CPUFEATURE(IND_THUNK_LFENCE, X86_SYNTH(13)) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, X86_SYNTH(14)) /* Use IND_THUNK_JMP */ XEN_CPUFEATURE(SC_BRANCH_HARDEN, X86_SYNTH(15)) /* Conditional Branch Hardening */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c1b61385b1..bd74dd1a72 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -285,6 +285,9 @@ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ /* Intel-defined CPU features, CPUID level 0x00000007:1.eax, word 10 */ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ +/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ +XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index f4ef8a9f2f..a4d254ea96 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -15,6 +15,7 @@ #define FEATURESET_e8b 8 /* 0x80000008.ebx */ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ +#define FEATURESET_e21a 11 /* 0x80000021.eax */ struct cpuid_leaf { @@ -84,7 +85,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) -#define CPUID_GUEST_NR_EXTD_AMD (0x1cu + 1) +#define CPUID_GUEST_NR_EXTD_AMD (0x21u + 1) #define CPUID_GUEST_NR_EXTD MAX(CPUID_GUEST_NR_EXTD_INTEL, \ CPUID_GUEST_NR_EXTD_AMD) @@ -264,6 +265,38 @@ struct cpuid_policy }; uint32_t nc:8, :4, apic_id_size:4, :16; uint32_t /* d */:32; + + uint64_t :64, :64; /* Leaf 0x80000009. */ + uint64_t :64, :64; /* Leaf 0x8000000a - SVM rev and features. */ + uint64_t :64, :64; /* Leaf 0x8000000b. */ + uint64_t :64, :64; /* Leaf 0x8000000c. */ + uint64_t :64, :64; /* Leaf 0x8000000d. */ + uint64_t :64, :64; /* Leaf 0x8000000e. */ + uint64_t :64, :64; /* Leaf 0x8000000f. */ + uint64_t :64, :64; /* Leaf 0x80000010. */ + uint64_t :64, :64; /* Leaf 0x80000011. */ + uint64_t :64, :64; /* Leaf 0x80000012. */ + uint64_t :64, :64; /* Leaf 0x80000013. */ + uint64_t :64, :64; /* Leaf 0x80000014. */ + uint64_t :64, :64; /* Leaf 0x80000015. */ + uint64_t :64, :64; /* Leaf 0x80000016. */ + uint64_t :64, :64; /* Leaf 0x80000017. */ + uint64_t :64, :64; /* Leaf 0x80000018. */ + uint64_t :64, :64; /* Leaf 0x80000019 - TLB 1GB Identifiers. */ + uint64_t :64, :64; /* Leaf 0x8000001a - Performance related info. */ + uint64_t :64, :64; /* Leaf 0x8000001b - IBS feature information. */ + uint64_t :64, :64; /* Leaf 0x8000001c. */ + uint64_t :64, :64; /* Leaf 0x8000001d - Cache properties. */ + uint64_t :64, :64; /* Leaf 0x8000001e - Extd APIC/Core/Node IDs. */ + uint64_t :64, :64; /* Leaf 0x8000001f - AMD Secure Encryption. */ + uint64_t :64, :64; /* Leaf 0x80000020 - Platform QoS. */ + + /* Leaf 0x80000021 - Extended Feature 2 */ + union { + uint32_t e21a; + struct { DECL_BITFIELD(e21a); }; + }; + uint32_t /* b */:32, /* c */:32, /* d */:32; }; } extd; @@ -293,6 +326,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_e8b] = p->extd.e8b; fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; + fs[FEATURESET_e21a] = p->extd.e21a; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -310,6 +344,7 @@ static inline void cpuid_featureset_to_policy( p->extd.e8b = fs[FEATURESET_e8b]; p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; + p->extd.e21a = fs[FEATURESET_e21a]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265914.459484 (Exim 4.92) (envelope-from ) id 1nGDs0-0002di-1M; Sat, 05 Feb 2022 05:44:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265914.459484; Sat, 05 Feb 2022 05:44:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDrz-0002dZ-UG; Sat, 05 Feb 2022 05:44:23 +0000 Received: by outflank-mailman (input) for mailman id 265914; Sat, 05 Feb 2022 05:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDry-0002dE-JK for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDry-0004hT-IZ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDry-0003BE-Hb for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w5etlK4FydGf0ZmkydU0rMk1+pIvzvUxnWw4pn+I8OI=; b=Ib7wa7UwVsLr28pvTnZV9WZuIs yZU98ONc9gf8N/cYTLUClw2XNryTTuSfu0uSFw+RWP426uNz+9n7rUI3Vlu1ZmRaoCRxIwMKWV+o4 mCg8xgY8HUhQ6Mi5RQMeQ415KsmwVB8t3OWQXM6/iq+nyOlV85RBkhXsOnMokw2C9dxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Sat, 05 Feb 2022 05:44:22 +0000 commit 2c234462f3e7d1e3e0a1101c230c50e854ef6993 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265915.459489 (Exim 4.92) (envelope-from ) id 1nGDsA-0002hX-3H; Sat, 05 Feb 2022 05:44:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265915.459489; Sat, 05 Feb 2022 05:44:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDs9-0002hO-Vs; Sat, 05 Feb 2022 05:44:33 +0000 Received: by outflank-mailman (input) for mailman id 265915; Sat, 05 Feb 2022 05:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDs8-0002h8-Mk for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDs8-0004hf-Lw for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDs8-0003CK-L5 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XxtMJXsca4x/207LADkN0FXFOdfw1+X5ssooa8IyIhI=; b=3u4SRAba2y6OcJtuAjp4BVCHqH Ek4nWZ2aG/MKNvGB0M3j3pDMDOqKKm4At/SNy7s5kyn+4wfpT5dgKspE2QkaEyk0reI2Esai998i9 boADH5wCrFhJlwb5sAqFkQrv2VPK8IvDc1edqplTk2Kl6BaOA+mX+Lim9p0PlJn611Nk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 05:44:32 +0000 commit ae0cdc8fac6f90970b4e56bd30e270ca1bfcb9da Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 0842936862..487ca4fe0c 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1370,6 +1370,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1385,7 +1386,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1405,7 +1407,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index faaa678f84..8508b74641 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -360,6 +360,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -442,18 +460,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 899318840d..b18790b89d 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -267,6 +267,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265916.459491 (Exim 4.92) (envelope-from ) id 1nGDsK-0002kK-41; Sat, 05 Feb 2022 05:44:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265916.459491; Sat, 05 Feb 2022 05:44:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsK-0002kC-18; Sat, 05 Feb 2022 05:44:44 +0000 Received: by outflank-mailman (input) for mailman id 265916; Sat, 05 Feb 2022 05:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsI-0002k2-Pb for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsI-0004hs-Or for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDsI-0003DR-Ny for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XFmBN2kgAdSK5R+hMbAjNR6gnxJtBbkzy+g2oE6ZYlM=; b=T/HL9O/O37f6tHKf7MtMQGJQjQ 4a+mdzm2ihcqdEc+1PFlEwowqLfZHDya53MwPOvLNDU7zVMXHJNkg7Ij4dgO1auuugzr2iHUQKF+m +dkUuklMharDHber7yqff7G4UmeBVjTgJVKF++N4l4hPqunhtnZfg9zdWMczJIEqAa+0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Sat, 05 Feb 2022 05:44:42 +0000 commit 92dc2dad83115167cff1ce7bef5126de98bc1c26 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bd74dd1a72..cb627e1d59 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -262,7 +262,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:44:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:44:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265917.459496 (Exim 4.92) (envelope-from ) id 1nGDsU-0002nM-5l; Sat, 05 Feb 2022 05:44:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265917.459496; Sat, 05 Feb 2022 05:44:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsU-0002nD-2Y; Sat, 05 Feb 2022 05:44:54 +0000 Received: by outflank-mailman (input) for mailman id 265917; Sat, 05 Feb 2022 05:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsS-0002mj-SO for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsS-0004iK-Rg for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDsS-0003EY-Qx for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eSyrPLHixsx8RQ/z5TJJUehmXe/u4Nk+/AsEZFLebxc=; b=0mqrHkVC8sWQbfdwsASvszv2dA N3fulJruVIu57tkhFQ4DMbMC1zpyREcpD6F+1iRk3J13RwAZPWF5I3cIREczZ0GTZP+fiWDqb6hvS YLBz0c6idg0S4FNY9qSwyFS63s3WZwQqYB809qNCn8YwnAPIsVY2cRRtTz451CLCT70o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 05:44:52 +0000 commit 35d0ea6726f8f013cbf3699a90309136896ae55e Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f70535b6e7..e85b0c0c7d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -987,19 +987,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265918.459500 (Exim 4.92) (envelope-from ) id 1nGDse-0002qE-71; Sat, 05 Feb 2022 05:45:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265918.459500; Sat, 05 Feb 2022 05:45:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDse-0002q6-48; Sat, 05 Feb 2022 05:45:04 +0000 Received: by outflank-mailman (input) for mailman id 265918; Sat, 05 Feb 2022 05:45:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsc-0002ps-VL for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsc-0004iw-Uj for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDsc-0003Fn-Tp for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xBhp3B8ncjrF2Hkf+qNdydn19vDOk5ieWWj8gZyBlfU=; b=j0abiaZccLzBLH91HRp7r6R0nx QxCvQUrN0dEBaof6r3WDGQZlkxmaHLPWC/zKj1KKzjhdZsOSyAIrg1n+7WTAxrn88uvGHG3FPigKM Nu0xRBgYlUxV/OnFBlbvUeRoPPkO04lRPmVT2sugspObzeJAq4UnY62OvS0651ijzz8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 05:45:02 +0000 commit 1a52e3946d9b04eb8a38d561524e42556cdeb4fb Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e85b0c0c7d..84d5de8856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -907,6 +907,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -944,11 +946,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -979,10 +981,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1001,11 +1000,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1220,7 +1220,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265919.459504 (Exim 4.92) (envelope-from ) id 1nGDso-0002sz-8t; Sat, 05 Feb 2022 05:45:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265919.459504; Sat, 05 Feb 2022 05:45:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDso-0002sr-5k; Sat, 05 Feb 2022 05:45:14 +0000 Received: by outflank-mailman (input) for mailman id 265919; Sat, 05 Feb 2022 05:45:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsn-0002sh-22 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsn-0004j6-1P for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDsn-0003Gy-0Y for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gojt2AZvG3rHYc8e4IJf6qIgDk09umrY8cK6YwDoYNw=; b=kza4XT94MK9CvCIDghRmoeGbXv 5EppeVpf0CX7bPv+cC+mLWfqIjAQX9s+6rn4LnP0UGBxuexAgG9lpgZi8sfX1VJCM7n7P/rqaUa5W UrnxkDKgbIJXFgzH74z3AOl8KuCe3lEMRaPf4RXTmM+g/7xJo12ZOtm31ik04lHBkLK8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Sat, 05 Feb 2022 05:45:13 +0000 commit fc86553008cfa584e034692d36dcb7ce9615dc93 Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 604cb7e222..b67f9425b6 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -293,7 +292,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265923.459520 (Exim 4.92) (envelope-from ) id 1nGDsy-0003EW-OK; Sat, 05 Feb 2022 05:45:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265923.459520; Sat, 05 Feb 2022 05:45:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsy-0003EM-Kj; Sat, 05 Feb 2022 05:45:24 +0000 Received: by outflank-mailman (input) for mailman id 265923; Sat, 05 Feb 2022 05:45:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsx-0003Dp-5K for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDsx-0004jO-4h for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDsx-0003IO-3s for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0Wgq4vJmj+KYXVw0Q905oymx0QXSW76rT80esxsZhLI=; b=Q1cpDkUutHqgnVwNhsIyT/5/t9 Xzeqqero2Yvk3mMWqrzq+blqNxUzYbNeL2XYrvQcuJIGvdleE2OK8Bcx5W3ip6OTwlt5+Y9slDRat /lCBDHNG0IoUFPUKQJZ4WJdYM55xGOmJzssTXckmMHA7DLpKEdKStbZvBOvSV49/Cnu4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 05:45:23 +0000 commit 5170ac955ba8e72a42dd95ebac2cd22cf5e875a1 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index b67f9425b6..c856e4df40 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -294,7 +294,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 14654ee4df..d5274f8c21 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1928,9 +1928,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 64503df8e1..7edce1a139 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -321,6 +321,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -377,7 +379,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 84d5de8856..b41f85936e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1222,6 +1222,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1230,15 +1233,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 4d8822f78c..f732175a4f 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265926.459522 (Exim 4.92) (envelope-from ) id 1nGDt8-0003PM-R5; Sat, 05 Feb 2022 05:45:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265926.459522; Sat, 05 Feb 2022 05:45:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDt8-0003PE-O5; Sat, 05 Feb 2022 05:45:34 +0000 Received: by outflank-mailman (input) for mailman id 265926; Sat, 05 Feb 2022 05:45:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDt7-0003N7-8Z for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDt7-0004jZ-7l for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDt7-0003JY-76 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1XDlEwByhcNtXVORmNAUbTTo44kZ1ROSujznyVxXZ5I=; b=3ManlJl91Qgep8o9tVCELFXkoh yGuVMz3nzWEsyJ47XXgefP6Et3OTmZG1Fye7ouC4ssxaDlNzbn6l/SqVdhDTBAtiJc0BbBBQ5J2om w85Uf5I9diTv9Yyfaem+OUieGJnBT03jblIssOYLmf+oh11dL8dBczEaBgoYVRUOQ2eQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Sat, 05 Feb 2022 05:45:33 +0000 commit 6468c20920bdee7930d61f9360ee27946030bf7b Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:40 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c856e4df40..5edb9aa965 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -293,7 +293,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index beff504842..2ef59e22dc 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 7edce1a139..7d535144ec 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -378,7 +378,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b41f85936e..fc4ef370a0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -907,7 +908,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1002,12 +1004,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 055bd4184a..d4dcbbfbea 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265929.459527 (Exim 4.92) (envelope-from ) id 1nGDtI-0003Y3-Sm; Sat, 05 Feb 2022 05:45:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265929.459527; Sat, 05 Feb 2022 05:45:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtI-0003Xv-Pq; Sat, 05 Feb 2022 05:45:44 +0000 Received: by outflank-mailman (input) for mailman id 265929; Sat, 05 Feb 2022 05:45:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtH-0003WI-BW for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtH-0004jd-Ak for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDtH-0003KG-A2 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ErF196pgHwetHLz3bP1plQNhzYpsFJHADcJlA+oS+dQ=; b=AlU3Y7eiySz6sqEvzq3LoVPyfk fMlwinaQ7yYlZLeWNJaAPqtljbjaqLyzbO1TqYEB9h5kxwSZzz2O7QTGZ3bUq9DGoM0u9Oj03AknE 3G5ptqIg6hHbSyI6Z+cqDmLZ8GFTs9SpSFa0t+H/kyGFkxtq7/okF+awMv5ZzWBO/GDo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 05:45:43 +0000 commit 15bb12ed367babfe212c8a90d384b11849d98573 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index fc3d95e4a8..055e6f4564 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -59,11 +59,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + CLGI /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -82,7 +94,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - CLGI sti VMRUN @@ -90,8 +101,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ STGI diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 9f66a69be7..526c9c0012 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -120,6 +120,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index b18790b89d..743c40e2c0 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -287,6 +287,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:45:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:45:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265931.459531 (Exim 4.92) (envelope-from ) id 1nGDtS-0003eA-Uk; Sat, 05 Feb 2022 05:45:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265931.459531; Sat, 05 Feb 2022 05:45:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtS-0003e2-Rn; Sat, 05 Feb 2022 05:45:54 +0000 Received: by outflank-mailman (input) for mailman id 265931; Sat, 05 Feb 2022 05:45:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtR-0003dh-Eb for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtR-0004k3-Dp for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDtR-0003LD-D9 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:45:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zPvKLSaYBxSbKVpGzhIQhCnvlPisfP2vHAUirTc+vYc=; b=zaeiKXm+WWmvySouXU0/j01ir8 M7Cwb65IhEXWHmuybrtY19U0qdCU/0gdqe4vP0oc5M0M/1dGNSnV7jYOAPC7VG+Ol2IRrNmXpivyE Lj0bDaZt3Ibi+Yu8ehWRN7CYVpHM230Z8r2nymrNQGLOTrteXU1roQL3X0KSUF865FHA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Sat, 05 Feb 2022 05:45:53 +0000 commit 29ea3b45409341500fe6911e32274c602256e0d3 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ac170b9d53..cfdcbebbb7 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2417,10 +2417,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2431,10 +2435,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 8508b74641..02f8b554da 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -236,7 +236,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -367,7 +367,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -375,6 +376,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -460,7 +462,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 05:46:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 05:46:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265934.459535 (Exim 4.92) (envelope-from ) id 1nGDtd-0003hg-0J; Sat, 05 Feb 2022 05:46:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265934.459535; Sat, 05 Feb 2022 05:46:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtc-0003hX-TK; Sat, 05 Feb 2022 05:46:04 +0000 Received: by outflank-mailman (input) for mailman id 265934; Sat, 05 Feb 2022 05:46:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtb-0003hF-I0 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:46:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGDtb-0004kK-HJ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:46:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGDtb-0003MG-GH for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 05:46:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k0+uKZnkBeZEe//2dS4kGCjEXuk3T6VtUgcEEYvanl8=; b=Xm1f9BELW/tt50P4HmjD89AvdD jB8A/mAqVdMMGAbZ+DxSwQN8DnJl3KqWX7pcpctvFv6xPAGwSAfunfQDODQ0ODK/8BzznINXgZ7o3 qk/W911FPKWw2kl80Fq/SA81Z2WMzagnaLcdYOq3lfPYA7ZeB12IRFi2SZwjAcMRQnqc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Sat, 05 Feb 2022 05:46:03 +0000 commit f2eaa786062970eee41df1ffba1475f4ab36c234 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:29:41 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 390f4a5e56..cdd18f51ed 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -394,6 +394,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -417,11 +419,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -485,11 +490,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index cfdcbebbb7..68db3c8f88 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -604,6 +604,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index cb627e1d59..ceac28b0d1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -253,17 +253,17 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index ffd9529fdf..bd3a403182 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -275,16 +275,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265974.459571 (Exim 4.92) (envelope-from ) id 1nGINL-0006RB-3c; Sat, 05 Feb 2022 10:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265974.459571; Sat, 05 Feb 2022 10:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINL-0006R3-0d; Sat, 05 Feb 2022 10:33:03 +0000 Received: by outflank-mailman (input) for mailman id 265974; Sat, 05 Feb 2022 10:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINK-0006Qx-BM for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINK-0001iK-9f for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGINK-0005ON-8d for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kkS6njIenjg9kNxNLkWIwbMNj2SdkBbyV6LEy40XSYA=; b=EwDdCwmM+plnnvCBpvSCCt0OuE SXcB3oBB6qa8OvigU0ns48PnCphDKSrVeyb3Kn61kOS4Sm5jt0FPLWJBk2hQY5aa86TEjAks8Nfwt Hu3zGVdDbayIes7+nO4kNQNk68b2X9PTmuQcdyO1esiChiYjiAxA5x7M3u5zwtrm0mXI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/amd: split LFENCE dispatch serializing setup logic into helper Message-Id: Date: Sat, 05 Feb 2022 10:33:02 +0000 commit 576218ea82f0fd3e26c5d57fe9e2f5997fd34e01 Author: Roger Pau Monné AuthorDate: Thu Apr 15 13:45:09 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:48 2022 +0000 x86/amd: split LFENCE dispatch serializing setup logic into helper Split the logic to attempt to setup LFENCE to be dispatch serializing on AMD into a helper, so it can be shared with Hygon. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 3e9460ec93341fa6a80ecf99832aa5d9975339c9) --- xen/arch/x86/cpu/amd.c | 62 ++++++++++++++++++++++++++---------------------- xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 27 +-------------------- 3 files changed, 36 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 10495aca35..b2d940697f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -642,6 +642,38 @@ void early_init_amd(struct cpuinfo_x86 *c) ctxt_switch_levelling(NULL); } +void amd_init_lfence(struct cpuinfo_x86 *c) +{ + uint64_t value; + + /* + * Attempt to set lfence to be Dispatch Serialising. This MSR almost + * certainly isn't virtualised (and Xen at least will leak the real + * value in but silently discard writes), as well as being per-core + * rather than per-thread, so do a full safe read/write/readback cycle + * in the worst case. + */ + if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) + /* Unable to read. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) + /* Already dispatch serialising. */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else if (wrmsr_safe(MSR_AMD64_DE_CFG, + value | AMD64_DE_CFG_LFENCE_SERIALISE) || + rdmsr_safe(MSR_AMD64_DE_CFG, value) || + !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) + /* Attempt to set failed. Assume the safer default. */ + __clear_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); + else + /* Successfully enabled! */ + __set_bit(X86_FEATURE_LFENCE_DISPATCH, + c->x86_capability); +} + /* * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf @@ -736,37 +768,11 @@ static void init_amd(struct cpuinfo_x86 *c) if (c == &boot_cpu_data && !cpu_has(c, X86_FEATURE_RSTR_FP_ERR_PTRS)) setup_force_cpu_cap(X86_BUG_FPU_PTRS); - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ if (c->x86 == 0x0f || c->x86 == 0x11) /* Always dispatch serialising on this hardare. */ __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ { - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - } + else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ + amd_init_lfence(c); amd_init_ssbd(c); diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 2550957801..1a5b3918b3 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,4 +20,5 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *c); void early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index ccfa27201d..3845e0cf0e 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -32,32 +32,7 @@ static void init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ - if (rdmsr_safe(MSR_AMD64_DE_CFG, value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); + amd_init_lfence(c); amd_init_ssbd(c); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265975.459576 (Exim 4.92) (envelope-from ) id 1nGINW-0006UA-70; Sat, 05 Feb 2022 10:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265975.459576; Sat, 05 Feb 2022 10:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINW-0006U2-3d; Sat, 05 Feb 2022 10:33:14 +0000 Received: by outflank-mailman (input) for mailman id 265975; Sat, 05 Feb 2022 10:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINU-0006Tq-EB for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINU-0001iU-DJ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGINU-0005PA-CK for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HqXe0xN42SolZARiSPORs01xHVE0NWBZw9yNqGNuGgw=; b=Y/YzsPPih/CTJjVSadZl5XRan/ huU89aag/fouwjZ3YlbkQSYNFNHftiw83qsqdrfq14X33DRDWQtq92aRY1HpZUR4Sd0PJdwTD6UIz nxxckU/rryoW2VKHWaKBb6sq5RmhuTxO6me4YBgdKJVQ5S+n/SVw6+cdDRVPafuQbsjY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: support LFENCE always serialising CPUID bit Message-Id: Date: Sat, 05 Feb 2022 10:33:12 +0000 commit 0d89d04f630a0a54e1411144969fb3dfb4f5400e Author: Roger Pau Monné AuthorDate: Thu Apr 15 16:47:31 2021 +0200 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/cpuid: support LFENCE always serialising CPUID bit AMD Milan (Zen3) CPUs have an LFENCE Always Serialising CPUID bit in leaf 80000021.eax. Previous AMD versions used to have a user settable bit in DE_CFG MSR to select whether LFENCE was dispatch serialising, which Xen always attempts to set. The forcefully always on setting is due to the addition of SEV-SNP so that a VMM cannot break the confidentiality of a guest. In order to support this new CPUID bit move the LFENCE_DISPATCH synthetic CPUID bit to map the hardware bit (leaving a hole in the synthetic range) and either rely on the bit already being set by the native CPUID output, or attempt to fake it in Xen by modifying the DE_CFG MSR. This requires adding one more entry to the featureset to support leaf 80000021.eax. The bit is always exposed to guests by default even if the underlying hardware doesn't support leaf 80000021. Note that Xen doesn't allow guests to change the DE_CFG value, so once set by Xen LFENCE will always be serialising. Note that the access to DE_CFG by guests is left as-is: reads will unconditionally return LFENCE_SERIALISE bit set, while writes are silently dropped. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper [Always expose to guests by default] Signed-off-by: Andrew Cooper (cherry picked from commit e9b4fe26364950258c9f57f0f68eccb778eeadbb) x86/cpuid: do not expand max leaves on restore When restoring limit the maximum leaves to the ones supported by Xen 4.12 in order to not expand the maximum leaves a guests sees. Note this is unlikely to cause real issues. Guests restored from Xen versions 4.13 or greater will contain CPUID data on the stream that will override the values set by xc_cpuid_apply_policy. Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID bit") Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich (cherry picked from commit 111c8c33a8a18588f3da3c5dbb7f5c63ddb98ce5) tools/libxenguest: Fix max_extd_leaf calculation for legacy restore 0x1c is lower than any value which will actually be observed in p->extd.max_leaf, but higher than the logical 9 leaves worth of extended data on Intel systems, causing x86_cpuid_copy_to_buffer() to fail with -ENOBUFS. Correct the calculation. The problem was first noticed in c/s 34990446ca9 "libxl: don't ignore the return value from xc_cpuid_apply_policy" but introduced earlier. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Reported-by: Olaf Hering Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5fa174cbf54cc625a023b8e7170e359dd150c072) tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libs/guest/xg_cpuid_x86.c | 22 +++++++++++++---- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 6 +++++ xen/arch/x86/cpu/amd.c | 7 ++++++ xen/arch/x86/cpu/common.c | 3 +++ xen/arch/x86/cpuid.c | 15 +++++++++++- xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/public/arch-x86/cpufeatureset.h | 3 +++ xen/include/xen/lib/x86/cpuid.h | 37 ++++++++++++++++++++++++++++- 9 files changed, 90 insertions(+), 7 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index c6c806884a..ead547f302 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -497,12 +497,22 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, goto out; } - /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. - */ if ( restore ) { + /* + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. + */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -511,6 +521,10 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, { p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } + + p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); + p->feat.max_subleaf = 0; + p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); } if ( featureset ) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 6e094dfacc..9f55073f0a 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -293,6 +293,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"svm_decode", 0x8000000a, NA, CPUID_REG_EDX, 7, 1}, {"svm_pausefilt",0x8000000a, NA, CPUID_REG_EDX, 10, 1}, + {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, + {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, {NULL, 0, NA, CPUID_REG_INV, 0, 0} diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index b9fb918cdd..92c40b045c 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -183,6 +183,11 @@ static const char *const str_7a1[32] = [ 4] = "avx-vnni", [ 5] = "avx512-bf16", }; +static const char *const str_e21a[32] = +{ + [ 2] = "lfence+", +}; + static const struct { const char *name; const char *abbr; @@ -200,6 +205,7 @@ static const struct { { "0x80000008.ebx", "e8b", str_e8b }, { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, + { "0x80000021.eax", "e21a", str_e21a }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index b2d940697f..176c1de8a9 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -646,6 +646,13 @@ void amd_init_lfence(struct cpuinfo_x86 *c) { uint64_t value; + /* + * Some hardware has LFENCE dispatch serialising always enabled, + * nothing to do on that case. + */ + if (test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability)) + return; + /* * Attempt to set lfence to be Dispatch Serialising. This MSR almost * certainly isn't virtualised (and Xen at least will leak the real diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index cab3befeac..292f764d9e 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -419,6 +419,9 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000008) c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] = cpuid_ebx(0x80000008); + if (c->extended_cpuid_level >= 0x80000021) + c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] + = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ if ( c->cpuid_level >= 0x00000007 ) { diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index eefcde902e..8d43c018e6 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -308,6 +308,7 @@ static void __init calculate_raw_policy(void) static void __init calculate_host_policy(void) { struct cpuid_policy *p = &host_cpuid_policy; + unsigned int max_extd_leaf; *p = raw_cpuid_policy; @@ -315,7 +316,19 @@ static void __init calculate_host_policy(void) min_t(uint32_t, p->basic.max_leaf, ARRAY_SIZE(p->basic.raw) - 1); p->feat.max_subleaf = min_t(uint32_t, p->feat.max_subleaf, ARRAY_SIZE(p->feat.raw) - 1); - p->extd.max_leaf = 0x80000000 | min_t(uint32_t, p->extd.max_leaf & 0xffff, + + max_extd_leaf = p->extd.max_leaf; + + /* + * For AMD/Hygon hardware before Zen3, we unilaterally modify LFENCE to be + * dispatch serialising for Spectre mitigations. Extend max_extd_leaf + * beyond what hardware supports, to include the feature leaf containing + * this information. + */ + if ( cpu_has_lfence_dispatch ) + max_extd_leaf = max(max_extd_leaf, 0x80000021); + + p->extd.max_leaf = 0x80000000 | min_t(uint32_t, max_extd_leaf & 0xffff, ARRAY_SIZE(p->extd.raw) - 1); cpuid_featureset_to_policy(boot_cpu_data.x86_capability, p); diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index d7e42d9bb6..6c8f432aee 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -24,7 +24,7 @@ XEN_CPUFEATURE(APERFMPERF, X86_SYNTH( 8)) /* APERFMPERF */ XEN_CPUFEATURE(MFENCE_RDTSC, X86_SYNTH( 9)) /* MFENCE synchronizes RDTSC */ XEN_CPUFEATURE(XEN_SMEP, X86_SYNTH(10)) /* SMEP gets used by Xen itself */ XEN_CPUFEATURE(XEN_SMAP, X86_SYNTH(11)) /* SMAP gets used by Xen itself */ -XEN_CPUFEATURE(LFENCE_DISPATCH, X86_SYNTH(12)) /* lfence set as Dispatch Serialising */ +/* Bit 12 - unused. */ XEN_CPUFEATURE(IND_THUNK_LFENCE, X86_SYNTH(13)) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, X86_SYNTH(14)) /* Use IND_THUNK_JMP */ XEN_CPUFEATURE(SC_BRANCH_HARDEN, X86_SYNTH(15)) /* Conditional Branch Hardening */ diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 496582feff..4a1462db65 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -288,6 +288,9 @@ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(AVX_VNNI, 10*32+ 4) /*A AVX-VNNI Instructions */ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ +/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ +XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index f4ef8a9f2f..a4d254ea96 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -15,6 +15,7 @@ #define FEATURESET_e8b 8 /* 0x80000008.ebx */ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ +#define FEATURESET_e21a 11 /* 0x80000021.eax */ struct cpuid_leaf { @@ -84,7 +85,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) -#define CPUID_GUEST_NR_EXTD_AMD (0x1cu + 1) +#define CPUID_GUEST_NR_EXTD_AMD (0x21u + 1) #define CPUID_GUEST_NR_EXTD MAX(CPUID_GUEST_NR_EXTD_INTEL, \ CPUID_GUEST_NR_EXTD_AMD) @@ -264,6 +265,38 @@ struct cpuid_policy }; uint32_t nc:8, :4, apic_id_size:4, :16; uint32_t /* d */:32; + + uint64_t :64, :64; /* Leaf 0x80000009. */ + uint64_t :64, :64; /* Leaf 0x8000000a - SVM rev and features. */ + uint64_t :64, :64; /* Leaf 0x8000000b. */ + uint64_t :64, :64; /* Leaf 0x8000000c. */ + uint64_t :64, :64; /* Leaf 0x8000000d. */ + uint64_t :64, :64; /* Leaf 0x8000000e. */ + uint64_t :64, :64; /* Leaf 0x8000000f. */ + uint64_t :64, :64; /* Leaf 0x80000010. */ + uint64_t :64, :64; /* Leaf 0x80000011. */ + uint64_t :64, :64; /* Leaf 0x80000012. */ + uint64_t :64, :64; /* Leaf 0x80000013. */ + uint64_t :64, :64; /* Leaf 0x80000014. */ + uint64_t :64, :64; /* Leaf 0x80000015. */ + uint64_t :64, :64; /* Leaf 0x80000016. */ + uint64_t :64, :64; /* Leaf 0x80000017. */ + uint64_t :64, :64; /* Leaf 0x80000018. */ + uint64_t :64, :64; /* Leaf 0x80000019 - TLB 1GB Identifiers. */ + uint64_t :64, :64; /* Leaf 0x8000001a - Performance related info. */ + uint64_t :64, :64; /* Leaf 0x8000001b - IBS feature information. */ + uint64_t :64, :64; /* Leaf 0x8000001c. */ + uint64_t :64, :64; /* Leaf 0x8000001d - Cache properties. */ + uint64_t :64, :64; /* Leaf 0x8000001e - Extd APIC/Core/Node IDs. */ + uint64_t :64, :64; /* Leaf 0x8000001f - AMD Secure Encryption. */ + uint64_t :64, :64; /* Leaf 0x80000020 - Platform QoS. */ + + /* Leaf 0x80000021 - Extended Feature 2 */ + union { + uint32_t e21a; + struct { DECL_BITFIELD(e21a); }; + }; + uint32_t /* b */:32, /* c */:32, /* d */:32; }; } extd; @@ -293,6 +326,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_e8b] = p->extd.e8b; fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; + fs[FEATURESET_e21a] = p->extd.e21a; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -310,6 +344,7 @@ static inline void cpuid_featureset_to_policy( p->extd.e8b = fs[FEATURESET_e8b]; p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; + p->extd.e21a = fs[FEATURESET_e21a]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265976.459580 (Exim 4.92) (envelope-from ) id 1nGINg-0006Xl-8H; Sat, 05 Feb 2022 10:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265976.459580; Sat, 05 Feb 2022 10:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINg-0006Xd-5I; Sat, 05 Feb 2022 10:33:24 +0000 Received: by outflank-mailman (input) for mailman id 265976; Sat, 05 Feb 2022 10:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINe-0006XD-H3 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINe-0001ik-GI for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGINe-0005Pu-FQ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/MrcHY5Ph6ax+cfTBO1nv0ueamPH05JxF8lGGjchuqs=; b=rvVA8b5WJFFxtv8p8T0B6fyCku 5FE3Wziy6prWZgLYI9bqRPHAfTGcfwek6BV/OyHdgdaj8MpQpszo+QGaBkP/E04J5vplgNWcspzuE A21Kg027UyzxGOlo4HtN3l0NFh3MCbUfX81axMEJJPJiC6zG8y49i44i1gAjjLuY1YwU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Sat, 05 Feb 2022 10:33:22 +0000 commit 0bec5b0c6ee24477f3f307243753a4eacca14155 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265977.459584 (Exim 4.92) (envelope-from ) id 1nGINq-0006bR-9y; Sat, 05 Feb 2022 10:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265977.459584; Sat, 05 Feb 2022 10:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINq-0006bJ-6q; Sat, 05 Feb 2022 10:33:34 +0000 Received: by outflank-mailman (input) for mailman id 265977; Sat, 05 Feb 2022 10:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINo-0006az-KI for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINo-0001jC-Ja for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGINo-0005QX-Ig for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0S26SxU6ASfx0kJd0ffo37ZkjEFvmGcApYyXirzi56Q=; b=z9MYJ1ELc1CRDh1Gu/l82hop8q U3IOINfT1f/a+k6djejqau1hMgXnBdNl/zCfm8nIMKGYXlvh6f03ePnvVVE0HHuhHqTnnYyKounlM AQm6jd4DVTAoOmQx7C+l0aV/SpojVhZWI5FcCJ8WEKfk5lgfaewXKP7qkjD2eAYMHPOU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 10:33:32 +0000 commit beb522fc036cec82ba9f49d5187eba28bb293474 Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index f572c68d4d..ddd001a6ad 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1370,6 +1370,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1385,7 +1386,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1405,7 +1407,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 79d40a0074..334dcddacf 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -420,6 +420,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -493,18 +511,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 10039c2d22..657a329561 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -277,6 +277,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265978.459587 (Exim 4.92) (envelope-from ) id 1nGIO0-0006eO-Bb; Sat, 05 Feb 2022 10:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265978.459587; Sat, 05 Feb 2022 10:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIO0-0006eG-8T; Sat, 05 Feb 2022 10:33:44 +0000 Received: by outflank-mailman (input) for mailman id 265978; Sat, 05 Feb 2022 10:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINy-0006e2-NU for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGINy-0001jO-Mq for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGINy-0005RE-Lo for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OmVvQXIZnoAbJGNX0+VRlqq1vsvnxKZQg6rBn42+dFE=; b=NiRXz+uZEPDnV8hl4ut+lBPGq3 h9v7ti701QTeWohVmrnKYgxTv8e29PXVueUZUUkYQXaYgc34ZELtoptSAdcX4AvdZ8SjInZODxoNA fKrsaHHjDF/pizFtV1FN6kjIEosMijZoQ6RjKtN+ZimrFjmf1/64k7u8ua+0aYAXSjno=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Sat, 05 Feb 2022 10:33:42 +0000 commit 82b2033090150ef25090b7e58d4820e04cedc736 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 4a1462db65..2ffeff0ae5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -263,7 +263,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:33:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265980.459592 (Exim 4.92) (envelope-from ) id 1nGIOA-0006iB-EX; Sat, 05 Feb 2022 10:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265980.459592; Sat, 05 Feb 2022 10:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOA-0006i3-BO; Sat, 05 Feb 2022 10:33:54 +0000 Received: by outflank-mailman (input) for mailman id 265980; Sat, 05 Feb 2022 10:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIO8-0006hq-QW for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIO8-0001jY-Pp for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIO8-0005SD-Oy for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xvrQmsFJ71ObxIumn8PEbwunFg5V3POQcKWhrAdZYEQ=; b=d1KhsWfSBd/a3ZNf8MtL/YQ0L4 0i1kzVSip3uJQT1lmKzviS2V3Ii2q0L7F2VzMFnP9cwRMzqgQOHclOuN/0sLyQKNm1g5twE+BB1d5 2CRZiDcfhR577OMW2y/qq89ZNfBh2swwZPAAUXW3S9a4w1lbmRPc4HWI5oJgkzyooDX8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 10:33:52 +0000 commit ca3fcbde2513f18806a50fe5a9791e1cbb7c4205 Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f70535b6e7..e85b0c0c7d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -987,19 +987,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265981.459596 (Exim 4.92) (envelope-from ) id 1nGIOK-0006lO-G5; Sat, 05 Feb 2022 10:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265981.459596; Sat, 05 Feb 2022 10:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOK-0006lG-Cx; Sat, 05 Feb 2022 10:34:04 +0000 Received: by outflank-mailman (input) for mailman id 265981; Sat, 05 Feb 2022 10:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOI-0006l7-Tv for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOI-0001kB-TC for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIOI-0005T4-S7 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qohaiLF28nu5Vwh7Sq5RmAdt4fZFD7+s6P0lNu++fhQ=; b=feMljcTR4wtfGNAfBsDbb4E+qT 00nTBZYMcdI1o+G0eZvLssWIDbFaoVM0h11pH8+TZu1yO/uwFbiNRIVymvv1noyROrU3f4lqU8JNi hwBOqsMNiqtDEVJ4kVPkN00jiECZnWDNBFFqYJGuxhVLQaJTOKDqy6+2o69QcDqIFbJE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 10:34:02 +0000 commit 3bc15a1a646e338e3f670a0d5fd2924b5d1edef0 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:49 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e85b0c0c7d..84d5de8856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -898,7 +898,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -907,6 +907,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -944,11 +946,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -979,10 +981,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1001,11 +1000,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1220,7 +1220,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265982.459600 (Exim 4.92) (envelope-from ) id 1nGIOU-0006oB-HP; Sat, 05 Feb 2022 10:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265982.459600; Sat, 05 Feb 2022 10:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOU-0006o3-ES; Sat, 05 Feb 2022 10:34:14 +0000 Received: by outflank-mailman (input) for mailman id 265982; Sat, 05 Feb 2022 10:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOT-0006nr-0Z for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOS-0001kF-WF for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIOS-0005U5-VP for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z/88qoq6ZYNjHFMrwrHZUb0SOjZnT+HoNIfqDZbMN18=; b=g+r03Wq65NpZdwBq6ohdcyIuz3 vlNW5MISoxW2j2LHqc7Z3rcYBxuyz33x0Fo+w0dFG4a9qC7/JburWuXWfkvbooa/Do8TKtKUCylvY jThc2V23JbbdCrpADnk3WX+++Rx+j4zmV7jOWJjG0a9AE6zj3B8sPzM68LPBCejD3/po=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Sat, 05 Feb 2022 10:34:12 +0000 commit 21dd4ef9a6a59655cfa06550e331557e197324fa Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265983.459604 (Exim 4.92) (envelope-from ) id 1nGIOe-0006r7-JO; Sat, 05 Feb 2022 10:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265983.459604; Sat, 05 Feb 2022 10:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOe-0006qz-Fx; Sat, 05 Feb 2022 10:34:24 +0000 Received: by outflank-mailman (input) for mailman id 265983; Sat, 05 Feb 2022 10:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOd-0006qj-3t for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOd-0001kT-3D for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIOd-0005V3-2N for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=75wKBZGptVneG0V2Y0JON7AktIbL9XNwEwWyZCJ4f8c=; b=6NyhJspfDD4gX58nFnd59kGs1Z 2kXKMLbnUhd2aKdkwtJX3GVqb2BcG3UmHFxMII4Zsf+3JZiIjmd7PmVt8OEFHUE/I04CSPOkSyqIT mKISGeBP3e5UfeW/GL/mQnKRfhAOExZRc0zMEcWN91QSMZ+CBsaRGCp5lk330mEGEeiU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 10:34:23 +0000 commit 73b4e89746dcdb017ac331ca819f615f255fc5c0 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 59955aadb9..b1f96f71b6 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1936,9 +1936,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index f1dda9d305..bad978f627 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -322,6 +322,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -378,7 +380,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 84d5de8856..b41f85936e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1222,6 +1222,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1230,15 +1233,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index a74ad4bc4c..8ea4aecc5e 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265985.459608 (Exim 4.92) (envelope-from ) id 1nGIOo-0006u3-Kh; Sat, 05 Feb 2022 10:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265985.459608; Sat, 05 Feb 2022 10:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOo-0006tv-HY; Sat, 05 Feb 2022 10:34:34 +0000 Received: by outflank-mailman (input) for mailman id 265985; Sat, 05 Feb 2022 10:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOn-0006tj-6u for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOn-0001kX-6F for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIOn-0005W1-5U for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iTsobeBgcCwsH1OyrsbmddExmR4lHwqQ2EymBmDO9uQ=; b=DleJcNMf+Wmv+Htos9Ritapd4l 4M4fP0o/P0VeEW3KXER0FLMF+IBOmnjJ/Xpn1QCALaNr5bcGyWPnFrzISlkYOYm/lz9pOVTh1idK7 C7Vo/FE+sM0VtyXMEzY2/iSH/5UgP5XO030CLXrYMyr00BTCOem4PwvNmekBCAmrZr+E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Sat, 05 Feb 2022 10:34:33 +0000 commit b21f5076bbf3de17c88c3a4ae1be814f0fbd0874 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 176c1de8a9..1ee687d0d2 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index bad978f627..d5b538e4b6 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -379,7 +379,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b41f85936e..fc4ef370a0 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -907,7 +908,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1002,12 +1004,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 1598d01017..6a43e4febb 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265986.459611 (Exim 4.92) (envelope-from ) id 1nGIOy-0006ww-MN; Sat, 05 Feb 2022 10:34:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265986.459611; Sat, 05 Feb 2022 10:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOy-0006wo-J1; Sat, 05 Feb 2022 10:34:44 +0000 Received: by outflank-mailman (input) for mailman id 265986; Sat, 05 Feb 2022 10:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOx-0006wc-9w for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIOx-0001ke-9I for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIOx-0005X3-8T for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4xuZv6ZPVGBiXdCRwkN6bEZiOPLq4TPxIU0cfe8DZc4=; b=DIUyqceb1N41jnlMAeziytFs46 55jx1/c3kSh5ZJej92rG6UlO8I13+LOjlpSmQhVkEPfMAymptRqs+rl25XQBVsWJxkNRomrQLV4P/ VJMCMgDALT6IbXyMKTJ13BehDXUDw6QEHtchtgI0QqgPZVjmd6bYkBIJEOXJ3nID/rOg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 10:34:43 +0000 commit 5a76649547d7be5439dbe0efc8b37efd293d5120 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index ce030b124f..6dbf3bf697 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -124,6 +124,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:34:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:34:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265987.459616 (Exim 4.92) (envelope-from ) id 1nGIP8-00070R-Pd; Sat, 05 Feb 2022 10:34:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265987.459616; Sat, 05 Feb 2022 10:34:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIP8-00070J-Lx; Sat, 05 Feb 2022 10:34:54 +0000 Received: by outflank-mailman (input) for mailman id 265987; Sat, 05 Feb 2022 10:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIP7-000708-D5 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIP7-0001kk-CQ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIP7-0005YA-BY for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7k9EnW1ik7Fq2+z9C0JF8BJH4fX7hfKpxEzKkUWQ3GE=; b=jJxpT0SgJ9dBmAuisOnWJQkRe2 Pyfo4GPdbY5GdymLYqBUkPFJSaY84bZ95T2ZY3XJZ8QvPFDh9VqBmY9i3ABsaHLiElLCE4Ogi2N3a Pi0AGzdlaHaabORGey1j0k60kv5Mte7hYGWJCpraqy22dxqdWClAyBAQOrAaqpbaRVus=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Sat, 05 Feb 2022 10:34:53 +0000 commit a7d7136673950ce70cf19cd9d0aae6caa5b24438 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 79ea791b63..294d45d63f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2470,10 +2470,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2484,10 +2488,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 334dcddacf..de9953aac3 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -249,7 +249,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -427,7 +427,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -435,6 +436,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -511,7 +513,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 10:35:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 10:35:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.265988.459622 (Exim 4.92) (envelope-from ) id 1nGIPI-00073g-Rg; Sat, 05 Feb 2022 10:35:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 265988.459622; Sat, 05 Feb 2022 10:35:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIPI-00073X-Nm; Sat, 05 Feb 2022 10:35:04 +0000 Received: by outflank-mailman (input) for mailman id 265988; Sat, 05 Feb 2022 10:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIPH-00073H-GC for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGIPH-0001lJ-FV for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGIPH-0005ZZ-El for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 10:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=F9ZPuNgnUaJtklstY2wQ6hq267Mldyu51p0wjzLVcSU=; b=crZ5i6Jc/Pu8pmS8tnbVcr2Wok 7inLpK8GN6fcrKNyjZVRMfD6XiGUAPU2sFKJj7fenCmEACgYVwPhh/rVpLjiinVm3la+4xEM5JOuK lxA9HJmWMWDuFUqW8aCyiINuto7Tv/c5fhNQEUSr5KTd2sSpb3RGV/eFWmEvqeljywRY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Sat, 05 Feb 2022 10:35:03 +0000 commit 7f3b726c6a73ed82d6825f52763bf8943aea5316 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:26:50 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 8d43c018e6..880480208b 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -394,6 +394,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -417,11 +419,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -485,11 +490,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 294d45d63f..3f0df0b16a 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 2ffeff0ae5..bafc898774 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -254,17 +254,17 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 36f67750e5..a45995d246 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -275,16 +275,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266040.459679 (Exim 4.92) (envelope-from ) id 1nGKQ6-0004kG-Es; Sat, 05 Feb 2022 12:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266040.459679; Sat, 05 Feb 2022 12:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQ6-0004k8-Bl; Sat, 05 Feb 2022 12:44:02 +0000 Received: by outflank-mailman (input) for mailman id 266040; Sat, 05 Feb 2022 12:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQ6-0004k2-3R for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQ6-0003uq-2g for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQ6-0006O2-1e for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8tcIdAvpI34QIqppU9NXQSAlkRm/Tsrl3gHyxZONNYs=; b=CZNTsbMerH6zNt7TNAZqUWNo83 FwgmxFp3repRZvrrRd6aNedt/xVRRSZFUYSvOueL+8Hh7lW5RvrYQapj2aeR4wJ1EoeTg6xnF+kjt /6dRUSTK/8AgOjS8KxwpmGT0g3OVndggyb1gVpjPCQP/EOrnBXHQD2bFmACXcYsxe4wI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/vmx: Drop spec_ctrl load in VMEntry path Message-Id: Date: Sat, 05 Feb 2022 12:44:02 +0000 commit e253d0a65cca3770f404241f2435791b61159cd6 Author: Andrew Cooper AuthorDate: Tue Feb 1 13:34:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 x86/vmx: Drop spec_ctrl load in VMEntry path This is not needed now that the VMEntry path is not responsible for loading the guest's MSR_SPEC_CTRL value. Fixes: 81f0eaadf84d ("x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9ce3ef20b4f085a7dc8ee41b0fec6fdeced3773e) --- xen/arch/x86/hvm/vmx/entry.S | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 7ee3382fd0..49651f3c43 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -85,9 +85,6 @@ UNLIKELY_END(realmode) test %al, %al jz .Lvmx_vmentry_restart - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax - /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=regs/cpuinfo Clob: */ ALTERNATIVE "", __stringify(verw CPUINFO_verw_sel(%rsp)), X86_FEATURE_SC_VERW_HVM -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266041.459683 (Exim 4.92) (envelope-from ) id 1nGKQH-0004mV-Gk; Sat, 05 Feb 2022 12:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266041.459683; Sat, 05 Feb 2022 12:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQH-0004mN-DK; Sat, 05 Feb 2022 12:44:13 +0000 Received: by outflank-mailman (input) for mailman id 266041; Sat, 05 Feb 2022 12:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQG-0004m7-7r for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQG-0003v1-74 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQG-0006PW-59 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1x4OzBUoWH9Ijfg6FZDQRE/xTyPd8u5mbukVlveTUtk=; b=1ASyNgVoSIY4dnwWVozUBLBKY7 8cmhGypMhFtyuTMg/kOpay1HcFF9syKsBqicnbz2kYi2LqxNv+OgKQDn1VIcUqgJJi3q95RGYz+Vu BjcHHeLm3TbVLvpPpUnR+gQVhxM1oIy20NHQEfyJNLjkxKJbNLPDUp35JRrRKDyJ816g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/guest: Fix comment regarding CPUID compatibility Message-Id: Date: Sat, 05 Feb 2022 12:44:12 +0000 commit 47dbbe3878a002bb9bfa7ab24c0e7dc57b894ac7 Author: Andrew Cooper AuthorDate: Thu Feb 3 18:03:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 820cc393434097f3b7976acdccbf1d96071d6d23) --- tools/libs/guest/xg_cpuid_x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index 198892ebdf..6ea14c4c56 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -498,9 +498,19 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, if ( restore ) { /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -510,7 +520,6 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } - /* Clamp maximum leaves to the ones supported on 4.12. */ p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); p->feat.max_subleaf = 0; p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266042.459687 (Exim 4.92) (envelope-from ) id 1nGKQR-0004pS-If; Sat, 05 Feb 2022 12:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266042.459687; Sat, 05 Feb 2022 12:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQR-0004pL-FO; Sat, 05 Feb 2022 12:44:23 +0000 Received: by outflank-mailman (input) for mailman id 266042; Sat, 05 Feb 2022 12:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQQ-0004p7-CU for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQQ-0003vD-Bj for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQQ-0006Qm-9d for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RNtOIZH4VpHbwp9SnRICN8VHVXgJB5PG0O3RcqpgcoM=; b=spXAEpM6abxyPDBRvCmRkDAzhK kVEOUokqh0NK1JTj1OWtAjrmbaXQ+LfoQb5Dj/5Slc5mnut/mT7JxLo1Dc+cdMBDd3yNvHbBI43H6 IRYU2enw1NaAF/ky22ay/Wn/+EEtG+5j/Ev4QI+J/pH4z6o31JuMBPegXd/CKfJCd2rM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 12:44:22 +0000 commit 5f27e51cce99c422a7e506f9a0eeda195b767464 Author: Andrew Cooper AuthorDate: Wed Jan 19 19:55:02 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:24 2022 +0000 x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL This bug existed in early in 2018 between MSR_SPEC_CTRL arriving in microcode, and SSBD arriving a few months later. It went unnoticed presumably because everyone was busy rebooting everything. The same bug will reappear when adding PSFD support. Clamp the guest MSR_SPEC_CTRL value to that permitted by CPUID on migrate. The guest is already playing with reserved bits at this point, and clamping the value will prevent a migration to a less capable host from failing. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 969a57f73f6b011b2ebf4c0ab1715efc65837335) --- xen/arch/x86/hvm/hvm.c | 25 +++++++++++++++++++++++-- xen/arch/x86/msr.c | 33 +++++++++++++++++++++------------ xen/include/asm-x86/msr.h | 2 ++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 6820527df0..1fe658d902 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1373,6 +1373,7 @@ static const uint32_t msrs_to_send[] = { static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { + const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); struct hvm_msr *ctxt; unsigned int i; @@ -1388,7 +1389,8 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) for ( i = 0; i < ARRAY_SIZE(msrs_to_send); ++i ) { uint64_t val; - int rc = guest_rdmsr(v, msrs_to_send[i], &val); + unsigned int msr = msrs_to_send[i]; + int rc = guest_rdmsr(v, msr, &val); /* * It is the programmers responsibility to ensure that @@ -1408,7 +1410,26 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) if ( !val ) continue; /* Skip empty MSRs. */ - ctxt->msr[ctxt->count].index = msrs_to_send[i]; + /* + * Guests are given full access to certain MSRs for performance + * reasons. A consequence is that Xen is unable to enforce that all + * bits disallowed by the CPUID policy yield #GP, and an enterprising + * guest may be able to set and use a bit it ought to leave alone. + * + * When migrating from a more capable host to a less capable one, such + * bits may be rejected by the destination, and the migration failed. + * + * Discard such bits here on the source side. Such bits have reserved + * behaviour, and the guest has only itself to blame. + */ + switch ( msr ) + { + case MSR_SPEC_CTRL: + val &= msr_spec_ctrl_valid_bits(d->arch.cpuid); + break; + } + + ctxt->msr[ctxt->count].index = msr; ctxt->msr[ctxt->count++].val = val; } diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 71cbfa8ee3..5839bee2c9 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -435,6 +435,24 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_EXCEPTION; } +/* + * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have + * separate CPUID features for this functionality, but only set will be + * active. + */ +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) +{ + bool ssbd = cp->feat.ssbd; + + /* + * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) + * when STIBP isn't enumerated in hardware. + */ + return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | + (ssbd ? SPEC_CTRL_SSBD : 0) | + 0); +} + int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { const struct vcpu *curr = current; @@ -508,18 +526,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) - goto gp_fault; /* MSR available? */ - - /* - * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) - * when STIBP isn't enumerated in hardware. - */ - rsvd = ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | - (cp->feat.ssbd ? SPEC_CTRL_SSBD : 0)); - - if ( val & rsvd ) - goto gp_fault; /* Rsvd bit set? */ + if ( !cp->feat.ibrsb || + (val & ~msr_spec_ctrl_valid_bits(cp)) ) + goto gp_fault; goto set_reg; case MSR_PRED_CMD: diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 10039c2d22..657a329561 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -277,6 +277,8 @@ static inline void wrmsr_tsc_aux(uint32_t val) } } +uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp); + extern struct msr_policy raw_msr_policy, host_msr_policy, pv_max_msr_policy, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266043.459692 (Exim 4.92) (envelope-from ) id 1nGKQb-0004sH-Kh; Sat, 05 Feb 2022 12:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266043.459692; Sat, 05 Feb 2022 12:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQb-0004s9-HK; Sat, 05 Feb 2022 12:44:33 +0000 Received: by outflank-mailman (input) for mailman id 266043; Sat, 05 Feb 2022 12:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQa-0004s1-FQ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQa-0003vN-Ei for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQa-0006S0-E0 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kRojg3pIqTUBl4tZaJjPDBZQtLLuRi0cebb/NPFGm/c=; b=lBy2vM2IBUw2dlF0yK3NrXajC4 /gbT5whn1rOJdLN67irR4z1HP5LseNuev3Am+jin2NsymFFHvjYuMRzmLKXiBtnWWiL2KjaL9xtnm 6+dXqVjaW2C5RkTHYTe3TDXJTtIi4Ua7Flopi6sRGULmX0i6vwhvtq5hEQbJIGXwqk0Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Advertise SSB_NO to guests by default Message-Id: Date: Sat, 05 Feb 2022 12:44:32 +0000 commit df2e2952b8c8087988f240a08a9417aa503cbd1c Author: Andrew Cooper AuthorDate: Thu Jan 27 21:28:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/cpuid: Advertise SSB_NO to guests by default This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 15b7611efd497c4b65f350483857082cb70fc348) --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f62c775b9d..3d45b05af2 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,7 +264,7 @@ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266045.459695 (Exim 4.92) (envelope-from ) id 1nGKQl-0004vN-M2; Sat, 05 Feb 2022 12:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266045.459695; Sat, 05 Feb 2022 12:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQl-0004vF-Iz; Sat, 05 Feb 2022 12:44:43 +0000 Received: by outflank-mailman (input) for mailman id 266045; Sat, 05 Feb 2022 12:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQk-0004v5-IN for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQk-0003va-Hg for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQk-0006T7-Gx for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OciXGkG3u3tbmwXFiu/gngEZpYsR26jTxQxHW+IB9y8=; b=sK8dVkd3PEtf6vFZrzFVBUny46 Gzanc55178y3q6jg2ozLGkylZVjRMjYwdbce616d6TSqG/Ukp9Vd9iUAxh/loHZTE12JKwFNgRNd4 wT5eiYA5ARj235UYWJev1Gnm/bu5trscZY7HVlllBGeNE+PUHbNEzs9e/0UseG93WZCQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Drop use_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 12:44:42 +0000 commit 7f34b6a895d10744bab32fc843246c45da444d8b Author: Andrew Cooper AuthorDate: Tue Jan 25 16:09:59 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Drop use_spec_ctrl boolean Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c18cc8aa49..8a550d0a09 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266046.459699 (Exim 4.92) (envelope-from ) id 1nGKQv-0004y9-NU; Sat, 05 Feb 2022 12:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266046.459699; Sat, 05 Feb 2022 12:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQv-0004y1-Ka; Sat, 05 Feb 2022 12:44:53 +0000 Received: by outflank-mailman (input) for mailman id 266046; Sat, 05 Feb 2022 12:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQu-0004xq-Lf for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKQu-0003vm-Ks for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKQu-0006UJ-Ju for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WP7uaGjxEnO4w95yAlTUbNK/jtybyLQBEraV2HHYecU=; b=a5MOArHUh4Ioou8VigWkpXMOkF WntrtZQK04wB19u4Q2lttI+N9KLww3SqMm0FRVl/8my25l4mxenjqZI8MhqDGougqoXauZwePnBRL 3I3Ft9WofJwljCPyqYRDRFzPObxf5wOVWqeqkbIdDLT3IWDes+1htc3En5uS7FBgm3ZA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Message-Id: Date: Sat, 05 Feb 2022 12:44:52 +0000 commit 08fc03c855c071e9b1aaaa96403f2a90433336a7 Author: Andrew Cooper AuthorDate: Tue Jan 25 17:14:48 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Introduce new has_spec_ctrl boolean Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8a550d0a09..2072daf662 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266047.459703 (Exim 4.92) (envelope-from ) id 1nGKR5-00051F-PS; Sat, 05 Feb 2022 12:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266047.459703; Sat, 05 Feb 2022 12:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKR5-000515-MF; Sat, 05 Feb 2022 12:45:03 +0000 Received: by outflank-mailman (input) for mailman id 266047; Sat, 05 Feb 2022 12:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKR4-00050v-Oc for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKR4-0003we-Ny for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKR4-0006Vz-NB for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q+oybaA7VxX7Lii7PCvSC06tZxTZLAz0Zb/Bcf05YAo=; b=Y08OrpxDUJDKwoORSFRyDysaSF /6b/KML7T2ujygHAv5Nm4r6Ads+2itmu41P9j6h8yAmuUnJ8QPbMSDs8WFuqeC9cFBnjXubsatt/0 dscBrPRVk8nAHmao/ifSUJKHaPZDixRMjOU5EZSI1VzB1VIFNFXIOcWW9Zyxqe8Gex5k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Message-Id: Date: Sat, 05 Feb 2022 12:45:02 +0000 commit 72ef02da23861f686c349a6808b2f4c9adc15f9f Author: Andrew Cooper AuthorDate: Fri Jan 28 12:03:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. We need to load default_xen_spec_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Conversely, there is no need to clear IBRS and flush the store buffers on the way down; we're microseconds away from cutting power. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 71fac402e05ade7b0af2c34f77517449f6f7e2c1) --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d0..0837a3ead4 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266048.459707 (Exim 4.92) (envelope-from ) id 1nGKRF-00054S-SM; Sat, 05 Feb 2022 12:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266048.459707; Sat, 05 Feb 2022 12:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRF-00054K-PE; Sat, 05 Feb 2022 12:45:13 +0000 Received: by outflank-mailman (input) for mailman id 266048; Sat, 05 Feb 2022 12:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRE-00053y-Rq for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRE-0003wo-R7 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKRE-0006YE-QT for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rvv58ygkHAbPPJ/0l4CfzWKxxTaFG1rSdvluDTee28w=; b=TMk2sdrIW7WymP6KkBZ98vFyPN z7GMIecg6UPeY32LzWIZoqw0vqSjA8HJ1YvFGzYT1lP3FZOAGDRJsdhnjVmaObG9vXzAlUe19GAPC bT6AqFjh16Hl9WEVPrflmVZS+jaGuSZKToiUsdk8ciMSh49kjou5D2GEjiSgJqJRMOrY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 12:45:12 +0000 commit 6ef732726add103ee8f63293e326ad43b1643239 Author: Andrew Cooper AuthorDate: Fri Jan 28 11:57:19 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 00f2992b6c7a9d4090443c1a85bf83224a87eeb9) --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 4 ++++ 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 0837a3ead4..bac9c16389 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + ci->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index da47cdea14..369691dd13 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1944,9 +1944,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 329cfdb6c9..ee3e86cc78 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -322,6 +322,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -378,7 +380,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2072daf662..b2fd86ebe5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1270,6 +1270,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1278,15 +1281,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index a74ad4bc4c..8ea4aecc5e 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index bf82528a12..9c0c7622c4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266049.459711 (Exim 4.92) (envelope-from ) id 1nGKRP-00057P-Tx; Sat, 05 Feb 2022 12:45:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266049.459711; Sat, 05 Feb 2022 12:45:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRP-00057E-Ql; Sat, 05 Feb 2022 12:45:23 +0000 Received: by outflank-mailman (input) for mailman id 266049; Sat, 05 Feb 2022 12:45:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRO-000574-VH for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRO-0003wy-UQ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKRO-0006ZR-TZ for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cK8grro+0Fmpg5TgZksPCyahI74hgjnJkx8bpitFN8A=; b=JxrbR8vAByNMyQteKAiXCUxtZJ sAbmxpmbHuh/B4L0C7tvgE1PlPzn234gvzvCww5vgE5e7flkdMBIUA7wsqVbsGSya6twzqSQLSNp8 +WKSNvC+M5oZfHr2rb73givE8dmSYLTBAZZn/z+l8iyRP57x9vbkZFl2J6tq8CH1NYho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Message-Id: Date: Sat, 05 Feb 2022 12:45:22 +0000 commit e7ccc7a8ab92502a12dc31f652b0ca3b1be04b7e Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 378f2e6df31442396f0afda19794c5c6091d96f9) --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- xen/include/asm-x86/hvm/svm/svm.h | 3 +++ 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index bac9c16389..d4bdc3e7df 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ci->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f87484b7ce..a8e37dbb1f 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index ee3e86cc78..54237c6c6d 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -379,7 +379,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b2fd86ebe5..ee862089b7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -936,7 +937,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1031,12 +1033,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO: Adjust cpu_has_svm_spec_ctrl to be usable earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* diff --git a/xen/include/asm-x86/hvm/svm/svm.h b/xen/include/asm-x86/hvm/svm/svm.h index 05e9685026..09c32044ec 100644 --- a/xen/include/asm-x86/hvm/svm/svm.h +++ b/xen/include/asm-x86/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266050.459715 (Exim 4.92) (envelope-from ) id 1nGKRZ-0005A6-VA; Sat, 05 Feb 2022 12:45:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266050.459715; Sat, 05 Feb 2022 12:45:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRZ-00059w-SG; Sat, 05 Feb 2022 12:45:33 +0000 Received: by outflank-mailman (input) for mailman id 266050; Sat, 05 Feb 2022 12:45:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRZ-00059o-46 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRZ-0003x9-12 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKRZ-0006aU-0M for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uXOR5aypacaSqGKLFnxSe/Ns5wwx1bVdYQMFJBFZ7do=; b=Z7mXLTTgxHc0LNAO3Zo4YDhXfu gtVQ0ukJvaA/xqV8yq5AYt4z9UUe59RE2psgfi8xU5rgT3mskzd2MYRhRzEXRIpJB9e8EviO8G3Oj f5zsIuRCRwxRP4yzn1UCvP9h4PB+af9cSS1Q8Ip/lLExN2UhLZdIQIwNjrkbHDSy23RI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Message-Id: Date: Sat, 05 Feb 2022 12:45:33 +0000 commit 142c6bd63468b147299f1393e8347d76fe6c3270 Author: Andrew Cooper AuthorDate: Fri Jan 21 15:59:03 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility (future work), and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 614cec7d79d76786f5638a6e4da0576b57732ca1) --- xen/arch/x86/hvm/svm/entry.S | 34 +++++++++++++++++++++++++++++----- xen/arch/x86/x86_64/asm-offsets.c | 1 + xen/include/asm-x86/msr.h | 9 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 3 +++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36a..4ae55a2ef6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + .macro svm_vmentry_spec_ctrl + mov VCPU_arch_msrs(%rbx), %rax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov VCPUMSR_spec_ctrl_raw(%rax), %eax + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ + .endm + ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +90,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +97,21 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo Clob: acd */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + + .macro svm_vmexit_spec_ctrl + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] + * flushing side effect. + */ + mov $MSR_SPEC_CTRL, %ecx + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + xor %edx, %edx + wrmsr + mov %al, CPUINFO_last_spec_ctrl(%rsp) + .endm + ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 649892643f..287dac101a 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -126,6 +126,7 @@ void __dummy__(void) OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3); OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); + OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index 657a329561..ce4fe51afe 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9c0c7622c4..02b3b18ce6 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266051.459719 (Exim 4.92) (envelope-from ) id 1nGKRk-0005DA-0b; Sat, 05 Feb 2022 12:45:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266051.459719; Sat, 05 Feb 2022 12:45:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRj-0005D2-Tk; Sat, 05 Feb 2022 12:45:43 +0000 Received: by outflank-mailman (input) for mailman id 266051; Sat, 05 Feb 2022 12:45:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRj-0005Cr-55 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRj-0003xD-4J for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKRj-0006bI-3V for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=srF9sUXYRFts9NdPVjkHHFV71IHLNKaWZYcGRlx9ZW4=; b=LX2aczOGTPsaV9m+Gyb3SIo1p2 qwHvGo93vDwmsVR1Oy7BbprQ+svwQR/TJ3bSsCSgkG6jRIsliyATAJXAhNh4fuFXKgbSVbB+5W8H1 DR1fT3KEEsGgYuPNxsrr6hksaUYSOYz2COHN6jKhLokTZb60vw8I0w9iuZqgsnvq+zhc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/msr: AMD MSR_SPEC_CTRL infrastructure Message-Id: Date: Sat, 05 Feb 2022 12:45:43 +0000 commit 5c704f0e5ffd609ee98bb2240fe56e1be0611d63 Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/msr: AMD MSR_SPEC_CTRL infrastructure Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22b9add22b4a9af37305c8441fec12cb26bd142b) --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 74b2b0e092..9c99f8a032 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2471,10 +2471,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2485,10 +2489,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 5839bee2c9..119ebfa91c 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -264,7 +264,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -442,7 +442,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -450,6 +451,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -526,7 +528,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 12:45:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 12:45:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266052.459724 (Exim 4.92) (envelope-from ) id 1nGKRu-0005G3-2i; Sat, 05 Feb 2022 12:45:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266052.459724; Sat, 05 Feb 2022 12:45:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRt-0005Fv-VF; Sat, 05 Feb 2022 12:45:53 +0000 Received: by outflank-mailman (input) for mailman id 266052; Sat, 05 Feb 2022 12:45:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRt-0005Fm-8C for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGKRt-0003xN-7U for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGKRt-0006cE-6g for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 12:45:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J8Fp7aJLIdxas2+3O25IjghqzMRRDPgJmCo1/ul7EV4=; b=OENuv1/NsIZyrCX+RCYWU2N7Nl 5kCySW0DpeTFp0AybnXwQ0UbhuiatAN8BKmfbpF+xOAcfOrxgFzL3TYJ2RBpI57HRRxi5puYWhN58 KHVbupGHiYjhziXGj5D6CJO+ldNUglWCxiGgoP4ttE50eOg1Y28II6wUu/h+oRJ+Kw3E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Message-Id: Date: Sat, 05 Feb 2022 12:45:53 +0000 commit 0da8f3d23f86dafc4781cb75f46722841b87bdbf Author: Andrew Cooper AuthorDate: Mon Jan 17 20:29:09 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 15:45:25 2022 +0000 x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit a7e7c7260cde78a148810db5320cbf39686c3e09) --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 151944f657..c7f07ef7a6 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -396,6 +396,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -419,11 +421,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -493,11 +498,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 9c99f8a032..332de61993 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 3d45b05af2..228a5dc29e 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -254,18 +254,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b953648b65..517d632b50 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -277,16 +277,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Feb 05 20:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Feb 2022 20:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.266105.459782 (Exim 4.92) (envelope-from ) id 1nGROh-0006Bs-Gj; Sat, 05 Feb 2022 20:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 266105.459782; Sat, 05 Feb 2022 20:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGROh-0006Bk-DP; Sat, 05 Feb 2022 20:11:03 +0000 Received: by outflank-mailman (input) for mailman id 266105; Sat, 05 Feb 2022 20:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGROf-0006BO-Q1 for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 20:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nGROf-0003b3-OE for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 20:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nGROf-0005T4-Lv for xen-changelog@lists.xenproject.org; Sat, 05 Feb 2022 20:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AXgJDwZy8bWU0gpmpO3G9D29sckyWpnJpLOuSJFnVMI=; b=pHQJ9vPGjSbJ6N9d+jRhnG8cZ7 8JFQP7rua7h+bwZPF5zgc/YpN6/jDQUFbquw69g53gywPhwYUrTc6Qu6UmeGA6KYA8V1nHnrYYlK/ Scf20NJLoW41F44kAoWcm4/ljYb3qkTd92BRw2dTJxsvr8Y+jkSiQ3i1hEtV73422ec4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/guest: Fix comment regarding CPUID compatibility Message-Id: Date: Sat, 05 Feb 2022 20:11:01 +0000 commit 820cc393434097f3b7976acdccbf1d96071d6d23 Author: Andrew Cooper AuthorDate: Thu Feb 3 18:03:49 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 14:44:29 2022 +0000 tools/guest: Fix comment regarding CPUID compatibility It was Xen 4.14 where CPUID data was added to the migration stream, and 4.13 that we need to worry about with regards to compatibility. Xen 4.12 isn't relevant. Expand and correct the commentary. Fixes: 111c8c33a8a1 ("x86/cpuid: do not expand max leaves on restore") Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- tools/libs/guest/xg_cpuid_x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c index b9e827ce7e..57f81eb0a0 100644 --- a/tools/libs/guest/xg_cpuid_x86.c +++ b/tools/libs/guest/xg_cpuid_x86.c @@ -497,9 +497,19 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, if ( restore ) { /* - * Account for feature which have been disabled by default since Xen 4.13, - * so migrated-in VM's don't risk seeing features disappearing. + * Xen 4.14 introduced support to move the guest's CPUID data in the + * migration stream. Previously, the destination side would invent a + * policy out of thin air in the hopes that it was ok. + * + * This restore path is used for incoming VMs with no CPUID data + * i.e. originated on Xen 4.13 or earlier. We must invent a policy + * compatible with what Xen 4.13 would have done on the same hardware. + * + * Specifically: + * - Clamp max leaves. + * - Re-enable features which have become (possibly) off by default. */ + p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset); p->feat.hle = test_bit(X86_FEATURE_HLE, host_featureset); p->feat.rtm = test_bit(X86_FEATURE_RTM, host_featureset); @@ -509,7 +519,6 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t domid, bool restore, p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset); } - /* Clamp maximum leaves to the ones supported on 4.12. */ p->basic.max_leaf = min(p->basic.max_leaf, 0xdu); p->feat.max_subleaf = 0; p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Feb 07 17:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Feb 2022 17:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.267334.461067 (Exim 4.92) (envelope-from ) id 1nH8EE-00082b-UC; Mon, 07 Feb 2022 17:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 267334.461067; Mon, 07 Feb 2022 17:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EE-00082T-RA; Mon, 07 Feb 2022 17:55:06 +0000 Received: by outflank-mailman (input) for mailman id 267334; Mon, 07 Feb 2022 17:55:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8ED-00082N-Pm for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8ED-0000vR-Nv for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nH8ED-0007cO-Mp for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b0Wl3qcWn3OfPcIIHFlDhvH8lm6n/w7TA26kjHTxIDk=; b=3WY87eBPMDwaFcw2XKoLOHPly7 648UcpH9HbPQgi8JuPnswKGAXQtUc9kcUPuSl2ep25tqXTFcIPCip3ipE+kU4EgJA2ZUAGeG0ZCmg x167iymXsI+9RCkZVXgf+dwUYlD3opNhERcGqBDpwySAycsxFf6ncgPMtOaHCyjmBdDc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Fix boot on systems where HVM isn't available Message-Id: Date: Mon, 07 Feb 2022 17:55:05 +0000 commit e9b32164142e40a2585543a46530066b58a76f3f Author: Andrew Cooper AuthorDate: Fri Feb 4 17:01:41 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 x86/hvm: Fix boot on systems where HVM isn't available c/s 27a63cdac388 ("x86/HVM: convert remaining hvm_funcs hook invocations to alt-call") went too far with dropping NULL function pointer checks. smp_callin() and S3 resume call hvm_cpu_up() unconditionally. When the platform doesn't support HVM, hvm_enable() exits without filling in hvm_funcs, after which the altcall pass nukes the (now unconditional) indirect call, causing: (XEN) ----[ Xen-4.17.0-10.18-d x86_64 debug=y Not tainted ]---- (XEN) CPU: 1 (XEN) RIP: e008:[] start_secondary+0x393/0x3b7 (XEN) RFLAGS: 0000000000010086 CONTEXT: hypervisor ... (XEN) Xen code around (start_secondary+0x393/0x3b7): (XEN) ff ff 8b 05 1b 84 17 00 <0f> 0b 0f ff ff 90 89 c3 85 c0 0f 84 db fe ff ff ... (XEN) Xen call trace: (XEN) [] R start_secondary+0x393/0x3b7 (XEN) [] F __high_start+0x42/0x60 To make matters worse, several paths including __stop_this_cpu() call hvm_cpu_down() unconditionally too, so what happen next is: (XEN) ----[ Xen-4.17.0-10.18-d x86_64 debug=y Not tainted ]---- (XEN) CPU: 0 (XEN) RIP: e008:[] __stop_this_cpu+0x12/0x3c (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor ... (XEN) Xen code around (__stop_this_cpu+0x12/0x3c): (XEN) 48 89 e5 e8 8a 1d fd ff <0f> 0b 0f ff ff 90 0f 06 db e3 48 89 e0 48 0d ff ... (XEN) Xen call trace: (XEN) [] R __stop_this_cpu+0x12/0x3c (XEN) [] F smp_send_stop+0xdd/0xf8 (XEN) [] F machine_restart+0xa2/0x298 (XEN) [] F arch/x86/shutdown.c#__machine_restart+0xb/0x11 (XEN) [] F smp_call_function_interrupt+0xbf/0xea (XEN) [] F call_function_interrupt+0x35/0x37 (XEN) [] F do_IRQ+0xa3/0x6b5 (XEN) [] F common_interrupt+0x10a/0x120 (XEN) [] F __udelay+0x3a/0x51 (XEN) [] F __cpu_up+0x48f/0x734 (XEN) [] F cpu_up+0x7d/0xde (XEN) [] F __start_xen+0x200b/0x2618 (XEN) [] F __high_start+0x4f/0x60 which recurses until hitting a stack overflow. The #DF handler, which resets its stack on each invocation, loops indefinitely. Reinstate the NULL function pointer checks for hvm_cpu_{up,down}(), along with comments explaining how the helpers are used. Fixes: 27a63cdac388 ("x86/HVM: convert remaining hvm_funcs hook invocations to alt-call") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hvm/hvm.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index a441cbc221..b44bbdeb21 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -551,14 +551,20 @@ static inline void hvm_invlpg(struct vcpu *v, unsigned long linear) (1U << TRAP_alignment_check) | \ (1U << TRAP_machine_check)) +/* Called in boot/resume paths. Must cope with no HVM support. */ static inline int hvm_cpu_up(void) { - return alternative_call(hvm_funcs.cpu_up); + if ( hvm_funcs.cpu_up ) + return alternative_call(hvm_funcs.cpu_up); + + return 0; } +/* Called in shutdown paths. Must cope with no HVM support. */ static inline void hvm_cpu_down(void) { - alternative_vcall(hvm_funcs.cpu_down); + if ( hvm_funcs.cpu_down ) + alternative_vcall(hvm_funcs.cpu_down); } static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 07 17:55:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Feb 2022 17:55:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.267335.461071 (Exim 4.92) (envelope-from ) id 1nH8EO-00084W-Vv; Mon, 07 Feb 2022 17:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 267335.461071; Mon, 07 Feb 2022 17:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EO-00084O-Sn; Mon, 07 Feb 2022 17:55:16 +0000 Received: by outflank-mailman (input) for mailman id 267335; Mon, 07 Feb 2022 17:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EN-00084B-S8 for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EN-0000vV-RM for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nH8EN-0007dO-QG for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RP/mTmWVbSuaiylpy7ox4iavJROxo4RowOdXK3yDZrw=; b=hCkOoIK6gjKsDZZcdNJpFFZkRW HcsAXfyukKsuZBRYZsMJUiQpstv3H/BD9bHZFekbStRMVTkhuoviv0IChTrKp5uXhETvSUNCRNCpb UnAm2MBT8UAQEn3M79b2ivgklMW2F807ZzmViQvGGyyqMyulKxa53xH1punT9LVuloPs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/smp: Speed up on_selected_cpus() Message-Id: Date: Mon, 07 Feb 2022 17:55:15 +0000 commit f97c1abf2934e76fb69fabaf4f5ec04afa813816 Author: Andrew Cooper AuthorDate: Fri Feb 4 20:12:04 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 xen/smp: Speed up on_selected_cpus() cpumask_weight() is an incredibly expensive way to find if no bits are set, made worse by the fact that the calculation is performed with the global call_lock held. This appears to be a missing optimisation from c/s 433f14699d48 ("x86: Clean up smp_call_function handling.") in 2011 which dropped the logic requiring the count of CPUs. Switch to using cpumask_empty() instead, which will short circuit as soon as it finds any set bit in the cpumask. Signed-off-by: Andrew Cooper Reviewed-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/smp.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/xen/common/smp.c b/xen/common/smp.c index 781bcf2c24..a011f541f1 100644 --- a/xen/common/smp.c +++ b/xen/common/smp.c @@ -50,8 +50,6 @@ void on_selected_cpus( void *info, int wait) { - unsigned int nr_cpus; - ASSERT(local_irq_is_enabled()); ASSERT(cpumask_subset(selected, &cpu_online_map)); @@ -59,8 +57,7 @@ void on_selected_cpus( cpumask_copy(&call_data.selected, selected); - nr_cpus = cpumask_weight(&call_data.selected); - if ( nr_cpus == 0 ) + if ( cpumask_empty(&call_data.selected) ) goto out; call_data.func = func; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 07 17:55:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Feb 2022 17:55:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.267336.461075 (Exim 4.92) (envelope-from ) id 1nH8EZ-00087U-15; Mon, 07 Feb 2022 17:55:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 267336.461075; Mon, 07 Feb 2022 17:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EY-00087M-UL; Mon, 07 Feb 2022 17:55:26 +0000 Received: by outflank-mailman (input) for mailman id 267336; Mon, 07 Feb 2022 17:55:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EX-000871-VM for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nH8EX-0000vm-UZ for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nH8EX-0007eM-TT for xen-changelog@lists.xenproject.org; Mon, 07 Feb 2022 17:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y1vjAa2myX2JgU1Ir9U1Ujqn9K8SxCVzfy40rRNjIow=; b=oPPdulLsvocSCLBnLV6mg9m3xa g0o2ZTOrY/wyhHkfATdCbwES/V0BzJBeAOI95nHPAlMbVM8xq6n6N2nC8wlRxSkoA+kikQ2c8dWUN cTKZIM+3xlGggWlm0L1Mhtu8sEqm0TuTq4qrkiY+K9syoIakdj/vKMWwP64J0Fp41kSs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] dom0/pvh: fix processing softirqs during memory map population Message-Id: Date: Mon, 07 Feb 2022 17:55:25 +0000 commit 10d33220f2363a21a52a394159118ab4ddaed50e Author: Roger Pau Monne AuthorDate: Mon Feb 7 12:20:08 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 dom0/pvh: fix processing softirqs during memory map population Make sure softirqs are processed after every successful call to guest_physmap_add_page. Even if only a single page is to be added, it's unknown whether the p2m or the IOMMU will require splitting the provided page into smaller ones, and thus in case of having to break a 1G page into 4K entries the amount of time taken by a single of those additions will be non-trivial. Stay on the safe side and check for pending softirqs on every successful loop iteration. Fixes: 5427134eae ('x86: populate PVHv2 Dom0 physical memory map') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index afba6e7dfd..f9e17249dc 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -113,10 +113,9 @@ static int __init pvh_populate_memory_range(struct domain *d, { .align = PFN_DOWN(MB(2)), .order = PAGE_ORDER_2M }, { .align = PFN_DOWN(KB(4)), .order = PAGE_ORDER_4K }, }; - unsigned int max_order = MAX_ORDER, i = 0; + unsigned int max_order = MAX_ORDER; struct page_info *page; int rc; -#define MAP_MAX_ITER 64 while ( nr_pages != 0 ) { @@ -185,12 +184,16 @@ static int __init pvh_populate_memory_range(struct domain *d, start += 1UL << order; nr_pages -= 1UL << order; order_stats[order]++; - if ( (++i % MAP_MAX_ITER) == 0 ) - process_pending_softirqs(); + /* + * Process pending softirqs on every successful loop: it's unknown + * whether the p2m/IOMMU code will have split the page into multiple + * smaller entries, and thus the time consumed would be much higher + * than populating a single entry. + */ + process_pending_softirqs(); } return 0; -#undef MAP_MAX_ITER } /* Steal RAM from the end of a memory region. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268347.462149 (Exim 4.92) (envelope-from ) id 1nHQmr-0007yC-Tq; Tue, 08 Feb 2022 13:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268347.462149; Tue, 08 Feb 2022 13:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQmr-0007y4-Qo; Tue, 08 Feb 2022 13:44:05 +0000 Received: by outflank-mailman (input) for mailman id 268347; Tue, 08 Feb 2022 13:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQmq-0007xy-OA for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQmq-0000N2-MN for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQmq-0004w4-LC for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RzJN3XW1D/6xS6hR7zBnk3G2cJ4vhvvsLB6qW972Uaw=; b=5bqXhjsmxiCkKnDw3lLleUApm2 CXLO09n+wO4ZXKTJNH7l4eePywwXBPBNbnCmlrHxw6s3odPdQP7OPjYJjAE7ynJlyaGVOpLIei4KS oOulzEoVKGngRL4Am1uwvtbgpu38KA/ZJURcFniBFr8fDdJrW3rBaXXpa83G15L4wjpw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/include: generate a _xen_list.h file Message-Id: Date: Tue, 08 Feb 2022 13:44:04 +0000 commit 9b8dcd08e6a98d6e56c5cb8645bb3736d292ed80 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:34 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:51 2022 +0000 tools/include: generate a _xen_list.h file Today tools/include contains two basically identical header files generated from the same source. They just differ by the used name space and they are being generated from different Makefiles via a perl script. Prepare to have only one such header by using a more generic namespace "XEN" for _xen_list.h. As the original header hasn't been updated in the Xen tree since its introduction about 10 years ago, and the updates of FreeBSD side have mostly covered BSD internal debugging aids, just don't generate the new header during build, especially as using the current FreeBSD version of the file would require some updates of the perl script, which are potentially more work than just doing the needed editing by hand. Additionally this enables to remove the not needed debugging extensions of FreeBSD. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/Makefile | 2 + tools/include/_xen_list.h | 509 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 511 insertions(+) diff --git a/tools/include/Makefile b/tools/include/Makefile index d7b51006e0..d965987f55 100644 --- a/tools/include/Makefile +++ b/tools/include/Makefile @@ -70,11 +70,13 @@ install: all $(INSTALL_DATA) xen/io/*.h $(DESTDIR)$(includedir)/xen/io $(INSTALL_DATA) xen/sys/*.h $(DESTDIR)$(includedir)/xen/sys $(INSTALL_DATA) xen/xsm/*.h $(DESTDIR)$(includedir)/xen/xsm + $(INSTALL_DATA) _xen_list.h $(DESTDIR)$(includedir) .PHONY: uninstall uninstall: echo "[FIXME] uninstall headers" rm -rf $(DESTDIR)$(includedir)/xen + rm -f $(DESTDIR)$(includedir)/_xen_list.h .PHONY: clean clean: diff --git a/tools/include/_xen_list.h b/tools/include/_xen_list.h new file mode 100644 index 0000000000..ce246f95c9 --- /dev/null +++ b/tools/include/_xen_list.h @@ -0,0 +1,509 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + * $FreeBSD$ + */ + +#ifndef XEN__SYS_QUEUE_H_ +#define XEN__SYS_QUEUE_H_ + +/* #include */ + +/* + * This file defines four types of data structures: singly-linked lists, + * singly-linked tail queues, lists and tail queues. + * + * A singly-linked list is headed by a single forward pointer. The elements + * are singly linked for minimum space and pointer manipulation overhead at + * the expense of O(n) removal for arbitrary elements. New elements can be + * added to the list after an existing element or at the head of the list. + * Elements being removed from the head of the list should use the explicit + * macro for this purpose for optimum efficiency. A singly-linked list may + * only be traversed in the forward direction. Singly-linked lists are ideal + * for applications with large datasets and few or no removals or for + * implementing a LIFO queue. + * + * A singly-linked tail queue is headed by a pair of pointers, one to the + * head of the list and the other to the tail of the list. The elements are + * singly linked for minimum space and pointer manipulation overhead at the + * expense of O(n) removal for arbitrary elements. New elements can be added + * to the list after an existing element, at the head of the list, or at the + * end of the list. Elements being removed from the head of the tail queue + * should use the explicit macro for this purpose for optimum efficiency. + * A singly-linked tail queue may only be traversed in the forward direction. + * Singly-linked tail queues are ideal for applications with large datasets + * and few or no removals or for implementing a FIFO queue. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * For details on the use of these macros, see the queue(3) manual page. + * + * + * XEN_SLIST XEN_LIST XEN_STAILQ XEN_TAILQ + * _HEAD + + + + + * _HEAD_INITIALIZER + + + + + * _ENTRY + + + + + * _INIT + + + + + * _EMPTY + + + + + * _FIRST + + + + + * _NEXT + + + + + * _PREV - - - + + * _LAST - - + + + * _FOREACH + + + + + * _FOREACH_SAFE + + + + + * _FOREACH_REVERSE - - - + + * _FOREACH_REVERSE_SAFE - - - + + * _INSERT_HEAD + + + + + * _INSERT_BEFORE - + - + + * _INSERT_AFTER + + + + + * _INSERT_TAIL - - + + + * _CONCAT - - + + + * _REMOVE_AFTER + - + - + * _REMOVE_HEAD + - + - + * _REMOVE + + + + + * _SWAP + + + + + * + */ + +/* + * Singly-linked List declarations. + */ +#define XEN_SLIST_HEAD(name, type) \ +struct name { \ + type *slh_first; /* first element */ \ +} + +#define XEN_SLIST_HEAD_INITIALIZER(head) \ + { 0 } + +#define XEN_SLIST_ENTRY(type) \ +struct { \ + type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List functions. + */ +#define XEN_SLIST_EMPTY(head) ((head)->slh_first == 0) + +#define XEN_SLIST_FIRST(head) ((head)->slh_first) + +#define XEN_SLIST_FOREACH(var, head, field) \ + for ((var) = XEN_SLIST_FIRST((head)); \ + (var); \ + (var) = XEN_SLIST_NEXT((var), field)) + +#define XEN_SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_SLIST_FIRST((head)); \ + (var) && ((tvar) = XEN_SLIST_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_SLIST_FOREACH_PREVPTR(var, varp, head, field) \ + for ((varp) = &XEN_SLIST_FIRST((head)); \ + ((var) = *(varp)) != 0; \ + (varp) = &XEN_SLIST_NEXT((var), field)) + +#define XEN_SLIST_INIT(head) do { \ + XEN_SLIST_FIRST((head)) = 0; \ +} while (0) + +#define XEN_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + XEN_SLIST_NEXT((elm), field) = XEN_SLIST_NEXT((slistelm), field);\ + XEN_SLIST_NEXT((slistelm), field) = (elm); \ +} while (0) + +#define XEN_SLIST_INSERT_HEAD(head, elm, field) do { \ + XEN_SLIST_NEXT((elm), field) = XEN_SLIST_FIRST((head)); \ + XEN_SLIST_FIRST((head)) = (elm); \ +} while (0) + +#define XEN_SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#define XEN_SLIST_REMOVE(head, elm, type, field) do { \ + if (XEN_SLIST_FIRST((head)) == (elm)) { \ + XEN_SLIST_REMOVE_HEAD((head), field); \ + } \ + else { \ + type *curelm = XEN_SLIST_FIRST((head)); \ + while (XEN_SLIST_NEXT(curelm, field) != (elm)) \ + curelm = XEN_SLIST_NEXT(curelm, field); \ + XEN_SLIST_REMOVE_AFTER(curelm, field); \ + } \ +} while (0) + +#define XEN_SLIST_REMOVE_AFTER(elm, field) do { \ + XEN_SLIST_NEXT(elm, field) = \ + XEN_SLIST_NEXT(XEN_SLIST_NEXT(elm, field), field); \ +} while (0) + +#define XEN_SLIST_REMOVE_HEAD(head, field) do { \ + XEN_SLIST_FIRST((head)) = XEN_SLIST_NEXT(XEN_SLIST_FIRST((head)), field);\ +} while (0) + +#define XEN_SLIST_SWAP(head1, head2, type) do { \ + type *swap_first = XEN_SLIST_FIRST(head1); \ + XEN_SLIST_FIRST(head1) = XEN_SLIST_FIRST(head2); \ + XEN_SLIST_FIRST(head2) = swap_first; \ +} while (0) + +/* + * Singly-linked Tail queue declarations. + */ +#define XEN_STAILQ_HEAD(name, type) \ +struct name { \ + type *stqh_first;/* first element */ \ + type **stqh_last;/* addr of last next element */ \ +} + +#define XEN_STAILQ_HEAD_INITIALIZER(head) \ + { 0, &(head).stqh_first } + +#define XEN_STAILQ_ENTRY(type) \ +struct { \ + type *stqe_next; /* next element */ \ +} + +/* + * Singly-linked Tail queue functions. + */ +#define XEN_STAILQ_CONCAT(head1, head2) do { \ + if (!XEN_STAILQ_EMPTY((head2))) { \ + *(head1)->stqh_last = (head2)->stqh_first; \ + (head1)->stqh_last = (head2)->stqh_last; \ + XEN_STAILQ_INIT((head2)); \ + } \ +} while (0) + +#define XEN_STAILQ_EMPTY(head) ((head)->stqh_first == 0) + +#define XEN_STAILQ_FIRST(head) ((head)->stqh_first) + +#define XEN_STAILQ_FOREACH(var, head, field) \ + for((var) = XEN_STAILQ_FIRST((head)); \ + (var); \ + (var) = XEN_STAILQ_NEXT((var), field)) + + +#define XEN_STAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_STAILQ_FIRST((head)); \ + (var) && ((tvar) = XEN_STAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_STAILQ_INIT(head) do { \ + XEN_STAILQ_FIRST((head)) = 0; \ + (head)->stqh_last = &XEN_STAILQ_FIRST((head)); \ +} while (0) + +#define XEN_STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ + if ((XEN_STAILQ_NEXT((elm), field) = XEN_STAILQ_NEXT((tqelm), field)) == 0)\ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ + XEN_STAILQ_NEXT((tqelm), field) = (elm); \ +} while (0) + +#define XEN_STAILQ_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_STAILQ_NEXT((elm), field) = XEN_STAILQ_FIRST((head))) == 0)\ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ + XEN_STAILQ_FIRST((head)) = (elm); \ +} while (0) + +#define XEN_STAILQ_INSERT_TAIL(head, elm, field) do { \ + XEN_STAILQ_NEXT((elm), field) = 0; \ + *(head)->stqh_last = (elm); \ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_STAILQ_LAST(head, type, field) \ + (XEN_STAILQ_EMPTY((head)) ? \ + 0 : \ + ((type *)(void *) \ + ((char *)((head)->stqh_last) - offsetof(type, field)))) + +#define XEN_STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) + +#define XEN_STAILQ_REMOVE(head, elm, type, field) do { \ + if (XEN_STAILQ_FIRST((head)) == (elm)) { \ + XEN_STAILQ_REMOVE_HEAD((head), field); \ + } \ + else { \ + type *curelm = XEN_STAILQ_FIRST((head)); \ + while (XEN_STAILQ_NEXT(curelm, field) != (elm)) \ + curelm = XEN_STAILQ_NEXT(curelm, field); \ + XEN_STAILQ_REMOVE_AFTER(head, curelm, field); \ + } \ +} while (0) + +#define XEN_STAILQ_REMOVE_AFTER(head, elm, field) do { \ + if ((XEN_STAILQ_NEXT(elm, field) = \ + XEN_STAILQ_NEXT(XEN_STAILQ_NEXT(elm, field), field)) == 0) \ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_STAILQ_REMOVE_HEAD(head, field) do { \ + if ((XEN_STAILQ_FIRST((head)) = \ + XEN_STAILQ_NEXT(XEN_STAILQ_FIRST((head)), field)) == 0) \ + (head)->stqh_last = &XEN_STAILQ_FIRST((head)); \ +} while (0) + +#define XEN_STAILQ_SWAP(head1, head2, type) do { \ + type *swap_first = XEN_STAILQ_FIRST(head1); \ + type **swap_last = (head1)->stqh_last; \ + XEN_STAILQ_FIRST(head1) = XEN_STAILQ_FIRST(head2); \ + (head1)->stqh_last = (head2)->stqh_last; \ + XEN_STAILQ_FIRST(head2) = swap_first; \ + (head2)->stqh_last = swap_last; \ + if (XEN_STAILQ_EMPTY(head1)) \ + (head1)->stqh_last = &XEN_STAILQ_FIRST(head1); \ + if (XEN_STAILQ_EMPTY(head2)) \ + (head2)->stqh_last = &XEN_STAILQ_FIRST(head2); \ +} while (0) + + +/* + * List declarations. + */ +#define XEN_LIST_HEAD(name, type) \ +struct name { \ + type *lh_first; /* first element */ \ +} + +#define XEN_LIST_HEAD_INITIALIZER(head) \ + { 0 } + +#define XEN_LIST_ENTRY(type) \ +struct { \ + type *le_next; /* next element */ \ + type **le_prev; /* address of previous next element */ \ +} + +/* + * List functions. + */ + +#define XEN_LIST_EMPTY(head) ((head)->lh_first == 0) + +#define XEN_LIST_FIRST(head) ((head)->lh_first) + +#define XEN_LIST_FOREACH(var, head, field) \ + for ((var) = XEN_LIST_FIRST((head)); \ + (var); \ + (var) = XEN_LIST_NEXT((var), field)) + +#define XEN_LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_LIST_FIRST((head)); \ + (var) && ((tvar) = XEN_LIST_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_LIST_INIT(head) do { \ + XEN_LIST_FIRST((head)) = 0; \ +} while (0) + +#define XEN_LIST_INSERT_AFTER(listelm, elm, field) do { \ + if ((XEN_LIST_NEXT((elm), field) = XEN_LIST_NEXT((listelm), field)) != 0)\ + XEN_LIST_NEXT((listelm), field)->field.le_prev = \ + &XEN_LIST_NEXT((elm), field); \ + XEN_LIST_NEXT((listelm), field) = (elm); \ + (elm)->field.le_prev = &XEN_LIST_NEXT((listelm), field); \ +} while (0) + +#define XEN_LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + XEN_LIST_NEXT((elm), field) = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &XEN_LIST_NEXT((elm), field); \ +} while (0) + +#define XEN_LIST_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_LIST_NEXT((elm), field) = XEN_LIST_FIRST((head))) != 0)\ + XEN_LIST_FIRST((head))->field.le_prev = &XEN_LIST_NEXT((elm), field);\ + XEN_LIST_FIRST((head)) = (elm); \ + (elm)->field.le_prev = &XEN_LIST_FIRST((head)); \ +} while (0) + +#define XEN_LIST_NEXT(elm, field) ((elm)->field.le_next) + +#define XEN_LIST_REMOVE(elm, field) do { \ + if (XEN_LIST_NEXT((elm), field) != 0) \ + XEN_LIST_NEXT((elm), field)->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = XEN_LIST_NEXT((elm), field); \ +} while (0) + +#define XEN_LIST_SWAP(head1, head2, type, field) do { \ + type *swap_tmp = XEN_LIST_FIRST((head1)); \ + XEN_LIST_FIRST((head1)) = XEN_LIST_FIRST((head2)); \ + XEN_LIST_FIRST((head2)) = swap_tmp; \ + if ((swap_tmp = XEN_LIST_FIRST((head1))) != 0) \ + swap_tmp->field.le_prev = &XEN_LIST_FIRST((head1)); \ + if ((swap_tmp = XEN_LIST_FIRST((head2))) != 0) \ + swap_tmp->field.le_prev = &XEN_LIST_FIRST((head2)); \ +} while (0) + +/* + * Tail queue declarations. + */ +#define XEN_TAILQ_HEAD(name, type) \ +struct name { \ + type *tqh_first; /* first element */ \ + type **tqh_last; /* addr of last next element */ \ +} + +#define XEN_TAILQ_HEAD_INITIALIZER(head) \ + { 0, &(head).tqh_first } + +#define XEN_TAILQ_ENTRY(type) \ +struct { \ + type *tqe_next; /* next element */ \ + type **tqe_prev; /* address of previous next element */ \ +} + +/* + * Tail queue functions. + */ + +#define XEN_TAILQ_CONCAT(head1, head2, field) do { \ + if (!XEN_TAILQ_EMPTY(head2)) { \ + *(head1)->tqh_last = (head2)->tqh_first; \ + (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ + (head1)->tqh_last = (head2)->tqh_last; \ + XEN_TAILQ_INIT((head2)); \ + } \ +} while (0) + +#define XEN_TAILQ_EMPTY(head) ((head)->tqh_first == 0) + +#define XEN_TAILQ_FIRST(head) ((head)->tqh_first) + +#define XEN_TAILQ_FOREACH(var, head, field) \ + for ((var) = XEN_TAILQ_FIRST((head)); \ + (var); \ + (var) = XEN_TAILQ_NEXT((var), field)) + +#define XEN_TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_TAILQ_FIRST((head)); \ + (var) && ((tvar) = XEN_TAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for ((var) = XEN_TAILQ_LAST((head), headname); \ + (var); \ + (var) = XEN_TAILQ_PREV((var), headname, field)) + +#define XEN_TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = XEN_TAILQ_LAST((head), headname); \ + (var) && ((tvar) = XEN_TAILQ_PREV((var), headname, field), 1);\ + (var) = (tvar)) + +#define XEN_TAILQ_INIT(head) do { \ + XEN_TAILQ_FIRST((head)) = 0; \ + (head)->tqh_last = &XEN_TAILQ_FIRST((head)); \ +} while (0) + +#define XEN_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field) = XEN_TAILQ_NEXT((listelm), field)) != 0)\ + XEN_TAILQ_NEXT((elm), field)->field.tqe_prev = \ + &XEN_TAILQ_NEXT((elm), field); \ + else { \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ + } \ + XEN_TAILQ_NEXT((listelm), field) = (elm); \ + (elm)->field.tqe_prev = &XEN_TAILQ_NEXT((listelm), field); \ +} while (0) + +#define XEN_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + XEN_TAILQ_NEXT((elm), field) = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field) = XEN_TAILQ_FIRST((head))) != 0)\ + XEN_TAILQ_FIRST((head))->field.tqe_prev = \ + &XEN_TAILQ_NEXT((elm), field); \ + else \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ + XEN_TAILQ_FIRST((head)) = (elm); \ + (elm)->field.tqe_prev = &XEN_TAILQ_FIRST((head)); \ +} while (0) + +#define XEN_TAILQ_INSERT_TAIL(head, elm, field) do { \ + XEN_TAILQ_NEXT((elm), field) = 0; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) + +#define XEN_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) + +#define XEN_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + +#define XEN_TAILQ_REMOVE(head, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field)) != 0) \ + XEN_TAILQ_NEXT((elm), field)->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else { \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + } \ + *(elm)->field.tqe_prev = XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_SWAP(head1, head2, type, field) do { \ + type *swap_first = (head1)->tqh_first; \ + type **swap_last = (head1)->tqh_last; \ + (head1)->tqh_first = (head2)->tqh_first; \ + (head1)->tqh_last = (head2)->tqh_last; \ + (head2)->tqh_first = swap_first; \ + (head2)->tqh_last = swap_last; \ + if ((swap_first = (head1)->tqh_first) != 0) \ + swap_first->field.tqe_prev = &(head1)->tqh_first; \ + else \ + (head1)->tqh_last = &(head1)->tqh_first; \ + if ((swap_first = (head2)->tqh_first) != 0) \ + swap_first->field.tqe_prev = &(head2)->tqh_first; \ + else \ + (head2)->tqh_last = &(head2)->tqh_first; \ +} while (0) + +#endif /* !XEN__SYS_QUEUE_H_ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268348.462153 (Exim 4.92) (envelope-from ) id 1nHQn1-000808-W5; Tue, 08 Feb 2022 13:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268348.462153; Tue, 08 Feb 2022 13:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQn1-000800-SX; Tue, 08 Feb 2022 13:44:15 +0000 Received: by outflank-mailman (input) for mailman id 268348; Tue, 08 Feb 2022 13:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQn0-0007zu-Rw for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQn0-0000N6-Qz for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQn0-0004xR-Pr for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YIyDs1bhodB268J86N1RD34wTKdqJ60oXqMj8O35OrQ=; b=Myry2PMeLU8eTLJWvIvBfIO+Aj bNz3W/amy0ILOCXFnFazIthUVm+KY90btOdiwOSC9RZg8gsmyq7BaNWt0WPFdL+dygm8Chz947WIO jYiUgzTnmcH+Xi5yRmiGs1OscHzoBLc035SOOqXACgblEGkrDOJPUkmLDxNxkusuosHQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/light: replace _libxl_list.h with _xen_list.h Message-Id: Date: Tue, 08 Feb 2022 13:44:14 +0000 commit 9096f0e01e4ce24feb3a5e362fe547fceddb0d2d Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:35 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:52 2022 +0000 tools/libs/light: replace _libxl_list.h with _xen_list.h Remove generating _libxl_list.h and use the common _xen_list.h instead. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/libxl.h | 4 +- tools/libs/light/Makefile | 10 +-- tools/libs/light/libxl.c | 40 +++++------ tools/libs/light/libxl_aoutils.c | 20 +++--- tools/libs/light/libxl_device.c | 27 ++++---- tools/libs/light/libxl_disk.c | 4 +- tools/libs/light/libxl_domain.c | 18 ++--- tools/libs/light/libxl_event.c | 128 +++++++++++++++++------------------ tools/libs/light/libxl_fork.c | 44 ++++++------ tools/libs/light/libxl_internal.h | 86 +++++++++++------------ tools/libs/light/libxl_qmp.c | 19 +++--- tools/libs/light/libxl_stream_read.c | 20 +++--- 12 files changed, 206 insertions(+), 214 deletions(-) diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 2bbbd21f0b..51a9b6cfac 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -747,7 +747,7 @@ typedef struct libxl__ctx libxl_ctx; #include -#include <_libxl_list.h> +#include <_xen_list.h> /* API compatibility. */ #ifdef LIBXL_API_VERSION @@ -1448,7 +1448,7 @@ typedef struct { } libxl_enum_string_table; struct libxl_event; -typedef LIBXL_TAILQ_ENTRY(struct libxl_event) libxl_ev_link; +typedef XEN_TAILQ_ENTRY(struct libxl_event) libxl_ev_link; /* * A boolean variable with an explicit default state. diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index be32d95d39..5642955672 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -153,14 +153,14 @@ LIBXL_TEST_OBJS += $(foreach t, $(LIBXL_TESTS_INSIDE),libxl_test_$t.opic) TEST_PROG_OBJS += $(foreach t, $(LIBXL_TESTS_PROGS),test_$t.o) test_common.o TEST_PROGS += $(foreach t, $(LIBXL_TESTS_PROGS),test_$t) -AUTOINCS = $(XEN_INCLUDE)/_libxl_list.h _libxl_save_msgs_callout.h _libxl_save_msgs_helper.h +AUTOINCS = _libxl_save_msgs_callout.h _libxl_save_msgs_helper.h AUTOSRCS = _libxl_save_msgs_callout.c _libxl_save_msgs_helper.c CLIENTS = testidl libxl-save-helper SAVE_HELPER_OBJS = libxl_save_helper.o _libxl_save_msgs_helper.o -LIBHEADER := libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h _libxl_list.h libxl_utils.h libxl_uuid.h +LIBHEADER := libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h libxl_utils.h libxl_uuid.h NO_HEADERS_CHK := y @@ -201,17 +201,13 @@ _libxl.api-for-check: $(XEN_INCLUDE)/libxl.h $(AUTOINCS) >$@.new mv -f $@.new $@ -$(XEN_INCLUDE)/_libxl_list.h: $(XEN_INCLUDE)/xen-external/bsd-sys-queue-h-seddery $(XEN_INCLUDE)/xen-external/bsd-sys-queue.h - $(PERL) $^ --prefix=libxl >$(notdir $@).new - $(call move-if-changed,$(notdir $@).new,$@) - _libxl_save_msgs_helper.c _libxl_save_msgs_callout.c \ _libxl_save_msgs_helper.h _libxl_save_msgs_callout.h: \ libxl_save_msgs_gen.pl $(PERL) -w $< $@ >$@.new $(call move-if-changed,$@.new,$@) -$(XEN_INCLUDE)/libxl.h: $(XEN_INCLUDE)/_libxl_types.h $(XEN_INCLUDE)/_libxl_list.h +$(XEN_INCLUDE)/libxl.h: $(XEN_INCLUDE)/_libxl_types.h $(XEN_INCLUDE)/libxl_json.h: $(XEN_INCLUDE)/_libxl_types_json.h libxl_internal.h: _libxl_types_internal.h _libxl_types_private.h _libxl_types_internal_private.h libxl_internal_json.h: _libxl_types_internal_json.h diff --git a/tools/libs/light/libxl.c b/tools/libs/light/libxl.c index 667ae6409b..a0bf7d186f 100644 --- a/tools/libs/light/libxl.c +++ b/tools/libs/light/libxl.c @@ -41,29 +41,29 @@ int libxl_ctx_alloc(libxl_ctx **pctx, int version, ctx->nogc_gc.alloc_maxsize = -1; ctx->nogc_gc.owner = ctx; - LIBXL_TAILQ_INIT(&ctx->occurred); + XEN_TAILQ_INIT(&ctx->occurred); ctx->osevent_hooks = 0; ctx->poller_app = 0; - LIBXL_LIST_INIT(&ctx->pollers_event); - LIBXL_LIST_INIT(&ctx->pollers_idle); - LIBXL_LIST_INIT(&ctx->pollers_active); + XEN_LIST_INIT(&ctx->pollers_event); + XEN_LIST_INIT(&ctx->pollers_idle); + XEN_LIST_INIT(&ctx->pollers_active); - LIBXL_LIST_INIT(&ctx->efds); - LIBXL_TAILQ_INIT(&ctx->etimes); + XEN_LIST_INIT(&ctx->efds); + XEN_TAILQ_INIT(&ctx->etimes); ctx->watch_slots = 0; - LIBXL_SLIST_INIT(&ctx->watch_freeslots); + XEN_SLIST_INIT(&ctx->watch_freeslots); libxl__ev_fd_init(&ctx->watch_efd); ctx->xce = 0; - LIBXL_LIST_INIT(&ctx->evtchns_waiting); + XEN_LIST_INIT(&ctx->evtchns_waiting); libxl__ev_fd_init(&ctx->evtchn_efd); - LIBXL_LIST_INIT(&ctx->aos_inprogress); + XEN_LIST_INIT(&ctx->aos_inprogress); - LIBXL_TAILQ_INIT(&ctx->death_list); + XEN_TAILQ_INIT(&ctx->death_list); libxl__ev_xswatch_init(&ctx->death_watch); ctx->childproc_hooks = &libxl__childproc_default_hooks; @@ -122,14 +122,14 @@ int libxl_ctx_alloc(libxl_ctx **pctx, int version, static void free_disable_deaths(libxl__gc *gc, struct libxl__evgen_domain_death_list *l) { libxl_evgen_domain_death *death; - while ((death = LIBXL_TAILQ_FIRST(l))) + while ((death = XEN_TAILQ_FIRST(l))) libxl__evdisable_domain_death(gc, death); } static void discard_events(struct libxl__event_list *l) { /* doesn't bother unlinking from the list, so l is corrupt on return */ libxl_event *ev, *next; - LIBXL_TAILQ_FOREACH_SAFE(ev, l, link, next) + XEN_TAILQ_FOREACH_SAFE(ev, l, link, next) libxl_event_free(0, ev); } @@ -150,7 +150,7 @@ int libxl_ctx_free(libxl_ctx *ctx) free_disable_deaths(gc, &CTX->death_reported); libxl_evgen_disk_eject *eject; - while ((eject = LIBXL_LIST_FIRST(&CTX->disk_eject_evgens))) + while ((eject = XEN_LIST_FIRST(&CTX->disk_eject_evgens))) libxl__evdisable_disk_eject(gc, eject); libxl_childproc_setmode(CTX,0,0); @@ -162,10 +162,10 @@ int libxl_ctx_free(libxl_ctx *ctx) /* Now there should be no more events requested from the application: */ - assert(LIBXL_LIST_EMPTY(&ctx->efds)); - assert(LIBXL_TAILQ_EMPTY(&ctx->etimes)); - assert(LIBXL_LIST_EMPTY(&ctx->evtchns_waiting)); - assert(LIBXL_LIST_EMPTY(&ctx->aos_inprogress)); + assert(XEN_LIST_EMPTY(&ctx->efds)); + assert(XEN_TAILQ_EMPTY(&ctx->etimes)); + assert(XEN_LIST_EMPTY(&ctx->evtchns_waiting)); + assert(XEN_LIST_EMPTY(&ctx->aos_inprogress)); if (ctx->xch) xc_interface_close(ctx->xch); libxl_version_info_dispose(&ctx->version_info); @@ -174,10 +174,10 @@ int libxl_ctx_free(libxl_ctx *ctx) libxl__poller_put(ctx, ctx->poller_app); ctx->poller_app = NULL; - assert(LIBXL_LIST_EMPTY(&ctx->pollers_event)); - assert(LIBXL_LIST_EMPTY(&ctx->pollers_active)); + assert(XEN_LIST_EMPTY(&ctx->pollers_event)); + assert(XEN_LIST_EMPTY(&ctx->pollers_active)); libxl__poller *poller, *poller_tmp; - LIBXL_LIST_FOREACH_SAFE(poller, &ctx->pollers_idle, entry, poller_tmp) { + XEN_LIST_FOREACH_SAFE(poller, &ctx->pollers_idle, entry, poller_tmp) { libxl__poller_dispose(poller); free(poller); } diff --git a/tools/libs/light/libxl_aoutils.c b/tools/libs/light/libxl_aoutils.c index c4c095a5ba..c2d42e7cac 100644 --- a/tools/libs/light/libxl_aoutils.c +++ b/tools/libs/light/libxl_aoutils.c @@ -106,7 +106,7 @@ void libxl__datacopier_init(libxl__datacopier_state *dc) libxl__ao_abortable_init(&dc->abrt); libxl__ev_fd_init(&dc->toread); libxl__ev_fd_init(&dc->towrite); - LIBXL_TAILQ_INIT(&dc->bufs); + XEN_TAILQ_INIT(&dc->bufs); } void libxl__datacopier_kill(libxl__datacopier_state *dc) @@ -117,9 +117,9 @@ void libxl__datacopier_kill(libxl__datacopier_state *dc) libxl__ao_abortable_deregister(&dc->abrt); libxl__ev_fd_deregister(gc, &dc->toread); libxl__ev_fd_deregister(gc, &dc->towrite); - LIBXL_TAILQ_FOREACH_SAFE(buf, &dc->bufs, entry, tbuf) + XEN_TAILQ_FOREACH_SAFE(buf, &dc->bufs, entry, tbuf) free(buf); - LIBXL_TAILQ_INIT(&dc->bufs); + XEN_TAILQ_INIT(&dc->bufs); } static void datacopier_callback(libxl__egc *egc, libxl__datacopier_state *dc, @@ -182,7 +182,7 @@ void libxl__datacopier_prefixdata(libxl__egc *egc, libxl__datacopier_state *dc, memcpy(buf->buf, ptr, buf->used); dc->used += buf->used; - LIBXL_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); + XEN_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); } } @@ -235,18 +235,18 @@ static void datacopier_readable(libxl__egc *egc, libxl__ev_fd *ev, r = read(ev->fd, dc->readbuf + dc->used, dc->bytes_to_read); } else { while (dc->used >= dc->maxsz) { - libxl__datacopier_buf *rm = LIBXL_TAILQ_FIRST(&dc->bufs); + libxl__datacopier_buf *rm = XEN_TAILQ_FIRST(&dc->bufs); dc->used -= rm->used; assert(dc->used >= 0); - LIBXL_TAILQ_REMOVE(&dc->bufs, rm, entry); + XEN_TAILQ_REMOVE(&dc->bufs, rm, entry); free(rm); } - buf = LIBXL_TAILQ_LAST(&dc->bufs, libxl__datacopier_bufs); + buf = XEN_TAILQ_LAST(&dc->bufs, libxl__datacopier_bufs); if (!buf || buf->used >= sizeof(buf->buf)) { buf = libxl__malloc(NOGC, sizeof(*buf)); buf->used = 0; - LIBXL_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); + XEN_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); } r = read(ev->fd, buf->buf + buf->used, min_t(size_t, sizeof(buf->buf) - buf->used, @@ -331,11 +331,11 @@ static void datacopier_writable(libxl__egc *egc, libxl__ev_fd *ev, } assert(revents & POLLOUT); for (;;) { - libxl__datacopier_buf *buf = LIBXL_TAILQ_FIRST(&dc->bufs); + libxl__datacopier_buf *buf = XEN_TAILQ_FIRST(&dc->bufs); if (!buf) break; if (!buf->used) { - LIBXL_TAILQ_REMOVE(&dc->bufs, buf, entry); + XEN_TAILQ_REMOVE(&dc->bufs, buf, entry); free(buf); continue; } diff --git a/tools/libs/light/libxl_device.c b/tools/libs/light/libxl_device.c index 36c4e41e4d..e6025d135e 100644 --- a/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c @@ -1476,7 +1476,7 @@ static void qdisk_spawn_outcome(libxl__egc *egc, libxl__dm_spawn_state *dmss, */ typedef struct libxl__ddomain_device { libxl__device *dev; - LIBXL_SLIST_ENTRY(struct libxl__ddomain_device) next; + XEN_SLIST_ENTRY(struct libxl__ddomain_device) next; } libxl__ddomain_device; /* @@ -1485,8 +1485,8 @@ typedef struct libxl__ddomain_device { typedef struct libxl__ddomain_guest { uint32_t domid; int num_qdisks; - LIBXL_SLIST_HEAD(, struct libxl__ddomain_device) devices; - LIBXL_SLIST_ENTRY(struct libxl__ddomain_guest) next; + XEN_SLIST_HEAD(, struct libxl__ddomain_device) devices; + XEN_SLIST_ENTRY(struct libxl__ddomain_guest) next; } libxl__ddomain_guest; /* @@ -1496,7 +1496,7 @@ typedef struct libxl__ddomain_guest { typedef struct { libxl__ao *ao; libxl__ev_xswatch watch; - LIBXL_SLIST_HEAD(, struct libxl__ddomain_guest) guests; + XEN_SLIST_HEAD(, struct libxl__ddomain_guest) guests; } libxl__ddomain; static libxl__ddomain_guest *search_for_guest(libxl__ddomain *ddomain, @@ -1504,7 +1504,7 @@ static libxl__ddomain_guest *search_for_guest(libxl__ddomain *ddomain, { libxl__ddomain_guest *dguest; - LIBXL_SLIST_FOREACH(dguest, &ddomain->guests, next) { + XEN_SLIST_FOREACH(dguest, &ddomain->guests, next) { if (dguest->domid == domid) return dguest; } @@ -1516,7 +1516,7 @@ static libxl__ddomain_device *search_for_device(libxl__ddomain_guest *dguest, { libxl__ddomain_device *ddev; - LIBXL_SLIST_FOREACH(ddev, &dguest->devices, next) { + XEN_SLIST_FOREACH(ddev, &dguest->devices, next) { #define LIBXL_DEVICE_CMP(dev1, dev2, entry) (dev1->entry == dev2->entry) if (LIBXL_DEVICE_CMP(ddev->dev, dev, backend_devid) && LIBXL_DEVICE_CMP(ddev->dev, dev, backend_domid) && @@ -1537,8 +1537,8 @@ static void check_and_maybe_remove_guest(libxl__gc *gc, { assert(ddomain); - if (dguest != NULL && LIBXL_SLIST_FIRST(&dguest->devices) == NULL) { - LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, + if (dguest != NULL && XEN_SLIST_FIRST(&dguest->devices) == NULL) { + XEN_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, next); LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests"); /* Clear any leftovers in libxl/ */ @@ -1572,7 +1572,7 @@ static int add_device(libxl__egc *egc, libxl__ao *ao, ddev = libxl__zalloc(NOGC, sizeof(*ddev)); ddev->dev = libxl__zalloc(NOGC, sizeof(*ddev->dev)); *ddev->dev = *dev; - LIBXL_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); + XEN_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); LOGD(DEBUG, dev->domid, "Added device %s to the list of active devices", libxl__device_backend_path(gc, dev)); @@ -1649,8 +1649,7 @@ static int remove_device(libxl__egc *egc, libxl__ao *ao, * above or from add_device make a copy of the data they use, so * there's no risk of dereferencing. */ - LIBXL_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, - next); + XEN_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, next); LOGD(DEBUG, dev->domid, "Removed device %s from the list of active devices", libxl__device_backend_path(gc, dev)); @@ -1716,8 +1715,8 @@ static void backend_watch_callback(libxl__egc *egc, libxl__ev_xswatch *watch, /* Create a new guest struct and initialize it */ dguest = libxl__zalloc(NOGC, sizeof(*dguest)); dguest->domid = dev->domid; - LIBXL_SLIST_INIT(&dguest->devices); - LIBXL_SLIST_INSERT_HEAD(&ddomain->guests, dguest, next); + XEN_SLIST_INIT(&dguest->devices); + XEN_SLIST_INSERT_HEAD(&ddomain->guests, dguest, next); LOGD(DEBUG, dguest->domid, "Added domain to the list of active guests"); } ddev = search_for_device(dguest, dev); @@ -1766,7 +1765,7 @@ int libxl_device_events_handler(libxl_ctx *ctx, int i, j, k; ddomain.ao = ao; - LIBXL_SLIST_INIT(&ddomain.guests); + XEN_SLIST_INIT(&ddomain.guests); rc = libxl__get_domid(gc, &domid); if (rc) { diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 93936d0dd0..a5ca77850f 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -88,7 +88,7 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t guest_domid, memset(evg, 0, sizeof(*evg)); evg->user = user; evg->domid = guest_domid; - LIBXL_LIST_INSERT_HEAD(&CTX->disk_eject_evgens, evg, entry); + XEN_LIST_INSERT_HEAD(&CTX->disk_eject_evgens, evg, entry); uint32_t domid = libxl_get_stubdom_id(ctx, guest_domid); @@ -133,7 +133,7 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t guest_domid, void libxl__evdisable_disk_eject(libxl__gc *gc, libxl_evgen_disk_eject *evg) { CTX_LOCK; - LIBXL_LIST_REMOVE(evg, entry); + XEN_LIST_REMOVE(evg, entry); if (libxl__ev_xswatch_isregistered(&evg->watch)) libxl__ev_xswatch_deregister(gc, &evg->watch); diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index d438232117..7f0986c185 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -867,7 +867,7 @@ static void domain_death_occurred(libxl__egc *egc, LOGD(DEBUG, evg->domid, "%s", why); - libxl_evgen_domain_death *evg_next = LIBXL_TAILQ_NEXT(evg, entry); + libxl_evgen_domain_death *evg_next = XEN_TAILQ_NEXT(evg, entry); *evg_upd = evg_next; libxl_event *ev = NEW_EVENT(egc, DOMAIN_DEATH, evg->domid, evg->user); @@ -875,8 +875,8 @@ static void domain_death_occurred(libxl__egc *egc, libxl__event_occurred(egc, ev); evg->death_reported = 1; - LIBXL_TAILQ_REMOVE(&CTX->death_list, evg, entry); - LIBXL_TAILQ_INSERT_HEAD(&CTX->death_reported, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_list, evg, entry); + XEN_TAILQ_INSERT_HEAD(&CTX->death_reported, evg, entry); } static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, @@ -887,12 +887,12 @@ static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, CTX_LOCK; - evg = LIBXL_TAILQ_FIRST(&CTX->death_list); + evg = XEN_TAILQ_FIRST(&CTX->death_list); for (;;) { if (!evg) goto out; - int nentries = LIBXL_TAILQ_NEXT(evg, entry) ? 200 : 1; + int nentries = XEN_TAILQ_NEXT(evg, entry) ? 200 : 1; xc_domaininfo_t domaininfos[nentries]; const xc_domaininfo_t *got = domaininfos, *gotend; @@ -966,7 +966,7 @@ static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, evg->shutdown_reported = 1; } - evg = LIBXL_TAILQ_NEXT(evg, entry); + evg = XEN_TAILQ_NEXT(evg, entry); } assert(rc); /* rc==0 results in us eating all evgs and quitting */ @@ -1015,13 +1015,13 @@ void libxl__evdisable_domain_death(libxl__gc *gc, CTX_LOCK; if (!evg->death_reported) - LIBXL_TAILQ_REMOVE(&CTX->death_list, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_list, evg, entry); else - LIBXL_TAILQ_REMOVE(&CTX->death_reported, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_reported, evg, entry); free(evg); - if (!LIBXL_TAILQ_FIRST(&CTX->death_list) && + if (!XEN_TAILQ_FIRST(&CTX->death_list) && libxl__ev_xswatch_isregistered(&CTX->death_watch)) libxl__ev_xswatch_deregister(gc, &CTX->death_watch); diff --git a/tools/libs/light/libxl_event.c b/tools/libs/light/libxl_event.c index 7c5387e94f..c8bcd13960 100644 --- a/tools/libs/light/libxl_event.c +++ b/tools/libs/light/libxl_event.c @@ -165,7 +165,7 @@ static void ao__check_destroy(libxl_ctx *ctx, libxl__ao *ao); */ static void pollers_note_osevent_added(libxl_ctx *ctx) { libxl__poller *poller; - LIBXL_LIST_FOREACH(poller, &ctx->pollers_active, active_entry) + XEN_LIST_FOREACH(poller, &ctx->pollers_active, active_entry) poller->osevents_added = 1; } @@ -189,7 +189,7 @@ void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc) if (CTX->poller_app->osevents_added) baton_wake(gc, CTX->poller_app); - LIBXL_LIST_FOREACH(search, &CTX->pollers_active, active_entry) { + XEN_LIST_FOREACH(search, &CTX->pollers_active, active_entry) { if (search == CTX->poller_app) /* This one is special. We can't give it the baton. */ continue; @@ -279,7 +279,7 @@ void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc) struct libxl__osevent_hook_nexus { void *ev; void *for_app_reg; - LIBXL_SLIST_ENTRY(libxl__osevent_hook_nexus) next; + XEN_SLIST_ENTRY(libxl__osevent_hook_nexus) next; }; static void *osevent_ev_from_hook_nexus(libxl_ctx *ctx, @@ -293,7 +293,7 @@ static void osevent_release_nexus(libxl__gc *gc, libxl__osevent_hook_nexus *nexus) { nexus->ev = 0; - LIBXL_SLIST_INSERT_HEAD(nexi_idle, nexus, next); + XEN_SLIST_INSERT_HEAD(nexi_idle, nexus, next); } /*----- OSEVENT* hook functions for nexusop "alloc" -----*/ @@ -301,9 +301,9 @@ static void osevent_hook_pre_alloc(libxl__gc *gc, void *ev, libxl__osevent_hook_nexi *nexi_idle, libxl__osevent_hook_nexus **nexus_r) { - libxl__osevent_hook_nexus *nexus = LIBXL_SLIST_FIRST(nexi_idle); + libxl__osevent_hook_nexus *nexus = XEN_SLIST_FIRST(nexi_idle); if (nexus) { - LIBXL_SLIST_REMOVE_HEAD(nexi_idle, next); + XEN_SLIST_REMOVE_HEAD(nexi_idle, next); } else { nexus = libxl__zalloc(NOGC, sizeof(*nexus)); } @@ -364,7 +364,7 @@ int libxl__ev_fd_register(libxl__gc *gc, libxl__ev_fd *ev, ev->events = events; ev->func = func; - LIBXL_LIST_INSERT_HEAD(&CTX->efds, ev, entry); + XEN_LIST_INSERT_HEAD(&CTX->efds, ev, entry); pollers_note_osevent_added(CTX); rc = 0; @@ -409,10 +409,10 @@ void libxl__ev_fd_deregister(libxl__gc *gc, libxl__ev_fd *ev) DBG("ev_fd=%p deregister fd=%d", ev, ev->fd); OSEVENT_HOOK_VOID(fd,deregister, release, ev->fd, ev->nexus->for_app_reg); - LIBXL_LIST_REMOVE(ev, entry); + XEN_LIST_REMOVE(ev, entry); ev->fd = -1; - LIBXL_LIST_FOREACH(poller, &CTX->pollers_active, active_entry) + XEN_LIST_FOREACH(poller, &CTX->pollers_active, active_entry) poller->fds_deregistered = 1; out: @@ -504,7 +504,7 @@ static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) OSEVENT_HOOK_VOID(timeout,modify, noop /* release nexus in _occurred_ */, &ev->nexus->for_app_reg, right_away); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); + XEN_TAILQ_REMOVE(&CTX->etimes, ev, entry); } } @@ -640,7 +640,7 @@ static void time_occurs(libxl__egc *egc, libxl__ev_time *etime, int rc) libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, int slotnum) { libxl__ev_watch_slot *slot = &CTX->watch_slots[slotnum]; - libxl__ev_watch_slot *slotcontents = LIBXL_SLIST_NEXT(slot, empty); + libxl__ev_watch_slot *slotcontents = XEN_SLIST_NEXT(slot, empty); if (slotcontents == NULL || ((uintptr_t)slotcontents >= (uintptr_t)CTX->watch_slots && @@ -672,7 +672,7 @@ libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, int slotnum) static void libxl__set_watch_slot_contents(libxl__ev_watch_slot *slot, libxl__ev_xswatch *w) { - /* we look a bit behind the curtain of LIBXL_SLIST, to explicitly + /* we look a bit behind the curtain of XEN_SLIST, to explicitly * assign to the pointer that's the next link. See the comment * by the definition of libxl__ev_watch_slot */ slot->empty.sle_next = (void*)w; @@ -784,7 +784,7 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, if (rc) goto out_rc; } - if (LIBXL_SLIST_EMPTY(&CTX->watch_freeslots)) { + if (XEN_SLIST_EMPTY(&CTX->watch_freeslots)) { /* Free list is empty so there is not in fact a linked * free list in the array and we can safely realloc it */ int newarraysize = (CTX->watch_nslots + 1) << 2; @@ -794,14 +794,13 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, CTX->watch_slots, sizeof(*newarray) * newarraysize); if (!newarray) goto out_nomem; for (i = CTX->watch_nslots; i < newarraysize; i++) - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, - &newarray[i], empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, &newarray[i], empty); CTX->watch_slots = newarray; CTX->watch_nslots = newarraysize; } - use = LIBXL_SLIST_FIRST(&CTX->watch_freeslots); + use = XEN_SLIST_FIRST(&CTX->watch_freeslots); assert(use); - LIBXL_SLIST_REMOVE_HEAD(&CTX->watch_freeslots, empty); + XEN_SLIST_REMOVE_HEAD(&CTX->watch_freeslots, empty); path_copy = strdup(path); if (!path_copy) goto out_nomem; @@ -832,7 +831,7 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, rc = ERROR_NOMEM; out_rc: if (use) - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, use, empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, use, empty); free(path_copy); watches_check_fd_deregister(gc); CTX_UNLOCK; @@ -856,7 +855,7 @@ void libxl__ev_xswatch_deregister(libxl__gc *gc, libxl__ev_xswatch *w) LOGEV(ERROR, errno, "remove watch for path %s", w->path); libxl__ev_watch_slot *slot = &CTX->watch_slots[w->slotnum]; - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, slot, empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, slot, empty); w->slotnum = -1; CTX->nwatches--; watches_check_fd_deregister(gc); @@ -927,7 +926,7 @@ static void evtchn_fd_callback(libxl__egc *egc, libxl__ev_fd *ev, return; } - LIBXL_LIST_FOREACH(evev, &CTX->evtchns_waiting, entry) + XEN_LIST_FOREACH(evev, &CTX->evtchns_waiting, entry) if (port == evev->port) goto found; /* not found */ @@ -937,7 +936,7 @@ static void evtchn_fd_callback(libxl__egc *egc, libxl__ev_fd *ev, found: DBG("ev_evtchn=%p port=%d signaled", evev, port); evev->waiting = 0; - LIBXL_LIST_REMOVE(evev, entry); + XEN_LIST_REMOVE(evev, entry); evev->callback(egc, evev); } } @@ -972,7 +971,7 @@ int libxl__ctx_evtchn_init(libxl__gc *gc) { static void evtchn_check_fd_deregister(libxl__gc *gc) { - if (CTX->xce && LIBXL_LIST_EMPTY(&CTX->evtchns_waiting)) + if (CTX->xce && XEN_LIST_EMPTY(&CTX->evtchns_waiting)) libxl__ev_fd_deregister(gc, &CTX->evtchn_efd); } @@ -1003,7 +1002,7 @@ int libxl__ev_evtchn_wait(libxl__gc *gc, libxl__ev_evtchn *evev) } evev->waiting = 1; - LIBXL_LIST_INSERT_HEAD(&CTX->evtchns_waiting, evev, entry); + XEN_LIST_INSERT_HEAD(&CTX->evtchns_waiting, evev, entry); return 0; out: @@ -1020,7 +1019,7 @@ void libxl__ev_evtchn_cancel(libxl__gc *gc, libxl__ev_evtchn *evev) return; evev->waiting = 0; - LIBXL_LIST_REMOVE(evev, entry); + XEN_LIST_REMOVE(evev, entry); evtchn_check_fd_deregister(gc); } @@ -1095,7 +1094,7 @@ int libxl__ev_devstate_wait(libxl__ao *ao, libxl__ev_devstate *ds, void libxl__ev_immediate_register(libxl__egc *egc, libxl__ev_immediate *ei) { - LIBXL_STAILQ_INSERT_TAIL(&egc->ev_immediates, ei, entry); + XEN_STAILQ_INSERT_TAIL(&egc->ev_immediates, ei, entry); } /* @@ -1221,7 +1220,7 @@ static int beforepoll_internal(libxl__gc *gc, libxl__poller *poller, #define REQUIRE_FDS(BODY) do{ \ \ - LIBXL_LIST_FOREACH(efd, &CTX->efds, entry) \ + XEN_LIST_FOREACH(efd, &CTX->efds, entry) \ REQUIRE_FD(efd->fd, efd->events, BODY); \ \ REQUIRE_FD(poller->wakeup_pipe[0], POLLIN, BODY); \ @@ -1298,7 +1297,7 @@ static int beforepoll_internal(libxl__gc *gc, libxl__poller *poller, poller->fds_deregistered = 0; poller->osevents_added = 0; - libxl__ev_time *etime = LIBXL_TAILQ_FIRST(&CTX->etimes); + libxl__ev_time *etime = XEN_TAILQ_FIRST(&CTX->etimes); if (etime) { int our_timeout; struct timeval rel; @@ -1436,7 +1435,7 @@ static void afterpoll_internal(libxl__egc *egc, libxl__poller *poller, * so that we don't call the same function again. */ int revents; - LIBXL_LIST_FOREACH(efd, &CTX->efds, entry) { + XEN_LIST_FOREACH(efd, &CTX->efds, entry) { if (!efd->events) continue; @@ -1454,7 +1453,7 @@ static void afterpoll_internal(libxl__egc *egc, libxl__poller *poller, } for (;;) { - libxl__ev_time *etime = LIBXL_TAILQ_FIRST(&CTX->etimes); + libxl__ev_time *etime = XEN_TAILQ_FIRST(&CTX->etimes); if (!etime) break; @@ -1494,8 +1493,8 @@ void libxl_osevent_register_hooks(libxl_ctx *ctx, { GC_INIT(ctx); CTX_LOCK; - assert(LIBXL_LIST_EMPTY(&ctx->efds)); - assert(LIBXL_TAILQ_EMPTY(&ctx->etimes)); + assert(XEN_LIST_EMPTY(&ctx->efds)); + assert(XEN_TAILQ_EMPTY(&ctx->etimes)); ctx->osevent_hooks = hooks; ctx->osevent_user = user; CTX_UNLOCK; @@ -1534,7 +1533,7 @@ void libxl_osevent_occurred_timeout(libxl_ctx *ctx, void *for_libxl) if (!ev) goto out; assert(!ev->infinite); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); + XEN_TAILQ_REMOVE(&CTX->etimes, ev, entry); time_occurs(egc, ev, ERROR_TIMEDOUT); @@ -1577,9 +1576,9 @@ static void egc_run_callbacks(libxl__egc *egc) libxl__aop_occurred *aop, *aop_tmp; libxl__ev_immediate *ei; - while (!LIBXL_STAILQ_EMPTY(&egc->ev_immediates)) { - ei = LIBXL_STAILQ_FIRST(&egc->ev_immediates); - LIBXL_STAILQ_REMOVE_HEAD(&egc->ev_immediates, entry); + while (!XEN_STAILQ_EMPTY(&egc->ev_immediates)) { + ei = XEN_STAILQ_FIRST(&egc->ev_immediates); + XEN_STAILQ_REMOVE_HEAD(&egc->ev_immediates, entry); CTX_LOCK; /* This callback is internal to libxl and expects CTX to be * locked. */ @@ -1587,15 +1586,15 @@ static void egc_run_callbacks(libxl__egc *egc) CTX_UNLOCK; } - LIBXL_TAILQ_FOREACH_SAFE(ev, &egc->occurred_for_callback, link, ev_tmp) { - LIBXL_TAILQ_REMOVE(&egc->occurred_for_callback, ev, link); + XEN_TAILQ_FOREACH_SAFE(ev, &egc->occurred_for_callback, link, ev_tmp) { + XEN_TAILQ_REMOVE(&egc->occurred_for_callback, ev, link); LOG(DEBUG,"event %p callback type=%s", ev, libxl_event_type_to_string(ev->type)); CTX->event_hooks->event_occurs(CTX->event_hooks_user, ev); } - LIBXL_TAILQ_FOREACH_SAFE(aop, &egc->aops_for_callback, entry, aop_tmp) { - LIBXL_TAILQ_REMOVE(&egc->aops_for_callback, aop, entry); + XEN_TAILQ_FOREACH_SAFE(aop, &egc->aops_for_callback, entry, aop_tmp) { + XEN_TAILQ_REMOVE(&egc->aops_for_callback, aop, entry); LOG(DEBUG,"ao %p: progress report: callback aop=%p", aop->ao, aop); aop->how->callback(CTX, aop->ev, aop->how->for_callback); @@ -1607,9 +1606,9 @@ static void egc_run_callbacks(libxl__egc *egc) } libxl__ao *ao, *ao_tmp; - LIBXL_TAILQ_FOREACH_SAFE(ao, &egc->aos_for_callback, - entry_for_callback, ao_tmp) { - LIBXL_TAILQ_REMOVE(&egc->aos_for_callback, ao, entry_for_callback); + XEN_TAILQ_FOREACH_SAFE(ao, &egc->aos_for_callback, + entry_for_callback, ao_tmp) { + XEN_TAILQ_REMOVE(&egc->aos_for_callback, ao, entry_for_callback); LOG(DEBUG,"ao %p: completion callback", ao); ao->how.callback(CTX, ao->rc, ao->how.u.for_callback); CTX_LOCK; @@ -1648,12 +1647,12 @@ void libxl__event_occurred(libxl__egc *egc, libxl_event *event) * from libxl. This helps avoid reentrancy bugs: parts of * libxl that call libxl__event_occurred do not have to worry * that libxl might be reentered at that point. */ - LIBXL_TAILQ_INSERT_TAIL(&egc->occurred_for_callback, event, link); + XEN_TAILQ_INSERT_TAIL(&egc->occurred_for_callback, event, link); return; } else { libxl__poller *poller; - LIBXL_TAILQ_INSERT_TAIL(&CTX->occurred, event, link); - LIBXL_LIST_FOREACH(poller, &CTX->pollers_event, entry) + XEN_TAILQ_INSERT_TAIL(&CTX->occurred, event, link); + XEN_LIST_FOREACH(poller, &CTX->pollers_event, entry) libxl__poller_wakeup(gc, poller); } } @@ -1691,7 +1690,7 @@ static int event_check_internal(libxl__egc *egc, libxl_event **event_r, libxl_event *ev; int rc; - LIBXL_TAILQ_FOREACH(ev, &CTX->occurred, link) { + XEN_TAILQ_FOREACH(ev, &CTX->occurred, link) { if (!(typemask & ((uint64_t)1 << ev->type))) continue; @@ -1699,7 +1698,7 @@ static int event_check_internal(libxl__egc *egc, libxl_event **event_r, continue; /* got one! */ - LIBXL_TAILQ_REMOVE(&CTX->occurred, ev, link); + XEN_TAILQ_REMOVE(&CTX->occurred, ev, link); *event_r = ev; rc = 0; goto out; @@ -1820,9 +1819,9 @@ libxl__poller *libxl__poller_get(libxl__gc *gc) /* must be called with ctx locked */ int rc; - libxl__poller *p = LIBXL_LIST_FIRST(&CTX->pollers_idle); + libxl__poller *p = XEN_LIST_FIRST(&CTX->pollers_idle); if (p) { - LIBXL_LIST_REMOVE(p, entry); + XEN_LIST_REMOVE(p, entry); } else { p = libxl__zalloc(NOGC, sizeof(*p)); @@ -1833,16 +1832,15 @@ libxl__poller *libxl__poller_get(libxl__gc *gc) } } - LIBXL_LIST_INSERT_HEAD(&CTX->pollers_active, p, - active_entry); + XEN_LIST_INSERT_HEAD(&CTX->pollers_active, p, active_entry); return p; } void libxl__poller_put(libxl_ctx *ctx, libxl__poller *p) { if (!p) return; - LIBXL_LIST_REMOVE(p, active_entry); - LIBXL_LIST_INSERT_HEAD(&ctx->pollers_idle, p, entry); + XEN_LIST_REMOVE(p, active_entry); + XEN_LIST_INSERT_HEAD(&ctx->pollers_idle, p, entry); } void libxl__poller_wakeup(libxl__gc *gc, libxl__poller *p) @@ -2048,7 +2046,7 @@ void libxl__ao_create_fail(libxl__ao *ao) assert(!ao->complete); assert(!ao->progress_reports_outstanding); assert(!ao->aborting); - LIBXL_LIST_REMOVE(ao, inprogress_entry); + XEN_LIST_REMOVE(ao, inprogress_entry); libxl__ao__destroy(CTX, ao); } @@ -2070,7 +2068,7 @@ void libxl__ao_complete(libxl__egc *egc, libxl__ao *ao, int rc) assert(!ao->nested_progeny); ao->complete = 1; ao->rc = rc; - LIBXL_LIST_REMOVE(ao, inprogress_entry); + XEN_LIST_REMOVE(ao, inprogress_entry); if (ao->outstanding_killed_child) LOG(DEBUG, "ao %p: .. but waiting for %d fork to exit", ao, ao->outstanding_killed_child); @@ -2107,7 +2105,7 @@ void libxl__ao_complete_check_progress_reports(libxl__egc *egc, libxl__ao *ao) libxl__poller_wakeup(gc, ao->poller); } else if (ao->how.callback) { LOG(DEBUG, "ao %p: complete for callback", ao); - LIBXL_TAILQ_INSERT_TAIL(&egc->aos_for_callback, ao, entry_for_callback); + XEN_TAILQ_INSERT_TAIL(&egc->aos_for_callback, ao, entry_for_callback); } else { libxl_event *ev; ev = NEW_EVENT(egc, OPERATION_COMPLETE, ao->domid, ao->how.u.for_event); @@ -2148,7 +2146,7 @@ libxl__ao *libxl__ao_create(libxl_ctx *ctx, uint32_t domid, "ao %p: create: how=%p callback=%p poller=%p", ao, how, ao->how.callback, ao->poller); - LIBXL_LIST_INSERT_HEAD(&ctx->aos_inprogress, ao, inprogress_entry); + XEN_LIST_INSERT_HEAD(&ctx->aos_inprogress, ao, inprogress_entry); return ao; @@ -2255,7 +2253,7 @@ static int ao__abort(libxl_ctx *ctx, libxl__ao *parent) parent->aborting = 1; - if (LIBXL_LIST_EMPTY(&parent->abortables)) { + if (XEN_LIST_EMPTY(&parent->abortables)) { LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, "ao %p: abort requested and noted, but no-one interested", parent); @@ -2264,13 +2262,13 @@ static int ao__abort(libxl_ctx *ctx, libxl__ao *parent) } /* We keep calling abort hooks until there are none left */ - while (!LIBXL_LIST_EMPTY(&parent->abortables)) { + while (!XEN_LIST_EMPTY(&parent->abortables)) { assert(!parent->complete); - libxl__ao_abortable *abrt = LIBXL_LIST_FIRST(&parent->abortables); + libxl__ao_abortable *abrt = XEN_LIST_FIRST(&parent->abortables); assert(parent == ao_nested_root(abrt->ao)); - LIBXL_LIST_REMOVE(abrt, entry); + XEN_LIST_REMOVE(abrt, entry); abrt->registered = 0; LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, @@ -2300,7 +2298,7 @@ int libxl_ao_abort(libxl_ctx *ctx, const libxl_asyncop_how *how) libxl__ctx_lock(ctx); int rc; - LIBXL_LIST_FOREACH(search, &ctx->aos_inprogress, inprogress_entry) { + XEN_LIST_FOREACH(search, &ctx->aos_inprogress, inprogress_entry) { if (how) { /* looking for ao to be reported by callback or event */ if (search->poller) @@ -2356,7 +2354,7 @@ int libxl__ao_abortable_register(libxl__ao_abortable *abrt) } DBG("ao=%p, abrt=%p: registering (root=%p)", ao, abrt, root); - LIBXL_LIST_INSERT_HEAD(&root->abortables, abrt, entry); + XEN_LIST_INSERT_HEAD(&root->abortables, abrt, entry); abrt->registered = 1; return 0; @@ -2372,7 +2370,7 @@ _hidden void libxl__ao_abortable_deregister(libxl__ao_abortable *abrt) AO_GC; DBG("ao=%p, abrt=%p: deregistering (root=%p)", ao, abrt, root); - LIBXL_LIST_REMOVE(abrt, entry); + XEN_LIST_REMOVE(abrt, entry); abrt->registered = 0; } @@ -2408,7 +2406,7 @@ void libxl__ao_progress_report(libxl__egc *egc, libxl__ao *ao, aop->ao = ao; aop->ev = ev; aop->how = how; - LIBXL_TAILQ_INSERT_TAIL(&egc->aops_for_callback, aop, entry); + XEN_TAILQ_INSERT_TAIL(&egc->aops_for_callback, aop, entry); LOG(DEBUG,"ao %p: progress report: callback queued aop=%p",ao,aop); } else { LOG(DEBUG,"ao %p: progress report: event queued ev=%p type=%s", diff --git a/tools/libs/light/libxl_fork.c b/tools/libs/light/libxl_fork.c index 5d47dceb8a..676a14bb28 100644 --- a/tools/libs/light/libxl_fork.c +++ b/tools/libs/light/libxl_fork.c @@ -37,14 +37,14 @@ */ struct libxl__carefd { - LIBXL_LIST_ENTRY(libxl__carefd) entry; + XEN_LIST_ENTRY(libxl__carefd) entry; int fd; }; static pthread_mutex_t no_forking = PTHREAD_MUTEX_INITIALIZER; static int atfork_registered; -static LIBXL_LIST_HEAD(, libxl__carefd) carefds = - LIBXL_LIST_HEAD_INITIALIZER(carefds); +static XEN_LIST_HEAD(, libxl__carefd) carefds = + XEN_LIST_HEAD_INITIALIZER(carefds); /* Protected against concurrency by no_forking. sigchld_users is * protected against being interrupted by SIGCHLD (and thus read @@ -52,8 +52,8 @@ static LIBXL_LIST_HEAD(, libxl__carefd) carefds = * below). */ static bool sigchld_installed; /* 0 means not */ static pthread_mutex_t sigchld_defer_mutex = PTHREAD_MUTEX_INITIALIZER; -static LIBXL_LIST_HEAD(, libxl_ctx) sigchld_users = - LIBXL_LIST_HEAD_INITIALIZER(sigchld_users); +static XEN_LIST_HEAD(, libxl_ctx) sigchld_users = + XEN_LIST_HEAD_INITIALIZER(sigchld_users); static struct sigaction sigchld_saved_action; static void sigchld_removehandler_core(void); /* idempotent */ @@ -105,7 +105,7 @@ libxl__carefd *libxl__carefd_record(libxl_ctx *ctx, int fd) libxl_fd_set_cloexec(ctx, fd, 1); cf = libxl__zalloc(&ctx->nogc_gc, sizeof(*cf)); cf->fd = fd; - LIBXL_LIST_INSERT_HEAD(&carefds, cf, entry); + XEN_LIST_INSERT_HEAD(&carefds, cf, entry); return cf; } @@ -141,7 +141,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) atfork_lock(); - LIBXL_LIST_FOREACH_SAFE(cf, &carefds, entry, cf_tmp) { + XEN_LIST_FOREACH_SAFE(cf, &carefds, entry, cf_tmp) { if (cf->fd >= 0) { r = close(cf->fd); if (r) @@ -151,7 +151,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) } free(cf); } - LIBXL_LIST_INIT(&carefds); + XEN_LIST_INIT(&carefds); if (sigchld_installed) { /* We are in theory not at risk of concurrent execution of the @@ -172,7 +172,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) * use SIGCHLD, but instead just waits for the child(ren). */ defer_sigchld(); - LIBXL_LIST_INIT(&sigchld_users); + XEN_LIST_INIT(&sigchld_users); /* After this the ->sigchld_user_registered entries in the * now-obsolete contexts may be lies. But that's OK because * no-one will look at them. */ @@ -190,7 +190,7 @@ int libxl__carefd_close(libxl__carefd *cf) atfork_lock(); int r = cf->fd < 0 ? 0 : close(cf->fd); int esave = errno; - LIBXL_LIST_REMOVE(cf, entry); + XEN_LIST_REMOVE(cf, entry); atfork_unlock(); free(cf); errno = esave; @@ -238,7 +238,7 @@ static void sigchld_handler(int signo) int r = pthread_mutex_lock(&sigchld_defer_mutex); assert(!r); - LIBXL_LIST_FOREACH(notify, &sigchld_users, sigchld_users_entry) { + XEN_LIST_FOREACH(notify, &sigchld_users, sigchld_users_entry) { int e = libxl__self_pipe_wakeup(notify->sigchld_selfpipe[1]); if (e) abort(); /* errors are probably EBADF, very bad */ } @@ -362,11 +362,11 @@ static void sigchld_user_remove(libxl_ctx *ctx) /* idempotent */ atfork_lock(); defer_sigchld(); - LIBXL_LIST_REMOVE(ctx, sigchld_users_entry); + XEN_LIST_REMOVE(ctx, sigchld_users_entry); release_sigchld(); - if (LIBXL_LIST_EMPTY(&sigchld_users)) + if (XEN_LIST_EMPTY(&sigchld_users)) sigchld_removehandler_core(); atfork_unlock(); @@ -404,7 +404,7 @@ int libxl__sigchld_needed(libxl__gc *gc) /* non-reentrant, idempotent */ defer_sigchld(); - LIBXL_LIST_INSERT_HEAD(&sigchld_users, CTX, sigchld_users_entry); + XEN_LIST_INSERT_HEAD(&sigchld_users, CTX, sigchld_users_entry); release_sigchld(); atfork_unlock(); @@ -421,7 +421,7 @@ static bool chldmode_ours(libxl_ctx *ctx, bool creating) { switch (ctx->childproc_hooks->chldowner) { case libxl_sigchld_owner_libxl: - return creating || !LIBXL_LIST_EMPTY(&ctx->children); + return creating || !XEN_LIST_EMPTY(&ctx->children); case libxl_sigchld_owner_mainloop: return 0; case libxl_sigchld_owner_libxl_always: @@ -452,7 +452,7 @@ static void childproc_reaped_ours(libxl__egc *egc, libxl__ev_child *ch, int status) { pid_t pid = ch->pid; - LIBXL_LIST_REMOVE(ch, entry); + XEN_LIST_REMOVE(ch, entry); ch->pid = -1; ch->callback(egc, ch, pid, status); } @@ -462,7 +462,7 @@ static int childproc_reaped(libxl__egc *egc, pid_t pid, int status) EGC_GC; libxl__ev_child *ch; - LIBXL_LIST_FOREACH(ch, &CTX->children, entry) + XEN_LIST_FOREACH(ch, &CTX->children, entry) if (ch->pid == pid) goto found; @@ -497,7 +497,7 @@ static void childproc_checkall(libxl__egc *egc) int status; pid_t got; - LIBXL_LIST_FOREACH(ch, &CTX->children, entry) { + XEN_LIST_FOREACH(ch, &CTX->children, entry) { got = checked_waitpid(egc, ch->pid, &status); if (got) goto found; @@ -625,7 +625,7 @@ pid_t libxl__ev_child_fork(libxl__gc *gc, libxl__ev_child *ch, ch->pid = pid; ch->callback = death; - LIBXL_LIST_INSERT_HEAD(&CTX->children, ch, entry); + XEN_LIST_INSERT_HEAD(&CTX->children, ch, entry); rc = pid; out: @@ -640,7 +640,7 @@ void libxl_childproc_setmode(libxl_ctx *ctx, const libxl_childproc_hooks *hooks, GC_INIT(ctx); CTX_LOCK; - assert(LIBXL_LIST_EMPTY(&CTX->children)); + assert(XEN_LIST_EMPTY(&CTX->children)); if (!hooks) hooks = &libxl__childproc_default_hooks; @@ -698,10 +698,10 @@ void libxl__ev_child_kill_deregister(libxl__ao *ao, libxl__ev_child *ch, new_ch->ao = ao; new_ch->ch.pid = pid; new_ch->ch.callback = deregistered_child_callback; - LIBXL_LIST_INSERT_HEAD(&CTX->children, &new_ch->ch, entry); + XEN_LIST_INSERT_HEAD(&CTX->children, &new_ch->ch, entry); ao->outstanding_killed_child++; - LIBXL_LIST_REMOVE(ch, entry); + XEN_LIST_REMOVE(ch, entry); ch->pid = -1; int r = kill(pid, sig); if (r) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 37d5c27756..c0e7779d97 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -245,7 +245,7 @@ struct libxl__ev_fd { short events; libxl__ev_fd_callback *func; /* remainder is private for libxl__ev_fd... */ - LIBXL_LIST_ENTRY(libxl__ev_fd) entry; + XEN_LIST_ENTRY(libxl__ev_fd) entry; libxl__osevent_hook_nexus *nexus; }; @@ -260,7 +260,7 @@ struct libxl__ao_abortable { libxl__ao_abortable_callback *callback; /* remainder is private for abort machinery */ bool registered; - LIBXL_LIST_ENTRY(libxl__ao_abortable) entry; + XEN_LIST_ENTRY(libxl__ao_abortable) entry; /* * For nested aos: * Semantically, abort affects the whole tree of aos, @@ -296,7 +296,7 @@ struct libxl__ev_time { libxl__ev_time_callback *func; /* remainder is private for libxl__ev_time... */ int infinite; /* not registered in list or with app if infinite */ - LIBXL_TAILQ_ENTRY(libxl__ev_time) entry; + XEN_TAILQ_ENTRY(libxl__ev_time) entry; struct timeval abs; libxl__osevent_hook_nexus *nexus; libxl__ao_abortable abrt; @@ -323,7 +323,7 @@ struct libxl__ev_evtchn { int port; /* remainder is private for libxl__ev_evtchn_... */ bool waiting; - LIBXL_LIST_ENTRY(libxl__ev_evtchn) entry; + XEN_LIST_ENTRY(libxl__ev_evtchn) entry; }; /* @@ -341,7 +341,7 @@ struct libxl__ev_evtchn { * xswatch pointers when we store and retrieve them. */ typedef struct libxl__ev_watch_slot { - LIBXL_SLIST_ENTRY(struct libxl__ev_watch_slot) empty; + XEN_SLIST_ENTRY(struct libxl__ev_watch_slot) empty; } libxl__ev_watch_slot; _hidden libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, @@ -357,7 +357,7 @@ struct libxl__ev_child { pid_t pid; /* -1 means unused ("unregistered", ie Idle) */ libxl__ev_child_callback *callback; /* remainder is private for libxl__ev_... */ - LIBXL_LIST_ENTRY(struct libxl__ev_child) entry; + XEN_LIST_ENTRY(struct libxl__ev_child) entry; }; /* libxl__ev_immediate @@ -370,7 +370,7 @@ struct libxl__ev_immediate { /* filled by user */ void (*callback)(libxl__egc *, libxl__ev_immediate *); /* private to libxl__ev_immediate */ - LIBXL_STAILQ_ENTRY(libxl__ev_immediate) entry; + XEN_STAILQ_ENTRY(libxl__ev_immediate) entry; }; void libxl__ev_immediate_register(libxl__egc *, libxl__ev_immediate *); @@ -582,7 +582,7 @@ _hidden void libxl__qmp_param_add_integer(libxl__gc *gc, struct libxl__evgen_domain_death { uint32_t domid; unsigned shutdown_reported:1, death_reported:1; - LIBXL_TAILQ_ENTRY(libxl_evgen_domain_death) entry; + XEN_TAILQ_ENTRY(libxl_evgen_domain_death) entry; /* on list .death_reported ? CTX->death_list : CTX->death_reported */ libxl_ev_user user; }; @@ -592,7 +592,7 @@ libxl__evdisable_domain_death(libxl__gc*, libxl_evgen_domain_death*); struct libxl__evgen_disk_eject { libxl__ev_xswatch watch; uint32_t domid; - LIBXL_LIST_ENTRY(libxl_evgen_disk_eject) entry; + XEN_LIST_ENTRY(libxl_evgen_disk_eject) entry; libxl_ev_user user; char *vdev, *be_ptr_path; }; @@ -620,7 +620,7 @@ struct libxl__poller { * The "poller_app" is never idle, but is sometimes on * pollers_event. */ - LIBXL_LIST_ENTRY(libxl__poller) entry; + XEN_LIST_ENTRY(libxl__poller) entry; struct pollfd *fd_polls; int fd_polls_allocd; @@ -653,7 +653,7 @@ struct libxl__poller { * a promise to also make this check, so the baton will never be * dropped. */ - LIBXL_LIST_ENTRY(libxl__poller) active_entry; + XEN_LIST_ENTRY(libxl__poller) active_entry; bool fds_deregistered; bool osevents_added; }; @@ -687,7 +687,7 @@ struct libxl__ctx { * documented in the libxl public interface. */ - LIBXL_TAILQ_HEAD(libxl__event_list, libxl_event) occurred; + XEN_TAILQ_HEAD(libxl__event_list, libxl_event) occurred; int osevent_in_hook; const libxl_osevent_hooks *osevent_hooks; @@ -696,40 +696,40 @@ struct libxl__ctx { * for restrictions on the use of the osevent fields. */ libxl__poller *poller_app; /* libxl_osevent_beforepoll and _afterpoll */ - LIBXL_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; - LIBXL_LIST_HEAD(, libxl__poller) pollers_active; + XEN_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; + XEN_LIST_HEAD(, libxl__poller) pollers_active; - LIBXL_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) + XEN_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) hook_fd_nexi_idle, hook_timeout_nexi_idle; - LIBXL_LIST_HEAD(, libxl__ev_fd) efds; - LIBXL_TAILQ_HEAD(, libxl__ev_time) etimes; + XEN_LIST_HEAD(, libxl__ev_fd) efds; + XEN_TAILQ_HEAD(, libxl__ev_time) etimes; libxl__ev_watch_slot *watch_slots; int watch_nslots, nwatches; - LIBXL_SLIST_HEAD(, libxl__ev_watch_slot) watch_freeslots; + XEN_SLIST_HEAD(, libxl__ev_watch_slot) watch_freeslots; uint32_t watch_counter; /* helps disambiguate slot reuse */ libxl__ev_fd watch_efd; xenevtchn_handle *xce; /* waiting must be done only with libxl__ev_evtchn* */ - LIBXL_LIST_HEAD(, libxl__ev_evtchn) evtchns_waiting; + XEN_LIST_HEAD(, libxl__ev_evtchn) evtchns_waiting; libxl__ev_fd evtchn_efd; - LIBXL_LIST_HEAD(, libxl__ao) aos_inprogress; + XEN_LIST_HEAD(, libxl__ao) aos_inprogress; - LIBXL_TAILQ_HEAD(libxl__evgen_domain_death_list, libxl_evgen_domain_death) + XEN_TAILQ_HEAD(libxl__evgen_domain_death_list, libxl_evgen_domain_death) death_list /* sorted by domid */, death_reported; libxl__ev_xswatch death_watch; - LIBXL_LIST_HEAD(, libxl_evgen_disk_eject) disk_eject_evgens; + XEN_LIST_HEAD(, libxl_evgen_disk_eject) disk_eject_evgens; const libxl_childproc_hooks *childproc_hooks; void *childproc_user; int sigchld_selfpipe[2]; /* [0]==-1 means handler not installed */ libxl__ev_fd sigchld_selfpipe_efd; - LIBXL_LIST_HEAD(, libxl__ev_child) children; + XEN_LIST_HEAD(, libxl__ev_child) children; bool sigchld_user_registered; - LIBXL_LIST_ENTRY(libxl_ctx) sigchld_users_entry; + XEN_LIST_ENTRY(libxl_ctx) sigchld_users_entry; libxl_version_info version_info; @@ -774,9 +774,9 @@ struct libxl__egc { * The egc and its gc may be accessed only on the creating thread. */ struct libxl__gc gc; struct libxl__event_list occurred_for_callback; - LIBXL_TAILQ_HEAD(, libxl__ao) aos_for_callback; - LIBXL_TAILQ_HEAD(, libxl__aop_occurred) aops_for_callback; - LIBXL_STAILQ_HEAD(, libxl__ev_immediate) ev_immediates; + XEN_TAILQ_HEAD(, libxl__ao) aos_for_callback; + XEN_TAILQ_HEAD(, libxl__aop_occurred) aops_for_callback; + XEN_STAILQ_HEAD(, libxl__ev_immediate) ev_immediates; }; struct libxl__aop_occurred { @@ -787,7 +787,7 @@ struct libxl__aop_occurred { * While an aop exists, it corresponds to one refcount in * ao->progress_reports_outstanding, preventing ao destruction. */ - LIBXL_TAILQ_ENTRY(libxl__aop_occurred) entry; + XEN_TAILQ_ENTRY(libxl__aop_occurred) entry; libxl__ao *ao; libxl_event *ev; const libxl_asyncprogress_how *how; @@ -819,13 +819,13 @@ struct libxl__ao { int nested_progeny; int progress_reports_outstanding; int rc; - LIBXL_LIST_HEAD(, libxl__ao_abortable) abortables; - LIBXL_LIST_ENTRY(libxl__ao) inprogress_entry; + XEN_LIST_HEAD(, libxl__ao_abortable) abortables; + XEN_LIST_ENTRY(libxl__ao) inprogress_entry; libxl__gc gc; libxl_asyncop_how how; libxl__poller *poller; uint32_t domid; - LIBXL_TAILQ_ENTRY(libxl__ao) entry_for_callback; + XEN_TAILQ_ENTRY(libxl__ao) entry_for_callback; int outstanding_killed_child; }; @@ -2379,10 +2379,10 @@ bool libxl__stubdomain_is_linux(libxl_domain_build_info *b_info) #define LIBXL_INIT_EGC(egc,ctx) do{ \ LIBXL_INIT_GC((egc).gc,ctx); \ - LIBXL_TAILQ_INIT(&(egc).occurred_for_callback); \ - LIBXL_TAILQ_INIT(&(egc).aos_for_callback); \ - LIBXL_TAILQ_INIT(&(egc).aops_for_callback); \ - LIBXL_STAILQ_INIT(&(egc).ev_immediates); \ + XEN_TAILQ_INIT(&(egc).occurred_for_callback); \ + XEN_TAILQ_INIT(&(egc).aos_for_callback); \ + XEN_TAILQ_INIT(&(egc).aops_for_callback); \ + XEN_STAILQ_INIT(&(egc).ev_immediates); \ } while(0) _hidden void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc); @@ -3141,7 +3141,7 @@ typedef void libxl__datacopier_callback(libxl__egc *egc, struct libxl__datacopier_buf { /* private to datacopier */ - LIBXL_TAILQ_ENTRY(libxl__datacopier_buf) entry; + XEN_TAILQ_ENTRY(libxl__datacopier_buf) entry; int used; char buf[1000]; }; @@ -3163,7 +3163,7 @@ struct libxl__datacopier_state { libxl__ao_abortable abrt; libxl__ev_fd toread, towrite; ssize_t used; - LIBXL_TAILQ_HEAD(libxl__datacopier_bufs, libxl__datacopier_buf) bufs; + XEN_TAILQ_HEAD(libxl__datacopier_bufs, libxl__datacopier_buf) bufs; }; _hidden void libxl__datacopier_init(libxl__datacopier_state *dc); @@ -3443,7 +3443,7 @@ typedef struct libxl__stream_read_state libxl__stream_read_state; typedef struct libxl__sr_record_buf { /* private to stream read helper */ - LIBXL_STAILQ_ENTRY(struct libxl__sr_record_buf) entry; + XEN_STAILQ_ENTRY(struct libxl__sr_record_buf) entry; libxl__sr_rec_hdr hdr; void *body; /* iff hdr.length != 0 */ } libxl__sr_record_buf; @@ -3473,7 +3473,7 @@ struct libxl__stream_read_state { /* Main stream-reading data. */ libxl__datacopier_state dc; /* Only used when reading a record */ libxl__sr_hdr hdr; - LIBXL_STAILQ_HEAD(, libxl__sr_record_buf) record_queue; /* NOGC */ + XEN_STAILQ_HEAD(, libxl__sr_record_buf) record_queue; /* NOGC */ enum { SRS_PHASE_NORMAL, SRS_PHASE_BUFFERING, @@ -4599,9 +4599,9 @@ static inline int libxl__defbool_is_default(libxl_defbool *db) #define LIBXL_TAILQ_INSERT_SORTED(head, entry, elm_new, elm_search, \ search_body, new_after_search_p) \ do { \ - for ((elm_search) = LIBXL_TAILQ_FIRST((head)); \ + for ((elm_search) = XEN_TAILQ_FIRST((head)); \ (elm_search); \ - (elm_search) = LIBXL_TAILQ_NEXT((elm_search), entry)) { \ + (elm_search) = XEN_TAILQ_NEXT((elm_search), entry)) { \ search_body; \ if (!(new_after_search_p)) \ break; \ @@ -4610,9 +4610,9 @@ static inline int libxl__defbool_is_default(libxl_defbool *db) * to place elm_new, or NULL meaning we want to put elm_new at \ * the end */ \ if ((elm_search)) \ - LIBXL_TAILQ_INSERT_BEFORE((elm_search), (elm_new), entry); \ + XEN_TAILQ_INSERT_BEFORE((elm_search), (elm_new), entry); \ else \ - LIBXL_TAILQ_INSERT_TAIL((head), (elm_new), entry); \ + XEN_TAILQ_INSERT_TAIL((head), (elm_new), entry); \ } while(0) diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index fb146a54cb..8faa102e4d 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -63,7 +63,7 @@ #include -#include "_libxl_list.h" +#include "_xen_list.h" #include "libxl_internal.h" /* #define DEBUG_RECEIVED */ @@ -107,7 +107,7 @@ typedef struct callback_id_pair { qmp_callback_t callback; void *opaque; qmp_request_context *context; - LIBXL_STAILQ_ENTRY(struct callback_id_pair) next; + XEN_STAILQ_ENTRY(struct callback_id_pair) next; } callback_id_pair; struct libxl__qmp_handler { @@ -123,7 +123,7 @@ struct libxl__qmp_handler { uint32_t domid; int last_id_used; - LIBXL_STAILQ_HEAD(callback_list, callback_id_pair) callback_list; + XEN_STAILQ_HEAD(callback_list, callback_id_pair) callback_list; struct { int major; int minor; @@ -189,7 +189,7 @@ static callback_id_pair *qmp_get_callback_from_id(libxl__qmp_handler *qmp, if (id_object) { id = libxl__json_object_get_integer(id_object); - LIBXL_STAILQ_FOREACH(pp, &qmp->callback_list, next) { + XEN_STAILQ_FOREACH(pp, &qmp->callback_list, next) { if (pp->id == id) { return pp; } @@ -217,7 +217,7 @@ static void qmp_handle_error_response(libxl__gc *gc, libxl__qmp_handler *qmp, /* tell that the id have been processed */ qmp->wait_for_id = 0; } - LIBXL_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); + XEN_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); free(pp); } @@ -266,8 +266,7 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, /* tell that the id have been processed */ qmp->wait_for_id = 0; } - LIBXL_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, - next); + XEN_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); free(pp); } return 0; @@ -325,7 +324,7 @@ static libxl__qmp_handler *qmp_init_handler(libxl__gc *gc, uint32_t domid) qmp->domid = domid; qmp->timeout = 5; - LIBXL_STAILQ_INIT(&qmp->callback_list); + XEN_STAILQ_INIT(&qmp->callback_list); return qmp; } @@ -383,7 +382,7 @@ static void qmp_close(libxl__qmp_handler *qmp) callback_id_pair *tmp = NULL; close(qmp->qmp_fd); - LIBXL_STAILQ_FOREACH(pp, &qmp->callback_list, next) { + XEN_STAILQ_FOREACH(pp, &qmp->callback_list, next) { free(tmp); tmp = pp; } @@ -547,7 +546,7 @@ static char *qmp_send_prepare(libxl__gc *gc, libxl__qmp_handler *qmp, elm->callback = callback; elm->opaque = opaque; elm->context = context; - LIBXL_STAILQ_INSERT_TAIL(&qmp->callback_list, elm, next); + XEN_STAILQ_INSERT_TAIL(&qmp->callback_list, elm, next); LOGD(DEBUG, qmp->domid, "next qmp command: '%s'", buf); diff --git a/tools/libs/light/libxl_stream_read.c b/tools/libs/light/libxl_stream_read.c index 99a6714e76..e64e8f0ead 100644 --- a/tools/libs/light/libxl_stream_read.c +++ b/tools/libs/light/libxl_stream_read.c @@ -214,7 +214,7 @@ void libxl__stream_read_init(libxl__stream_read_state *stream) stream->sync_teardown = false; FILLZERO(stream->dc); FILLZERO(stream->hdr); - LIBXL_STAILQ_INIT(&stream->record_queue); + XEN_STAILQ_INIT(&stream->record_queue); stream->phase = SRS_PHASE_NORMAL; stream->recursion_guard = false; stream->incoming_record = NULL; @@ -402,7 +402,7 @@ static void stream_continue(libxl__egc *egc, * processing the record. There should never be two records * in the queue. */ - if (LIBXL_STAILQ_EMPTY(&stream->record_queue)) + if (XEN_STAILQ_EMPTY(&stream->record_queue)) setup_read_record(egc, stream); else { if (process_record(egc, stream)) @@ -412,7 +412,7 @@ static void stream_continue(libxl__egc *egc, * process_record() had better have consumed the one and * only record in the queue. */ - assert(LIBXL_STAILQ_EMPTY(&stream->record_queue)); + assert(XEN_STAILQ_EMPTY(&stream->record_queue)); } break; @@ -428,7 +428,7 @@ static void stream_continue(libxl__egc *egc, * the tail to spot the CHECKPOINT_END record, and switch to * the unbuffering phase. */ - libxl__sr_record_buf *rec = LIBXL_STAILQ_LAST( + libxl__sr_record_buf *rec = XEN_STAILQ_LAST( &stream->record_queue, libxl__sr_record_buf, entry); assert(stream->in_checkpoint); @@ -537,7 +537,7 @@ static void record_body_done(libxl__egc *egc, if (rc) goto err; - LIBXL_STAILQ_INSERT_TAIL(&stream->record_queue, rec, entry); + XEN_STAILQ_INSERT_TAIL(&stream->record_queue, rec, entry); stream->incoming_record = NULL; stream_continue(egc, stream); @@ -567,9 +567,9 @@ static bool process_record(libxl__egc *egc, int rc = 0; /* Pop a record from the head of the queue. */ - assert(!LIBXL_STAILQ_EMPTY(&stream->record_queue)); - rec = LIBXL_STAILQ_FIRST(&stream->record_queue); - LIBXL_STAILQ_REMOVE_HEAD(&stream->record_queue, entry); + assert(!XEN_STAILQ_EMPTY(&stream->record_queue)); + rec = XEN_STAILQ_FIRST(&stream->record_queue); + XEN_STAILQ_REMOVE_HEAD(&stream->record_queue, entry); LOG(DEBUG, "Record: %u, length %u", rec->hdr.type, rec->hdr.length); @@ -813,9 +813,9 @@ static void stream_done(libxl__egc *egc, /* The record queue had better be empty if the stream believes * itself to have been successful. */ - assert(LIBXL_STAILQ_EMPTY(&stream->record_queue) || stream->rc); + assert(XEN_STAILQ_EMPTY(&stream->record_queue) || stream->rc); - LIBXL_STAILQ_FOREACH_SAFE(rec, &stream->record_queue, entry, trec) + XEN_STAILQ_FOREACH_SAFE(rec, &stream->record_queue, entry, trec) free_record(rec); if (!stream->back_channel) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268349.462157 (Exim 4.92) (envelope-from ) id 1nHQnC-00083e-3K; Tue, 08 Feb 2022 13:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268349.462157; Tue, 08 Feb 2022 13:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnC-00083W-0X; Tue, 08 Feb 2022 13:44:26 +0000 Received: by outflank-mailman (input) for mailman id 268349; Tue, 08 Feb 2022 13:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnA-00083E-Vk for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnA-0000NN-Uw for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQnA-0004z0-Tq for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HCICQOjZL9De1dgIPZtc3DcIpJY7D1wgklDiwYtmcsk=; b=ZulYcVhKLS2YbeMwNHIb4TASKb XZ/KZvzHXLsryfJ2fW/98q7WhA4jV6VSeRHocpHCK34h3zbzBwfm91CZxoPbNR51AUIMXoS2KHmKz +GYrqRAgXtMCSw5OSajkhYhXxfSZX9ShM+4SAt+7H6xuX0WKM8pIZZZTDeSZU7HzahXw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/toolcore: replace _xentoolcore_list.h with _xen_list.h Message-Id: Date: Tue, 08 Feb 2022 13:44:24 +0000 commit 4721d932337e1fe788b24d1289f55fe3a6f06ba1 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:36 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:52 2022 +0000 tools/libs/toolcore: replace _xentoolcore_list.h with _xen_list.h Remove generating _xentoolcore_list.h and use the common _xen_list.h instead. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- .gitignore | 1 - tools/include/xentoolcore_internal.h | 4 ++-- tools/libs/toolcore/Makefile | 8 -------- tools/libs/toolcore/handlereg.c | 8 ++++---- 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 1f53b0320e..2403841e49 100644 --- a/.gitignore +++ b/.gitignore @@ -227,7 +227,6 @@ tools/hotplug/NetBSD/rc.d/xencommons tools/hotplug/NetBSD/rc.d/xendriverdomain tools/include/acpi tools/include/_libxl*.h -tools/include/_xentoolcore_list.h tools/include/xen/* tools/include/xen-xsm/* tools/include/xen-foreign/*.(c|h|size) diff --git a/tools/include/xentoolcore_internal.h b/tools/include/xentoolcore_internal.h index 04f5848f09..deccefd612 100644 --- a/tools/include/xentoolcore_internal.h +++ b/tools/include/xentoolcore_internal.h @@ -27,7 +27,7 @@ #include #include "xentoolcore.h" -#include "_xentoolcore_list.h" +#include "_xen_list.h" /*---------- active handle registration ----------*/ @@ -87,7 +87,7 @@ typedef int Xentoolcore__Restrict_Callback(Xentoolcore__Active_Handle*, struct Xentoolcore__Active_Handle { Xentoolcore__Restrict_Callback *restrict_callback; - XENTOOLCORE_LIST_ENTRY(Xentoolcore__Active_Handle) entry; + XEN_LIST_ENTRY(Xentoolcore__Active_Handle) entry; }; void xentoolcore__register_active_handle(Xentoolcore__Active_Handle*); diff --git a/tools/libs/toolcore/Makefile b/tools/libs/toolcore/Makefile index ed4ae00694..9c013b2879 100644 --- a/tools/libs/toolcore/Makefile +++ b/tools/libs/toolcore/Makefile @@ -3,7 +3,6 @@ include $(XEN_ROOT)/tools/Rules.mk MAJOR = 1 MINOR = 0 -AUTOINCS := $(XEN_INCLUDE)/_xentoolcore_list.h LIBHEADER := xentoolcore.h @@ -12,10 +11,3 @@ SRCS-y += handlereg.c include $(XEN_ROOT)/tools/libs/libs.mk PKG_CONFIG_DESC := Central support for Xen Hypervisor userland libraries - -$(LIB_OBJS): $(AUTOINCS) -$(PIC_OBJS): $(AUTOINCS) - -$(XEN_INCLUDE)/_xentoolcore_list.h: $(XEN_INCLUDE)/xen-external/bsd-sys-queue-h-seddery $(XEN_INCLUDE)/xen-external/bsd-sys-queue.h - $(PERL) $^ --prefix=xentoolcore >$(notdir $@).new - $(call move-if-changed,$(notdir $@).new,$@) diff --git a/tools/libs/toolcore/handlereg.c b/tools/libs/toolcore/handlereg.c index baec55e2a4..b43cb0e8ac 100644 --- a/tools/libs/toolcore/handlereg.c +++ b/tools/libs/toolcore/handlereg.c @@ -31,7 +31,7 @@ #include static pthread_mutex_t handles_lock = PTHREAD_MUTEX_INITIALIZER; -static XENTOOLCORE_LIST_HEAD(, Xentoolcore__Active_Handle) handles; +static XEN_LIST_HEAD(, Xentoolcore__Active_Handle) handles; static void lock(void) { int e = pthread_mutex_lock(&handles_lock); @@ -45,13 +45,13 @@ static void unlock(void) { void xentoolcore__register_active_handle(Xentoolcore__Active_Handle *ah) { lock(); - XENTOOLCORE_LIST_INSERT_HEAD(&handles, ah, entry); + XEN_LIST_INSERT_HEAD(&handles, ah, entry); unlock(); } void xentoolcore__deregister_active_handle(Xentoolcore__Active_Handle *ah) { lock(); - XENTOOLCORE_LIST_REMOVE(ah, entry); + XEN_LIST_REMOVE(ah, entry); unlock(); } @@ -60,7 +60,7 @@ int xentoolcore_restrict_all(domid_t domid) { Xentoolcore__Active_Handle *ah; lock(); - XENTOOLCORE_LIST_FOREACH(ah, &handles, entry) { + XEN_LIST_FOREACH(ah, &handles, entry) { r = ah->restrict_callback(ah, domid); if (r) goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268351.462161 (Exim 4.92) (envelope-from ) id 1nHQnM-00086z-56; Tue, 08 Feb 2022 13:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268351.462161; Tue, 08 Feb 2022 13:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnM-00086r-20; Tue, 08 Feb 2022 13:44:36 +0000 Received: by outflank-mailman (input) for mailman id 268351; Tue, 08 Feb 2022 13:44:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnL-00086g-2r for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnL-0000NY-23 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQnL-000509-11 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hY65l34GBGdYJfnByNqqZVrq5Gi4lvccBnKeHhB57vs=; b=jIyZPZv4UmWqfSylq70cWO8Zzb eKVyHRCbovOyiquVaAhjCon34nvD7tCyd+bpy02TaYZfqA2euEgsKriKL1pb/TTP7quvZH+NWSvR1 wmXLt8mCabjSn6vT3WaBXEIGjPD66F3lxMsd8t+7sgAn8FWPTMZxq2GhrnV/NMTr6Dso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs/evtchn: use _xen_list.h Message-Id: Date: Tue, 08 Feb 2022 13:44:35 +0000 commit 8bd039921adb81033f819d2eedc2c94373dacb70 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:37 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:53 2022 +0000 tools/libs/evtchn: use _xen_list.h Instead of including xen-external/bsd-sys-queue.h use the header _xen_list.h in minios.c. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/libs/evtchn/minios.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/libs/evtchn/minios.c b/tools/libs/evtchn/minios.c index 30f98bc7e4..65cfccfd09 100644 --- a/tools/libs/evtchn/minios.c +++ b/tools/libs/evtchn/minios.c @@ -20,7 +20,7 @@ * Split off from xc_minios.c */ -#include "xen-external/bsd-sys-queue.h" +#include "_xen_list.h" #include #include #include @@ -38,10 +38,10 @@ #include "private.h" -LIST_HEAD(port_list, port_info); +XEN_LIST_HEAD(port_list, struct port_info); struct port_info { - LIST_ENTRY(port_info) list; + XEN_LIST_ENTRY(struct port_info) list; evtchn_port_t port; bool pending; bool bound; @@ -62,7 +62,7 @@ static struct port_info *port_alloc(xenevtchn_handle *xce) port_info->port = -1; port_info->bound = false; - LIST_INSERT_HEAD(port_list, port_info, list); + XEN_LIST_INSERT_HEAD(port_list, port_info, list); return port_info; } @@ -72,7 +72,7 @@ static void port_dealloc(struct port_info *port_info) if ( port_info->bound ) unbind_evtchn(port_info->port); - LIST_REMOVE(port_info, list); + XEN_LIST_REMOVE(port_info, list); free(port_info); } @@ -81,7 +81,7 @@ static int evtchn_close_fd(struct file *file) struct port_info *port_info, *tmp; struct port_list *port_list = file->dev; - LIST_FOREACH_SAFE(port_info, port_list, list, tmp) + XEN_LIST_FOREACH_SAFE(port_info, port_list, list, tmp) port_dealloc(port_info); free(port_list); @@ -126,7 +126,7 @@ int osdep_evtchn_open(xenevtchn_handle *xce, unsigned int flags) } file->dev = list; - LIST_INIT(list); + XEN_LIST_INIT(list); xce->fd = fd; printf("evtchn_open() -> %d\n", fd); @@ -173,7 +173,7 @@ static void evtchn_handler(evtchn_port_t port, struct pt_regs *regs, void *data) assert(file); port_list = file->dev; mask_evtchn(port); - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port == port ) goto found; @@ -257,7 +257,7 @@ int xenevtchn_unbind(xenevtchn_handle *xce, evtchn_port_t port) struct port_info *port_info; struct port_list *port_list = file->dev; - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port == port ) { @@ -314,7 +314,7 @@ xenevtchn_port_or_error_t xenevtchn_pending(xenevtchn_handle *xce) file->read = false; - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port != -1 && port_info->pending ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268352.462165 (Exim 4.92) (envelope-from ) id 1nHQnX-00089u-6a; Tue, 08 Feb 2022 13:44:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268352.462165; Tue, 08 Feb 2022 13:44:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnX-00089n-3g; Tue, 08 Feb 2022 13:44:47 +0000 Received: by outflank-mailman (input) for mailman id 268352; Tue, 08 Feb 2022 13:44:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnV-00089S-6K for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnV-0000O4-5S for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQnV-00051Q-4T for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xd+Eo4dVx35cacAg/Jt/AOHU9lk1Hs+0BNZf+V2809M=; b=d299BmrvCKptSOwPgMB/ogH0AW 9Cxdib9dDsbed+Y8CAS7mFVBm+w89QQ5hId4nDD7TPhY0OdM5nkaMieMGVAlMsZImtmdU3bKAQEZm FKfeM+yngIY0keX1aZoCuAfS+7iCBa9O91CxSk1kpZ4lpwZvwdLIVruW6YxMdV09rzck=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/include: remove xen-external directory Message-Id: Date: Tue, 08 Feb 2022 13:44:45 +0000 commit bfb148a0fcb19678cdb7f2c46bbc5fbe3beaf584 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:38 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:53 2022 +0000 tools/include: remove xen-external directory There is no user of tools/include/xen-external/* left. Remove it. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/xen-external/README | 24 - tools/include/xen-external/bsd-COPYRIGHT | 126 --- tools/include/xen-external/bsd-queue.3 | 1044 -------------------- tools/include/xen-external/bsd-sys-queue-h-seddery | 74 -- tools/include/xen-external/bsd-sys-queue.h | 637 ------------ 5 files changed, 1905 deletions(-) diff --git a/tools/include/xen-external/README b/tools/include/xen-external/README deleted file mode 100644 index 93c2bc9cd8..0000000000 --- a/tools/include/xen-external/README +++ /dev/null @@ -1,24 +0,0 @@ -WARNING - DO NOT EDIT THINGS IN THIS DIRECTORY ----------------------------------------------- - -These files were obtained elsewhere and should only be updated by -copying new versions from the source location, as documented below: - -bsd-COPYRIGHT -bsd-sys-queue.h -bsd-queue.3 - - Obtained from the FreeBSD SVN using the following commands: - svn co -r 221843 svn://svn.freebsd.org/base/head/sys/sys/ - svn co -r 221843 svn://svn.freebsd.org/base/head/share/man/man3 - svn cat -r 221843 http://svn.freebsd.org/base/head/COPYRIGHT >tools/libxl/external/bsd-COPYRIGHT - -Exceptions: - -README - - This file - -bsd-sys-queue-h-seddery - - Script to transform the above into a new namespace. diff --git a/tools/include/xen-external/bsd-COPYRIGHT b/tools/include/xen-external/bsd-COPYRIGHT deleted file mode 100644 index 6dc5d16b46..0000000000 --- a/tools/include/xen-external/bsd-COPYRIGHT +++ /dev/null @@ -1,126 +0,0 @@ -# $FreeBSD$ -# @(#)COPYRIGHT 8.2 (Berkeley) 3/21/94 - -The compilation of software known as FreeBSD is distributed under the -following terms: - -Copyright (c) 1992-2011 The FreeBSD Project. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The 4.4BSD and 4.4BSD-Lite software is distributed under the following -terms: - -All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite -Releases is copyrighted by The Regents of the University of California. - -Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 - The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: -This product includes software developed by the University of -California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The Institute of Electrical and Electronics Engineers and the American -National Standards Committee X3, on Information Processing Systems have -given us permission to reprint portions of their documentation. - -In the following statement, the phrase ``this text'' refers to portions -of the system documentation. - -Portions of this text are reprinted and reproduced in electronic form in -the second BSD Networking Software Release, from IEEE Std 1003.1-1988, IEEE -Standard Portable Operating System Interface for Computer Environments -(POSIX), copyright C 1988 by the Institute of Electrical and Electronics -Engineers, Inc. In the event of any discrepancy between these versions -and the original IEEE Standard, the original IEEE Standard is the referee -document. - -In the following statement, the phrase ``This material'' refers to portions -of the system documentation. - -This material is reproduced with permission from American National -Standards Committee X3, on Information Processing Systems. Computer and -Business Equipment Manufacturers Association (CBEMA), 311 First St., NW, -Suite 500, Washington, DC 20001-2178. The developmental work of -Programming Language C was completed by the X3J11 Technical Committee. - -The views and conclusions contained in the software and documentation are -those of the authors and should not be interpreted as representing official -policies, either expressed or implied, of the Regents of the University -of California. - - -NOTE: The copyright of UC Berkeley's Berkeley Software Distribution ("BSD") -source has been updated. The copyright addendum may be found at -ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change and is -included below. - -July 22, 1999 - -To All Licensees, Distributors of Any Version of BSD: - -As you know, certain of the Berkeley Software Distribution ("BSD") source -code files require that further distributions of products containing all or -portions of the software, acknowledge within their advertising materials -that such products contain software developed by UC Berkeley and its -contributors. - -Specifically, the provision reads: - -" * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors." - -Effective immediately, licensees and distributors are no longer required to -include the acknowledgement within advertising materials. Accordingly, the -foregoing paragraph of those BSD Unix files containing it is hereby deleted -in its entirety. - -William Hoskins -Director, Office of Technology Licensing -University of California, Berkeley diff --git a/tools/include/xen-external/bsd-queue.3 b/tools/include/xen-external/bsd-queue.3 deleted file mode 100644 index 007ca5c629..0000000000 --- a/tools/include/xen-external/bsd-queue.3 +++ /dev/null @@ -1,1044 +0,0 @@ -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)queue.3 8.2 (Berkeley) 1/24/94 -.\" $FreeBSD$ -.\" -.Dd May 13, 2011 -.Dt QUEUE 3 -.Os -.Sh NAME -.Nm SLIST_EMPTY , -.Nm SLIST_ENTRY , -.Nm SLIST_FIRST , -.Nm SLIST_FOREACH , -.Nm SLIST_FOREACH_SAFE , -.Nm SLIST_HEAD , -.Nm SLIST_HEAD_INITIALIZER , -.Nm SLIST_INIT , -.Nm SLIST_INSERT_AFTER , -.Nm SLIST_INSERT_HEAD , -.Nm SLIST_NEXT , -.Nm SLIST_REMOVE_AFTER , -.Nm SLIST_REMOVE_HEAD , -.Nm SLIST_REMOVE , -.Nm SLIST_SWAP , -.Nm STAILQ_CONCAT , -.Nm STAILQ_EMPTY , -.Nm STAILQ_ENTRY , -.Nm STAILQ_FIRST , -.Nm STAILQ_FOREACH , -.Nm STAILQ_FOREACH_SAFE , -.Nm STAILQ_HEAD , -.Nm STAILQ_HEAD_INITIALIZER , -.Nm STAILQ_INIT , -.Nm STAILQ_INSERT_AFTER , -.Nm STAILQ_INSERT_HEAD , -.Nm STAILQ_INSERT_TAIL , -.Nm STAILQ_LAST , -.Nm STAILQ_NEXT , -.Nm STAILQ_REMOVE_AFTER , -.Nm STAILQ_REMOVE_HEAD , -.Nm STAILQ_REMOVE , -.Nm STAILQ_SWAP , -.Nm LIST_EMPTY , -.Nm LIST_ENTRY , -.Nm LIST_FIRST , -.Nm LIST_FOREACH , -.Nm LIST_FOREACH_SAFE , -.Nm LIST_HEAD , -.Nm LIST_HEAD_INITIALIZER , -.Nm LIST_INIT , -.Nm LIST_INSERT_AFTER , -.Nm LIST_INSERT_BEFORE , -.Nm LIST_INSERT_HEAD , -.Nm LIST_NEXT , -.Nm LIST_REMOVE , -.Nm LIST_SWAP , -.Nm TAILQ_CONCAT , -.Nm TAILQ_EMPTY , -.Nm TAILQ_ENTRY , -.Nm TAILQ_FIRST , -.Nm TAILQ_FOREACH , -.Nm TAILQ_FOREACH_SAFE , -.Nm TAILQ_FOREACH_REVERSE , -.Nm TAILQ_FOREACH_REVERSE_SAFE , -.Nm TAILQ_HEAD , -.Nm TAILQ_HEAD_INITIALIZER , -.Nm TAILQ_INIT , -.Nm TAILQ_INSERT_AFTER , -.Nm TAILQ_INSERT_BEFORE , -.Nm TAILQ_INSERT_HEAD , -.Nm TAILQ_INSERT_TAIL , -.Nm TAILQ_LAST , -.Nm TAILQ_NEXT , -.Nm TAILQ_PREV , -.Nm TAILQ_REMOVE , -.Nm TAILQ_SWAP -.Nd implementations of singly-linked lists, singly-linked tail queues, -lists and tail queues -.Sh SYNOPSIS -.In sys/queue.h -.\" -.Fn SLIST_EMPTY "SLIST_HEAD *head" -.Fn SLIST_ENTRY "TYPE" -.Fn SLIST_FIRST "SLIST_HEAD *head" -.Fn SLIST_FOREACH "TYPE *var" "SLIST_HEAD *head" "SLIST_ENTRY NAME" -.Fn SLIST_FOREACH_SAFE "TYPE *var" "SLIST_HEAD *head" "SLIST_ENTRY NAME" "TYPE *temp_var" -.Fn SLIST_HEAD "HEADNAME" "TYPE" -.Fn SLIST_HEAD_INITIALIZER "SLIST_HEAD head" -.Fn SLIST_INIT "SLIST_HEAD *head" -.Fn SLIST_INSERT_AFTER "TYPE *listelm" "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_INSERT_HEAD "SLIST_HEAD *head" "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_NEXT "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE_AFTER "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE_HEAD "SLIST_HEAD *head" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE "SLIST_HEAD *head" "TYPE *elm" "TYPE" "SLIST_ENTRY NAME" -.Fn SLIST_SWAP "SLIST_HEAD *head1" "SLIST_HEAD *head2" "SLIST_ENTRY NAME" -.\" -.Fn STAILQ_CONCAT "STAILQ_HEAD *head1" "STAILQ_HEAD *head2" -.Fn STAILQ_EMPTY "STAILQ_HEAD *head" -.Fn STAILQ_ENTRY "TYPE" -.Fn STAILQ_FIRST "STAILQ_HEAD *head" -.Fn STAILQ_FOREACH "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" -.Fn STAILQ_FOREACH_SAFE "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn STAILQ_HEAD "HEADNAME" "TYPE" -.Fn STAILQ_HEAD_INITIALIZER "STAILQ_HEAD head" -.Fn STAILQ_INIT "STAILQ_HEAD *head" -.Fn STAILQ_INSERT_AFTER "STAILQ_HEAD *head" "TYPE *listelm" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_INSERT_HEAD "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_INSERT_TAIL "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_LAST "STAILQ_HEAD *head" "TYPE" "STAILQ_ENTRY NAME" -.Fn STAILQ_NEXT "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE_AFTER "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE_HEAD "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE "STAILQ_HEAD *head" "TYPE *elm" "TYPE" "STAILQ_ENTRY NAME" -.Fn STAILQ_SWAP "STAILQ_HEAD *head1" "STAILQ_HEAD *head2" "STAILQ_ENTRY NAME" -.\" -.Fn LIST_EMPTY "LIST_HEAD *head" -.Fn LIST_ENTRY "TYPE" -.Fn LIST_FIRST "LIST_HEAD *head" -.Fn LIST_FOREACH "TYPE *var" "LIST_HEAD *head" "LIST_ENTRY NAME" -.Fn LIST_FOREACH_SAFE "TYPE *var" "LIST_HEAD *head" "LIST_ENTRY NAME" "TYPE *temp_var" -.Fn LIST_HEAD "HEADNAME" "TYPE" -.Fn LIST_HEAD_INITIALIZER "LIST_HEAD head" -.Fn LIST_INIT "LIST_HEAD *head" -.Fn LIST_INSERT_AFTER "TYPE *listelm" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_INSERT_BEFORE "TYPE *listelm" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_INSERT_HEAD "LIST_HEAD *head" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_NEXT "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_REMOVE "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_SWAP "LIST_HEAD *head1" "LIST_HEAD *head2" "TYPE" "LIST_ENTRY NAME" -.\" -.Fn TAILQ_CONCAT "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "TAILQ_ENTRY NAME" -.Fn TAILQ_EMPTY "TAILQ_HEAD *head" -.Fn TAILQ_ENTRY "TYPE" -.Fn TAILQ_FIRST "TAILQ_HEAD *head" -.Fn TAILQ_FOREACH "TYPE *var" "TAILQ_HEAD *head" "TAILQ_ENTRY NAME" -.Fn TAILQ_FOREACH_SAFE "TYPE *var" "TAILQ_HEAD *head" "TAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn TAILQ_FOREACH_REVERSE "TYPE *var" "TAILQ_HEAD *head" "HEADNAME" "TAILQ_ENTRY NAME" -.Fn TAILQ_FOREACH_REVERSE_SAFE "TYPE *var" "TAILQ_HEAD *head" "HEADNAME" "TAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn TAILQ_HEAD "HEADNAME" "TYPE" -.Fn TAILQ_HEAD_INITIALIZER "TAILQ_HEAD head" -.Fn TAILQ_INIT "TAILQ_HEAD *head" -.Fn TAILQ_INSERT_AFTER "TAILQ_HEAD *head" "TYPE *listelm" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_BEFORE "TYPE *listelm" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_HEAD "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_TAIL "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_LAST "TAILQ_HEAD *head" "HEADNAME" -.Fn TAILQ_NEXT "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_PREV "TYPE *elm" "HEADNAME" "TAILQ_ENTRY NAME" -.Fn TAILQ_REMOVE "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_SWAP "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "TYPE" "TAILQ_ENTRY NAME" -.\" -.Sh DESCRIPTION -These macros define and operate on four types of data structures: -singly-linked lists, singly-linked tail queues, lists, and tail queues. -All four structures support the following functionality: -.Bl -enum -compact -offset indent -.It -Insertion of a new entry at the head of the list. -.It -Insertion of a new entry after any element in the list. -.It -O(1) removal of an entry from the head of the list. -.It -Forward traversal through the list. -.It -Swawpping the contents of two lists. -.El -.Pp -Singly-linked lists are the simplest of the four data structures -and support only the above functionality. -Singly-linked lists are ideal for applications with large datasets -and few or no removals, -or for implementing a LIFO queue. -Singly-linked lists add the following functionality: -.Bl -enum -compact -offset indent -.It -O(n) removal of any entry in the list. -.El -.Pp -Singly-linked tail queues add the following functionality: -.Bl -enum -compact -offset indent -.It -Entries can be added at the end of a list. -.It -O(n) removal of any entry in the list. -.It -They may be concatenated. -.El -However: -.Bl -enum -compact -offset indent -.It -All list insertions must specify the head of the list. -.It -Each head entry requires two pointers rather than one. -.It -Code size is about 15% greater and operations run about 20% slower -than singly-linked lists. -.El -.Pp -Singly-linked tailqs are ideal for applications with large datasets and -few or no removals, -or for implementing a FIFO queue. -.Pp -All doubly linked types of data structures (lists and tail queues) -additionally allow: -.Bl -enum -compact -offset indent -.It -Insertion of a new entry before any element in the list. -.It -O(1) removal of any entry in the list. -.El -However: -.Bl -enum -compact -offset indent -.It -Each element requires two pointers rather than one. -.It -Code size and execution time of operations (except for removal) is about -twice that of the singly-linked data-structures. -.El -.Pp -Linked lists are the simplest of the doubly linked data structures and support -only the above functionality over singly-linked lists. -.Pp -Tail queues add the following functionality: -.Bl -enum -compact -offset indent -.It -Entries can be added at the end of a list. -.It -They may be traversed backwards, from tail to head. -.It -They may be concatenated. -.El -However: -.Bl -enum -compact -offset indent -.It -All list insertions and removals must specify the head of the list. -.It -Each head entry requires two pointers rather than one. -.It -Code size is about 15% greater and operations run about 20% slower -than singly-linked lists. -.El -.Pp -In the macro definitions, -.Fa TYPE -is the name of a user defined structure, -that must contain a field of type -.Li SLIST_ENTRY , -.Li STAILQ_ENTRY , -.Li LIST_ENTRY , -or -.Li TAILQ_ENTRY , -named -.Fa NAME . -The argument -.Fa HEADNAME -is the name of a user defined structure that must be declared -using the macros -.Li SLIST_HEAD , -.Li STAILQ_HEAD , -.Li LIST_HEAD , -or -.Li TAILQ_HEAD . -See the examples below for further explanation of how these -macros are used. -.Sh SINGLY-LINKED LISTS -A singly-linked list is headed by a structure defined by the -.Nm SLIST_HEAD -macro. -This structure contains a single pointer to the first element -on the list. -The elements are singly linked for minimum space and pointer manipulation -overhead at the expense of O(n) removal for arbitrary elements. -New elements can be added to the list after an existing element or -at the head of the list. -An -.Fa SLIST_HEAD -structure is declared as follows: -.Bd -literal -offset indent -SLIST_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Fa HEADNAME -is the name of the structure to be defined, and -.Fa TYPE -is the type of the elements to be linked into the list. -A pointer to the head of the list can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm SLIST_HEAD_INITIALIZER -evaluates to an initializer for the list -.Fa head . -.Pp -The macro -.Nm SLIST_EMPTY -evaluates to true if there are no elements in the list. -.Pp -The macro -.Nm SLIST_ENTRY -declares a structure that connects the elements in -the list. -.Pp -The macro -.Nm SLIST_FIRST -returns the first element in the list or NULL if the list is empty. -.Pp -The macro -.Nm SLIST_FOREACH -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in -turn to -.Fa var . -.Pp -The macro -.Nm SLIST_FOREACH_SAFE -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in -turn to -.Fa var . -However, unlike -.Fn SLIST_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm SLIST_INIT -initializes the list referenced by -.Fa head . -.Pp -The macro -.Nm SLIST_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the list. -.Pp -The macro -.Nm SLIST_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm SLIST_NEXT -returns the next element in the list. -.Pp -The macro -.Nm SLIST_REMOVE_AFTER -removes the element after -.Fa elm -from the list. Unlike -.Fa SLIST_REMOVE , -this macro does not traverse the entire list. -.Pp -The macro -.Nm SLIST_REMOVE_HEAD -removes the element -.Fa elm -from the head of the list. -For optimum efficiency, -elements being removed from the head of the list should explicitly use -this macro instead of the generic -.Fa SLIST_REMOVE -macro. -.Pp -The macro -.Nm SLIST_REMOVE -removes the element -.Fa elm -from the list. -.Pp -The macro -.Nm SLIST_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh SINGLY-LINKED LIST EXAMPLE -.Bd -literal -SLIST_HEAD(slisthead, entry) head = - SLIST_HEAD_INITIALIZER(head); -struct slisthead *headp; /* Singly-linked List head. */ -struct entry { - ... - SLIST_ENTRY(entry) entries; /* Singly-linked List. */ - ... -} *n1, *n2, *n3, *np; - -SLIST_INIT(&head); /* Initialize the list. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -SLIST_INSERT_HEAD(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -SLIST_INSERT_AFTER(n1, n2, entries); - -SLIST_REMOVE(&head, n2, entry, entries);/* Deletion. */ -free(n2); - -n3 = SLIST_FIRST(&head); -SLIST_REMOVE_HEAD(&head, entries); /* Deletion from the head. */ -free(n3); - /* Forward traversal. */ -SLIST_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -SLIST_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - SLIST_REMOVE(&head, np, entry, entries); - free(np); -} - -while (!SLIST_EMPTY(&head)) { /* List Deletion. */ - n1 = SLIST_FIRST(&head); - SLIST_REMOVE_HEAD(&head, entries); - free(n1); -} -.Ed -.Sh SINGLY-LINKED TAIL QUEUES -A singly-linked tail queue is headed by a structure defined by the -.Nm STAILQ_HEAD -macro. -This structure contains a pair of pointers, -one to the first element in the tail queue and the other to -the last element in the tail queue. -The elements are singly linked for minimum space and pointer -manipulation overhead at the expense of O(n) removal for arbitrary -elements. -New elements can be added to the tail queue after an existing element, -at the head of the tail queue, or at the end of the tail queue. -A -.Fa STAILQ_HEAD -structure is declared as follows: -.Bd -literal -offset indent -STAILQ_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Li HEADNAME -is the name of the structure to be defined, and -.Li TYPE -is the type of the elements to be linked into the tail queue. -A pointer to the head of the tail queue can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm STAILQ_HEAD_INITIALIZER -evaluates to an initializer for the tail queue -.Fa head . -.Pp -The macro -.Nm STAILQ_CONCAT -concatenates the tail queue headed by -.Fa head2 -onto the end of the one headed by -.Fa head1 -removing all entries from the former. -.Pp -The macro -.Nm STAILQ_EMPTY -evaluates to true if there are no items on the tail queue. -.Pp -The macro -.Nm STAILQ_ENTRY -declares a structure that connects the elements in -the tail queue. -.Pp -The macro -.Nm STAILQ_FIRST -returns the first item on the tail queue or NULL if the tail queue -is empty. -.Pp -The macro -.Nm STAILQ_FOREACH -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element -in turn to -.Fa var . -.Pp -The macro -.Nm STAILQ_FOREACH_SAFE -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element -in turn to -.Fa var . -However, unlike -.Fn STAILQ_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm STAILQ_INIT -initializes the tail queue referenced by -.Fa head . -.Pp -The macro -.Nm STAILQ_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the tail queue. -.Pp -The macro -.Nm STAILQ_INSERT_TAIL -inserts the new element -.Fa elm -at the end of the tail queue. -.Pp -The macro -.Nm STAILQ_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm STAILQ_LAST -returns the last item on the tail queue. -If the tail queue is empty the return value is -.Dv NULL . -.Pp -The macro -.Nm STAILQ_NEXT -returns the next item on the tail queue, or NULL this item is the last. -.Pp -The macro -.Nm STAILQ_REMOVE_AFTER -removes the element after -.Fa elm -from the tail queue. Unlike -.Fa STAILQ_REMOVE , -this macro does not traverse the entire tail queue. -.Pp -The macro -.Nm STAILQ_REMOVE_HEAD -removes the element at the head of the tail queue. -For optimum efficiency, -elements being removed from the head of the tail queue should -use this macro explicitly rather than the generic -.Fa STAILQ_REMOVE -macro. -.Pp -The macro -.Nm STAILQ_REMOVE -removes the element -.Fa elm -from the tail queue. -.Pp -The macro -.Nm STAILQ_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh SINGLY-LINKED TAIL QUEUE EXAMPLE -.Bd -literal -STAILQ_HEAD(stailhead, entry) head = - STAILQ_HEAD_INITIALIZER(head); -struct stailhead *headp; /* Singly-linked tail queue head. */ -struct entry { - ... - STAILQ_ENTRY(entry) entries; /* Tail queue. */ - ... -} *n1, *n2, *n3, *np; - -STAILQ_INIT(&head); /* Initialize the queue. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -STAILQ_INSERT_HEAD(&head, n1, entries); - -n1 = malloc(sizeof(struct entry)); /* Insert at the tail. */ -STAILQ_INSERT_TAIL(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -STAILQ_INSERT_AFTER(&head, n1, n2, entries); - /* Deletion. */ -STAILQ_REMOVE(&head, n2, entry, entries); -free(n2); - /* Deletion from the head. */ -n3 = STAILQ_FIRST(&head); -STAILQ_REMOVE_HEAD(&head, entries); -free(n3); - /* Forward traversal. */ -STAILQ_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -STAILQ_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - STAILQ_REMOVE(&head, np, entry, entries); - free(np); -} - /* TailQ Deletion. */ -while (!STAILQ_EMPTY(&head)) { - n1 = STAILQ_FIRST(&head); - STAILQ_REMOVE_HEAD(&head, entries); - free(n1); -} - /* Faster TailQ Deletion. */ -n1 = STAILQ_FIRST(&head); -while (n1 != NULL) { - n2 = STAILQ_NEXT(n1, entries); - free(n1); - n1 = n2; -} -STAILQ_INIT(&head); -.Ed -.Sh LISTS -A list is headed by a structure defined by the -.Nm LIST_HEAD -macro. -This structure contains a single pointer to the first element -on the list. -The elements are doubly linked so that an arbitrary element can be -removed without traversing the list. -New elements can be added to the list after an existing element, -before an existing element, or at the head of the list. -A -.Fa LIST_HEAD -structure is declared as follows: -.Bd -literal -offset indent -LIST_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Fa HEADNAME -is the name of the structure to be defined, and -.Fa TYPE -is the type of the elements to be linked into the list. -A pointer to the head of the list can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm LIST_HEAD_INITIALIZER -evaluates to an initializer for the list -.Fa head . -.Pp -The macro -.Nm LIST_EMPTY -evaluates to true if there are no elements in the list. -.Pp -The macro -.Nm LIST_ENTRY -declares a structure that connects the elements in -the list. -.Pp -The macro -.Nm LIST_FIRST -returns the first element in the list or NULL if the list -is empty. -.Pp -The macro -.Nm LIST_FOREACH -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -.Pp -The macro -.Nm LIST_FOREACH_SAFE -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -However, unlike -.Fn LIST_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm LIST_INIT -initializes the list referenced by -.Fa head . -.Pp -The macro -.Nm LIST_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the list. -.Pp -The macro -.Nm LIST_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm LIST_INSERT_BEFORE -inserts the new element -.Fa elm -before the element -.Fa listelm . -.Pp -The macro -.Nm LIST_NEXT -returns the next element in the list, or NULL if this is the last. -.Pp -The macro -.Nm LIST_REMOVE -removes the element -.Fa elm -from the list. -.Pp -The macro -.Nm LIST_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh LIST EXAMPLE -.Bd -literal -LIST_HEAD(listhead, entry) head = - LIST_HEAD_INITIALIZER(head); -struct listhead *headp; /* List head. */ -struct entry { - ... - LIST_ENTRY(entry) entries; /* List. */ - ... -} *n1, *n2, *n3, *np, *np_temp; - -LIST_INIT(&head); /* Initialize the list. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -LIST_INSERT_HEAD(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -LIST_INSERT_AFTER(n1, n2, entries); - -n3 = malloc(sizeof(struct entry)); /* Insert before. */ -LIST_INSERT_BEFORE(n2, n3, entries); - -LIST_REMOVE(n2, entries); /* Deletion. */ -free(n2); - /* Forward traversal. */ -LIST_FOREACH(np, &head, entries) - np-> ... - - /* Safe forward traversal. */ -LIST_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - LIST_REMOVE(np, entries); - free(np); -} - -while (!LIST_EMPTY(&head)) { /* List Deletion. */ - n1 = LIST_FIRST(&head); - LIST_REMOVE(n1, entries); - free(n1); -} - -n1 = LIST_FIRST(&head); /* Faster List Deletion. */ -while (n1 != NULL) { - n2 = LIST_NEXT(n1, entries); - free(n1); - n1 = n2; -} -LIST_INIT(&head); -.Ed -.Sh TAIL QUEUES -A tail queue is headed by a structure defined by the -.Nm TAILQ_HEAD -macro. -This structure contains a pair of pointers, -one to the first element in the tail queue and the other to -the last element in the tail queue. -The elements are doubly linked so that an arbitrary element can be -removed without traversing the tail queue. -New elements can be added to the tail queue after an existing element, -before an existing element, at the head of the tail queue, -or at the end of the tail queue. -A -.Fa TAILQ_HEAD -structure is declared as follows: -.Bd -literal -offset indent -TAILQ_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Li HEADNAME -is the name of the structure to be defined, and -.Li TYPE -is the type of the elements to be linked into the tail queue. -A pointer to the head of the tail queue can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm TAILQ_HEAD_INITIALIZER -evaluates to an initializer for the tail queue -.Fa head . -.Pp -The macro -.Nm TAILQ_CONCAT -concatenates the tail queue headed by -.Fa head2 -onto the end of the one headed by -.Fa head1 -removing all entries from the former. -.Pp -The macro -.Nm TAILQ_EMPTY -evaluates to true if there are no items on the tail queue. -.Pp -The macro -.Nm TAILQ_ENTRY -declares a structure that connects the elements in -the tail queue. -.Pp -The macro -.Nm TAILQ_FIRST -returns the first item on the tail queue or NULL if the tail queue -is empty. -.Pp -The macro -.Nm TAILQ_FOREACH -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -.Fa var -is set to -.Dv NULL -if the loop completes normally, or if there were no elements. -.Pp -The macro -.Nm TAILQ_FOREACH_REVERSE -traverses the tail queue referenced by -.Fa head -in the reverse direction, assigning each element in turn to -.Fa var . -.Pp -The macros -.Nm TAILQ_FOREACH_SAFE -and -.Nm TAILQ_FOREACH_REVERSE_SAFE -traverse the list referenced by -.Fa head -in the forward or reverse direction respectively, -assigning each element in turn to -.Fa var . -However, unlike their unsafe counterparts, -.Nm TAILQ_FOREACH -and -.Nm TAILQ_FOREACH_REVERSE -permit to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm TAILQ_INIT -initializes the tail queue referenced by -.Fa head . -.Pp -The macro -.Nm TAILQ_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the tail queue. -.Pp -The macro -.Nm TAILQ_INSERT_TAIL -inserts the new element -.Fa elm -at the end of the tail queue. -.Pp -The macro -.Nm TAILQ_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm TAILQ_INSERT_BEFORE -inserts the new element -.Fa elm -before the element -.Fa listelm . -.Pp -The macro -.Nm TAILQ_LAST -returns the last item on the tail queue. -If the tail queue is empty the return value is -.Dv NULL . -.Pp -The macro -.Nm TAILQ_NEXT -returns the next item on the tail queue, or NULL if this item is the last. -.Pp -The macro -.Nm TAILQ_PREV -returns the previous item on the tail queue, or NULL if this item -is the first. -.Pp -The macro -.Nm TAILQ_REMOVE -removes the element -.Fa elm -from the tail queue. -.Pp -The macro -.Nm TAILQ_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh TAIL QUEUE EXAMPLE -.Bd -literal -TAILQ_HEAD(tailhead, entry) head = - TAILQ_HEAD_INITIALIZER(head); -struct tailhead *headp; /* Tail queue head. */ -struct entry { - ... - TAILQ_ENTRY(entry) entries; /* Tail queue. */ - ... -} *n1, *n2, *n3, *np; - -TAILQ_INIT(&head); /* Initialize the queue. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -TAILQ_INSERT_HEAD(&head, n1, entries); - -n1 = malloc(sizeof(struct entry)); /* Insert at the tail. */ -TAILQ_INSERT_TAIL(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -TAILQ_INSERT_AFTER(&head, n1, n2, entries); - -n3 = malloc(sizeof(struct entry)); /* Insert before. */ -TAILQ_INSERT_BEFORE(n2, n3, entries); - -TAILQ_REMOVE(&head, n2, entries); /* Deletion. */ -free(n2); - /* Forward traversal. */ -TAILQ_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -TAILQ_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - TAILQ_REMOVE(&head, np, entries); - free(np); -} - /* Reverse traversal. */ -TAILQ_FOREACH_REVERSE(np, &head, tailhead, entries) - np-> ... - /* TailQ Deletion. */ -while (!TAILQ_EMPTY(&head)) { - n1 = TAILQ_FIRST(&head); - TAILQ_REMOVE(&head, n1, entries); - free(n1); -} - /* Faster TailQ Deletion. */ -n1 = TAILQ_FIRST(&head); -while (n1 != NULL) { - n2 = TAILQ_NEXT(n1, entries); - free(n1); - n1 = n2; -} -TAILQ_INIT(&head); -.Ed -.Sh SEE ALSO -.Xr tree 3 -.Sh HISTORY -The -.Nm queue -functions first appeared in -.Bx 4.4 . diff --git a/tools/include/xen-external/bsd-sys-queue-h-seddery b/tools/include/xen-external/bsd-sys-queue-h-seddery deleted file mode 100755 index 3f8716d9ff..0000000000 --- a/tools/include/xen-external/bsd-sys-queue-h-seddery +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -p -# -# This script is part of the Xen build system. It has a very -# permissive licence to avoid complicating the licence of the -# generated header file and to allow this seddery to be reused by -# other projects. -# -# Permission is hereby granted, free of charge, to any person -# obtaining a copy of this individual file (the "Software"), to deal -# in the Software without restriction, including without limitation -# the rights to use, copy, modify, merge, publish, distribute, -# sublicense, and/or sell copies of the Software, and to permit -# persons to whom the Software is furnished to do so, subject to the -# following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# -# Copyright (C) 2011 Citrix Ltd - -our $namespace, $ucnamespace; - -BEGIN { - die unless @ARGV; - $namespace = pop @ARGV; - $namespace =~ s/^--prefix=// or die; - $ucnamespace = uc $namespace; - - print < - -/* - * This file defines four types of data structures: singly-linked lists, - * singly-linked tail queues, lists and tail queues. - * - * A singly-linked list is headed by a single forward pointer. The elements - * are singly linked for minimum space and pointer manipulation overhead at - * the expense of O(n) removal for arbitrary elements. New elements can be - * added to the list after an existing element or at the head of the list. - * Elements being removed from the head of the list should use the explicit - * macro for this purpose for optimum efficiency. A singly-linked list may - * only be traversed in the forward direction. Singly-linked lists are ideal - * for applications with large datasets and few or no removals or for - * implementing a LIFO queue. - * - * A singly-linked tail queue is headed by a pair of pointers, one to the - * head of the list and the other to the tail of the list. The elements are - * singly linked for minimum space and pointer manipulation overhead at the - * expense of O(n) removal for arbitrary elements. New elements can be added - * to the list after an existing element, at the head of the list, or at the - * end of the list. Elements being removed from the head of the tail queue - * should use the explicit macro for this purpose for optimum efficiency. - * A singly-linked tail queue may only be traversed in the forward direction. - * Singly-linked tail queues are ideal for applications with large datasets - * and few or no removals or for implementing a FIFO queue. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before - * or after an existing element or at the head of the list. A list - * may only be traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or - * after an existing element, at the head of the list, or at the end of - * the list. A tail queue may be traversed in either direction. - * - * For details on the use of these macros, see the queue(3) manual page. - * - * - * SLIST LIST STAILQ TAILQ - * _HEAD + + + + - * _HEAD_INITIALIZER + + + + - * _ENTRY + + + + - * _INIT + + + + - * _EMPTY + + + + - * _FIRST + + + + - * _NEXT + + + + - * _PREV - - - + - * _LAST - - + + - * _FOREACH + + + + - * _FOREACH_SAFE + + + + - * _FOREACH_REVERSE - - - + - * _FOREACH_REVERSE_SAFE - - - + - * _INSERT_HEAD + + + + - * _INSERT_BEFORE - + - + - * _INSERT_AFTER + + + + - * _INSERT_TAIL - - + + - * _CONCAT - - + + - * _REMOVE_AFTER + - + - - * _REMOVE_HEAD + - + - - * _REMOVE + + + + - * _SWAP + + + + - * - */ -#ifdef QUEUE_MACRO_DEBUG -/* Store the last 2 places the queue element or head was altered */ -struct qm_trace { - char * lastfile; - int lastline; - char * prevfile; - int prevline; -}; - -#define TRACEBUF struct qm_trace trace; -#define TRASHIT(x) do {(x) = (void *)-1;} while (0) -#define QMD_SAVELINK(name, link) void **name = (void *)&(link) - -#define QMD_TRACE_HEAD(head) do { \ - (head)->trace.prevline = (head)->trace.lastline; \ - (head)->trace.prevfile = (head)->trace.lastfile; \ - (head)->trace.lastline = __LINE__; \ - (head)->trace.lastfile = __FILE__; \ -} while (0) - -#define QMD_TRACE_ELEM(elem) do { \ - (elem)->trace.prevline = (elem)->trace.lastline; \ - (elem)->trace.prevfile = (elem)->trace.lastfile; \ - (elem)->trace.lastline = __LINE__; \ - (elem)->trace.lastfile = __FILE__; \ -} while (0) - -#else -#define QMD_TRACE_ELEM(elem) -#define QMD_TRACE_HEAD(head) -#define QMD_SAVELINK(name, link) -#define TRACEBUF -#define TRASHIT(x) -#endif /* QUEUE_MACRO_DEBUG */ - -/* - * Singly-linked List declarations. - */ -#define SLIST_HEAD(name, type) \ -struct name { \ - struct type *slh_first; /* first element */ \ -} - -#define SLIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define SLIST_ENTRY(type) \ -struct { \ - struct type *sle_next; /* next element */ \ -} - -/* - * Singly-linked List functions. - */ -#define SLIST_EMPTY(head) ((head)->slh_first == NULL) - -#define SLIST_FIRST(head) ((head)->slh_first) - -#define SLIST_FOREACH(var, head, field) \ - for ((var) = SLIST_FIRST((head)); \ - (var); \ - (var) = SLIST_NEXT((var), field)) - -#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = SLIST_FIRST((head)); \ - (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \ - for ((varp) = &SLIST_FIRST((head)); \ - ((var) = *(varp)) != NULL; \ - (varp) = &SLIST_NEXT((var), field)) - -#define SLIST_INIT(head) do { \ - SLIST_FIRST((head)) = NULL; \ -} while (0) - -#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ - SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ - SLIST_NEXT((slistelm), field) = (elm); \ -} while (0) - -#define SLIST_INSERT_HEAD(head, elm, field) do { \ - SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ - SLIST_FIRST((head)) = (elm); \ -} while (0) - -#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) - -#define SLIST_REMOVE(head, elm, type, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.sle_next); \ - if (SLIST_FIRST((head)) == (elm)) { \ - SLIST_REMOVE_HEAD((head), field); \ - } \ - else { \ - struct type *curelm = SLIST_FIRST((head)); \ - while (SLIST_NEXT(curelm, field) != (elm)) \ - curelm = SLIST_NEXT(curelm, field); \ - SLIST_REMOVE_AFTER(curelm, field); \ - } \ - TRASHIT(*oldnext); \ -} while (0) - -#define SLIST_REMOVE_AFTER(elm, field) do { \ - SLIST_NEXT(elm, field) = \ - SLIST_NEXT(SLIST_NEXT(elm, field), field); \ -} while (0) - -#define SLIST_REMOVE_HEAD(head, field) do { \ - SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ -} while (0) - -#define SLIST_SWAP(head1, head2, type) do { \ - struct type *swap_first = SLIST_FIRST(head1); \ - SLIST_FIRST(head1) = SLIST_FIRST(head2); \ - SLIST_FIRST(head2) = swap_first; \ -} while (0) - -/* - * Singly-linked Tail queue declarations. - */ -#define STAILQ_HEAD(name, type) \ -struct name { \ - struct type *stqh_first;/* first element */ \ - struct type **stqh_last;/* addr of last next element */ \ -} - -#define STAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).stqh_first } - -#define STAILQ_ENTRY(type) \ -struct { \ - struct type *stqe_next; /* next element */ \ -} - -/* - * Singly-linked Tail queue functions. - */ -#define STAILQ_CONCAT(head1, head2) do { \ - if (!STAILQ_EMPTY((head2))) { \ - *(head1)->stqh_last = (head2)->stqh_first; \ - (head1)->stqh_last = (head2)->stqh_last; \ - STAILQ_INIT((head2)); \ - } \ -} while (0) - -#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) - -#define STAILQ_FIRST(head) ((head)->stqh_first) - -#define STAILQ_FOREACH(var, head, field) \ - for((var) = STAILQ_FIRST((head)); \ - (var); \ - (var) = STAILQ_NEXT((var), field)) - - -#define STAILQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = STAILQ_FIRST((head)); \ - (var) && ((tvar) = STAILQ_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define STAILQ_INIT(head) do { \ - STAILQ_FIRST((head)) = NULL; \ - (head)->stqh_last = &STAILQ_FIRST((head)); \ -} while (0) - -#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ - if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ - STAILQ_NEXT((tqelm), field) = (elm); \ -} while (0) - -#define STAILQ_INSERT_HEAD(head, elm, field) do { \ - if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ - STAILQ_FIRST((head)) = (elm); \ -} while (0) - -#define STAILQ_INSERT_TAIL(head, elm, field) do { \ - STAILQ_NEXT((elm), field) = NULL; \ - *(head)->stqh_last = (elm); \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -} while (0) - -#define STAILQ_LAST(head, type, field) \ - (STAILQ_EMPTY((head)) ? \ - NULL : \ - ((struct type *)(void *) \ - ((char *)((head)->stqh_last) - __offsetof(struct type, field)))) - -#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) - -#define STAILQ_REMOVE(head, elm, type, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.stqe_next); \ - if (STAILQ_FIRST((head)) == (elm)) { \ - STAILQ_REMOVE_HEAD((head), field); \ - } \ - else { \ - struct type *curelm = STAILQ_FIRST((head)); \ - while (STAILQ_NEXT(curelm, field) != (elm)) \ - curelm = STAILQ_NEXT(curelm, field); \ - STAILQ_REMOVE_AFTER(head, curelm, field); \ - } \ - TRASHIT(*oldnext); \ -} while (0) - -#define STAILQ_REMOVE_AFTER(head, elm, field) do { \ - if ((STAILQ_NEXT(elm, field) = \ - STAILQ_NEXT(STAILQ_NEXT(elm, field), field)) == NULL) \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -} while (0) - -#define STAILQ_REMOVE_HEAD(head, field) do { \ - if ((STAILQ_FIRST((head)) = \ - STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ - (head)->stqh_last = &STAILQ_FIRST((head)); \ -} while (0) - -#define STAILQ_SWAP(head1, head2, type) do { \ - struct type *swap_first = STAILQ_FIRST(head1); \ - struct type **swap_last = (head1)->stqh_last; \ - STAILQ_FIRST(head1) = STAILQ_FIRST(head2); \ - (head1)->stqh_last = (head2)->stqh_last; \ - STAILQ_FIRST(head2) = swap_first; \ - (head2)->stqh_last = swap_last; \ - if (STAILQ_EMPTY(head1)) \ - (head1)->stqh_last = &STAILQ_FIRST(head1); \ - if (STAILQ_EMPTY(head2)) \ - (head2)->stqh_last = &STAILQ_FIRST(head2); \ -} while (0) - - -/* - * List declarations. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List functions. - */ - -#if (defined(_KERNEL) && defined(INVARIANTS)) -#define QMD_LIST_CHECK_HEAD(head, field) do { \ - if (LIST_FIRST((head)) != NULL && \ - LIST_FIRST((head))->field.le_prev != \ - &LIST_FIRST((head))) \ - panic("Bad list head %p first->prev != head", (head)); \ -} while (0) - -#define QMD_LIST_CHECK_NEXT(elm, field) do { \ - if (LIST_NEXT((elm), field) != NULL && \ - LIST_NEXT((elm), field)->field.le_prev != \ - &((elm)->field.le_next)) \ - panic("Bad link elm %p next->prev != elm", (elm)); \ -} while (0) - -#define QMD_LIST_CHECK_PREV(elm, field) do { \ - if (*(elm)->field.le_prev != (elm)) \ - panic("Bad link elm %p prev->next != elm", (elm)); \ -} while (0) -#else -#define QMD_LIST_CHECK_HEAD(head, field) -#define QMD_LIST_CHECK_NEXT(elm, field) -#define QMD_LIST_CHECK_PREV(elm, field) -#endif /* (_KERNEL && INVARIANTS) */ - -#define LIST_EMPTY(head) ((head)->lh_first == NULL) - -#define LIST_FIRST(head) ((head)->lh_first) - -#define LIST_FOREACH(var, head, field) \ - for ((var) = LIST_FIRST((head)); \ - (var); \ - (var) = LIST_NEXT((var), field)) - -#define LIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = LIST_FIRST((head)); \ - (var) && ((tvar) = LIST_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define LIST_INIT(head) do { \ - LIST_FIRST((head)) = NULL; \ -} while (0) - -#define LIST_INSERT_AFTER(listelm, elm, field) do { \ - QMD_LIST_CHECK_NEXT(listelm, field); \ - if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ - LIST_NEXT((listelm), field)->field.le_prev = \ - &LIST_NEXT((elm), field); \ - LIST_NEXT((listelm), field) = (elm); \ - (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ -} while (0) - -#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ - QMD_LIST_CHECK_PREV(listelm, field); \ - (elm)->field.le_prev = (listelm)->field.le_prev; \ - LIST_NEXT((elm), field) = (listelm); \ - *(listelm)->field.le_prev = (elm); \ - (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ -} while (0) - -#define LIST_INSERT_HEAD(head, elm, field) do { \ - QMD_LIST_CHECK_HEAD((head), field); \ - if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ - LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ - LIST_FIRST((head)) = (elm); \ - (elm)->field.le_prev = &LIST_FIRST((head)); \ -} while (0) - -#define LIST_NEXT(elm, field) ((elm)->field.le_next) - -#define LIST_REMOVE(elm, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.le_next); \ - QMD_SAVELINK(oldprev, (elm)->field.le_prev); \ - QMD_LIST_CHECK_NEXT(elm, field); \ - QMD_LIST_CHECK_PREV(elm, field); \ - if (LIST_NEXT((elm), field) != NULL) \ - LIST_NEXT((elm), field)->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = LIST_NEXT((elm), field); \ - TRASHIT(*oldnext); \ - TRASHIT(*oldprev); \ -} while (0) - -#define LIST_SWAP(head1, head2, type, field) do { \ - struct type *swap_tmp = LIST_FIRST((head1)); \ - LIST_FIRST((head1)) = LIST_FIRST((head2)); \ - LIST_FIRST((head2)) = swap_tmp; \ - if ((swap_tmp = LIST_FIRST((head1))) != NULL) \ - swap_tmp->field.le_prev = &LIST_FIRST((head1)); \ - if ((swap_tmp = LIST_FIRST((head2))) != NULL) \ - swap_tmp->field.le_prev = &LIST_FIRST((head2)); \ -} while (0) - -/* - * Tail queue declarations. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ - TRACEBUF \ -} - -#define TAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).tqh_first } - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ - TRACEBUF \ -} - -/* - * Tail queue functions. - */ -#if (defined(_KERNEL) && defined(INVARIANTS)) -#define QMD_TAILQ_CHECK_HEAD(head, field) do { \ - if (!TAILQ_EMPTY(head) && \ - TAILQ_FIRST((head))->field.tqe_prev != \ - &TAILQ_FIRST((head))) \ - panic("Bad tailq head %p first->prev != head", (head)); \ -} while (0) - -#define QMD_TAILQ_CHECK_TAIL(head, field) do { \ - if (*(head)->tqh_last != NULL) \ - panic("Bad tailq NEXT(%p->tqh_last) != NULL", (head)); \ -} while (0) - -#define QMD_TAILQ_CHECK_NEXT(elm, field) do { \ - if (TAILQ_NEXT((elm), field) != NULL && \ - TAILQ_NEXT((elm), field)->field.tqe_prev != \ - &((elm)->field.tqe_next)) \ - panic("Bad link elm %p next->prev != elm", (elm)); \ -} while (0) - -#define QMD_TAILQ_CHECK_PREV(elm, field) do { \ - if (*(elm)->field.tqe_prev != (elm)) \ - panic("Bad link elm %p prev->next != elm", (elm)); \ -} while (0) -#else -#define QMD_TAILQ_CHECK_HEAD(head, field) -#define QMD_TAILQ_CHECK_TAIL(head, headname) -#define QMD_TAILQ_CHECK_NEXT(elm, field) -#define QMD_TAILQ_CHECK_PREV(elm, field) -#endif /* (_KERNEL && INVARIANTS) */ - -#define TAILQ_CONCAT(head1, head2, field) do { \ - if (!TAILQ_EMPTY(head2)) { \ - *(head1)->tqh_last = (head2)->tqh_first; \ - (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ - (head1)->tqh_last = (head2)->tqh_last; \ - TAILQ_INIT((head2)); \ - QMD_TRACE_HEAD(head1); \ - QMD_TRACE_HEAD(head2); \ - } \ -} while (0) - -#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) - -#define TAILQ_FIRST(head) ((head)->tqh_first) - -#define TAILQ_FOREACH(var, head, field) \ - for ((var) = TAILQ_FIRST((head)); \ - (var); \ - (var) = TAILQ_NEXT((var), field)) - -#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = TAILQ_FIRST((head)); \ - (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ - for ((var) = TAILQ_LAST((head), headname); \ - (var); \ - (var) = TAILQ_PREV((var), headname, field)) - -#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ - for ((var) = TAILQ_LAST((head), headname); \ - (var) && ((tvar) = TAILQ_PREV((var), headname, field), 1); \ - (var) = (tvar)) - -#define TAILQ_INIT(head) do { \ - TAILQ_FIRST((head)) = NULL; \ - (head)->tqh_last = &TAILQ_FIRST((head)); \ - QMD_TRACE_HEAD(head); \ -} while (0) - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ - QMD_TAILQ_CHECK_NEXT(listelm, field); \ - if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ - TAILQ_NEXT((elm), field)->field.tqe_prev = \ - &TAILQ_NEXT((elm), field); \ - else { \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_HEAD(head); \ - } \ - TAILQ_NEXT((listelm), field) = (elm); \ - (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ - QMD_TRACE_ELEM(&(elm)->field); \ - QMD_TRACE_ELEM(&listelm->field); \ -} while (0) - -#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ - QMD_TAILQ_CHECK_PREV(listelm, field); \ - (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ - TAILQ_NEXT((elm), field) = (listelm); \ - *(listelm)->field.tqe_prev = (elm); \ - (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_ELEM(&(elm)->field); \ - QMD_TRACE_ELEM(&listelm->field); \ -} while (0) - -#define TAILQ_INSERT_HEAD(head, elm, field) do { \ - QMD_TAILQ_CHECK_HEAD(head, field); \ - if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ - TAILQ_FIRST((head))->field.tqe_prev = \ - &TAILQ_NEXT((elm), field); \ - else \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - TAILQ_FIRST((head)) = (elm); \ - (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ - QMD_TRACE_HEAD(head); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_INSERT_TAIL(head, elm, field) do { \ - QMD_TAILQ_CHECK_TAIL(head, field); \ - TAILQ_NEXT((elm), field) = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_HEAD(head); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_LAST(head, headname) \ - (*(((struct headname *)((head)->tqh_last))->tqh_last)) - -#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) - -#define TAILQ_PREV(elm, headname, field) \ - (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) - -#define TAILQ_REMOVE(head, elm, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.tqe_next); \ - QMD_SAVELINK(oldprev, (elm)->field.tqe_prev); \ - QMD_TAILQ_CHECK_NEXT(elm, field); \ - QMD_TAILQ_CHECK_PREV(elm, field); \ - if ((TAILQ_NEXT((elm), field)) != NULL) \ - TAILQ_NEXT((elm), field)->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else { \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - QMD_TRACE_HEAD(head); \ - } \ - *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ - TRASHIT(*oldnext); \ - TRASHIT(*oldprev); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_SWAP(head1, head2, type, field) do { \ - struct type *swap_first = (head1)->tqh_first; \ - struct type **swap_last = (head1)->tqh_last; \ - (head1)->tqh_first = (head2)->tqh_first; \ - (head1)->tqh_last = (head2)->tqh_last; \ - (head2)->tqh_first = swap_first; \ - (head2)->tqh_last = swap_last; \ - if ((swap_first = (head1)->tqh_first) != NULL) \ - swap_first->field.tqe_prev = &(head1)->tqh_first; \ - else \ - (head1)->tqh_last = &(head1)->tqh_first; \ - if ((swap_first = (head2)->tqh_first) != NULL) \ - swap_first->field.tqe_prev = &(head2)->tqh_first; \ - else \ - (head2)->tqh_last = &(head2)->tqh_first; \ -} while (0) - -#endif /* !_SYS_QUEUE_H_ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:44:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:44:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268354.462169 (Exim 4.92) (envelope-from ) id 1nHQnh-0008DF-AQ; Tue, 08 Feb 2022 13:44:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268354.462169; Tue, 08 Feb 2022 13:44:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnh-0008D6-7K; Tue, 08 Feb 2022 13:44:57 +0000 Received: by outflank-mailman (input) for mailman id 268354; Tue, 08 Feb 2022 13:44:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnf-0008Cu-A7 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnf-0000OH-9F for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQnf-00052n-8G for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:44:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E3u+RxCiEy2Bwm7FhHi9O5V7c+OBJVk9qAFehNrr3yc=; b=HR5JkdTHilBsSBOuiAZb3h3Ki9 Ue0L8EtxQ0WnphBtReh0H8ri5Ps9acL6lE6WqalKtS2PRzJzkaxarWZn2zTZjZRYnLW7kpLLhn8PI cnB3tiyMo8BDHH06FhyWM2vagKqexsSCTff+QWzRRf6UYipjMSxCVoSMeL4wRkpawbQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libs: Fix build dependencies Message-Id: Date: Tue, 08 Feb 2022 13:44:55 +0000 commit e62cc29f9b6c42b67182a1362e2ea18bad75b5ff Author: Anthony PERARD AuthorDate: Tue Feb 8 10:39:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:15:53 2022 +0000 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index 5d866b8d04..ef7362327f 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -54,8 +54,6 @@ NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 8f5f3acd21..7f74ac0e7d 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -106,8 +106,6 @@ include $(XEN_ROOT)/tools/libs/libs.mk libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(filter -l%,$(zlib-options)) libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(COMPRESSION_LIBS) -lz --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index 847eb4851f..b3d784c57f 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -132,3 +132,7 @@ clean: .PHONY: distclean distclean: clean + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 5642955672..453bea0067 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -264,5 +264,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index 01417b5334..5840213376 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -121,5 +121,3 @@ clean: cleanlocal cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) rm -f libxenstat.map - --include $(DEPS_INCLUDE) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index c208dbb48a..8e33db6a66 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -29,8 +29,6 @@ ifeq ($(CONFIG_Linux),y) xs.opic: CFLAGS += -DUSE_DLSYM endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index 87425d862a..72fecb4c49 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -49,8 +49,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) @rm -f $*.[ch] $(FLEX) --header-file=$*.h --outfile=$*.c $< --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 13:45:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 13:45:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268355.462173 (Exim 4.92) (envelope-from ) id 1nHQnr-0008G7-Bt; Tue, 08 Feb 2022 13:45:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268355.462173; Tue, 08 Feb 2022 13:45:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnr-0008Fz-8q; Tue, 08 Feb 2022 13:45:07 +0000 Received: by outflank-mailman (input) for mailman id 268355; Tue, 08 Feb 2022 13:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnp-0008FT-DP for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHQnp-0000Ou-Cb for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:45:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHQnp-00054B-Bn for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 13:45:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gd91wE3mDeCETJ2Her4WRNxSIB5/q+eVLXkDi2YBBAc=; b=IZVRe5J+l5J2jqMII/wepeT0QO LTtToRP6aq7CnHFXe8mzYjtbdkG1JNcD/TyC+Vu9JQzEaEZeUEWIh8yf7HmNA6fUgYfY53kAeIFkl wVwWzHvz7ruIbOCCY5PZiLNxS/CF4MJwwoRNM1UbKKGwckVdvfVkpkibY3ukzv4xEMJg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/configure.ac: Replace macro AC_HELP_STRING Message-Id: Date: Tue, 08 Feb 2022 13:45:05 +0000 commit 345746045b49258547d67f456c368f23353575d4 Author: Michal Orzel AuthorDate: Tue Feb 1 18:03:21 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 13:38:33 2022 +0000 tools/configure.ac: Replace macro AC_HELP_STRING ... with AS_HELP_STRING as the former is obsolete according to GNU autoconf 2.67 documentation. Signed-off-by: Michal Orzel Acked-by: Anthony PERARD --- tools/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/configure.ac b/tools/configure.ac index 5a4fb9022d..f29c319b42 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -215,7 +215,7 @@ AC_SUBST(qemu_xen_path) AC_SUBST(qemu_xen_systemd) AC_ARG_WITH([stubdom-qmp-proxy], - AC_HELP_STRING([--stubdom-qmp-proxy@<:@=PATH@:>@], + AS_HELP_STRING([--stubdom-qmp-proxy@<:@=PATH@:>@], [Use supplied binary PATH as a QMP proxy into stubdomain]),[ stubdom_qmp_proxy="$withval" ],[ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 16:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 16:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268474.462308 (Exim 4.92) (envelope-from ) id 1nHTle-0007gu-Id; Tue, 08 Feb 2022 16:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268474.462308; Tue, 08 Feb 2022 16:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTle-0007gm-Fo; Tue, 08 Feb 2022 16:55:02 +0000 Received: by outflank-mailman (input) for mailman id 268474; Tue, 08 Feb 2022 16:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTld-0007gg-Ph for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTld-0004Pt-Hm for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHTld-0006t5-GS for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+xAefhwdLbE0yS2lEFikrwztHVcWDwDn7j0G0ZhoRjE=; b=bhSbQA+yVHj5n4N2dgqrUYbZmi uQz6Dugy5QoSC/zuCqmTMbmz9DuaoEH5BIBUyBfCewTFrnE7hThWY135qoyzR1X7SCJ9ET1hoDwos QkraqbPtDHpDtFJtjUequHbgFNOK5iU6K3MD5u0ocQLoq2zcdbPh65GB6UD/tuUlwJtA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: Fix boot on systems where HVM isn't available Message-Id: Date: Tue, 08 Feb 2022 16:55:01 +0000 commit e9b32164142e40a2585543a46530066b58a76f3f Author: Andrew Cooper AuthorDate: Fri Feb 4 17:01:41 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 x86/hvm: Fix boot on systems where HVM isn't available c/s 27a63cdac388 ("x86/HVM: convert remaining hvm_funcs hook invocations to alt-call") went too far with dropping NULL function pointer checks. smp_callin() and S3 resume call hvm_cpu_up() unconditionally. When the platform doesn't support HVM, hvm_enable() exits without filling in hvm_funcs, after which the altcall pass nukes the (now unconditional) indirect call, causing: (XEN) ----[ Xen-4.17.0-10.18-d x86_64 debug=y Not tainted ]---- (XEN) CPU: 1 (XEN) RIP: e008:[] start_secondary+0x393/0x3b7 (XEN) RFLAGS: 0000000000010086 CONTEXT: hypervisor ... (XEN) Xen code around (start_secondary+0x393/0x3b7): (XEN) ff ff 8b 05 1b 84 17 00 <0f> 0b 0f ff ff 90 89 c3 85 c0 0f 84 db fe ff ff ... (XEN) Xen call trace: (XEN) [] R start_secondary+0x393/0x3b7 (XEN) [] F __high_start+0x42/0x60 To make matters worse, several paths including __stop_this_cpu() call hvm_cpu_down() unconditionally too, so what happen next is: (XEN) ----[ Xen-4.17.0-10.18-d x86_64 debug=y Not tainted ]---- (XEN) CPU: 0 (XEN) RIP: e008:[] __stop_this_cpu+0x12/0x3c (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor ... (XEN) Xen code around (__stop_this_cpu+0x12/0x3c): (XEN) 48 89 e5 e8 8a 1d fd ff <0f> 0b 0f ff ff 90 0f 06 db e3 48 89 e0 48 0d ff ... (XEN) Xen call trace: (XEN) [] R __stop_this_cpu+0x12/0x3c (XEN) [] F smp_send_stop+0xdd/0xf8 (XEN) [] F machine_restart+0xa2/0x298 (XEN) [] F arch/x86/shutdown.c#__machine_restart+0xb/0x11 (XEN) [] F smp_call_function_interrupt+0xbf/0xea (XEN) [] F call_function_interrupt+0x35/0x37 (XEN) [] F do_IRQ+0xa3/0x6b5 (XEN) [] F common_interrupt+0x10a/0x120 (XEN) [] F __udelay+0x3a/0x51 (XEN) [] F __cpu_up+0x48f/0x734 (XEN) [] F cpu_up+0x7d/0xde (XEN) [] F __start_xen+0x200b/0x2618 (XEN) [] F __high_start+0x4f/0x60 which recurses until hitting a stack overflow. The #DF handler, which resets its stack on each invocation, loops indefinitely. Reinstate the NULL function pointer checks for hvm_cpu_{up,down}(), along with comments explaining how the helpers are used. Fixes: 27a63cdac388 ("x86/HVM: convert remaining hvm_funcs hook invocations to alt-call") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hvm/hvm.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index a441cbc221..b44bbdeb21 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -551,14 +551,20 @@ static inline void hvm_invlpg(struct vcpu *v, unsigned long linear) (1U << TRAP_alignment_check) | \ (1U << TRAP_machine_check)) +/* Called in boot/resume paths. Must cope with no HVM support. */ static inline int hvm_cpu_up(void) { - return alternative_call(hvm_funcs.cpu_up); + if ( hvm_funcs.cpu_up ) + return alternative_call(hvm_funcs.cpu_up); + + return 0; } +/* Called in shutdown paths. Must cope with no HVM support. */ static inline void hvm_cpu_down(void) { - alternative_vcall(hvm_funcs.cpu_down); + if ( hvm_funcs.cpu_down ) + alternative_vcall(hvm_funcs.cpu_down); } static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 16:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 16:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268475.462313 (Exim 4.92) (envelope-from ) id 1nHTlo-0007id-KQ; Tue, 08 Feb 2022 16:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268475.462313; Tue, 08 Feb 2022 16:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTlo-0007iV-HL; Tue, 08 Feb 2022 16:55:12 +0000 Received: by outflank-mailman (input) for mailman id 268475; Tue, 08 Feb 2022 16:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTln-0007iN-LN for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTln-0004QE-Ke for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHTln-0006wq-Ju for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8dF3OQjJ5jLV1YSeB97LGRBpJg+0griwceFH+LRPWj4=; b=ie3gMRVlDtPC6mqU1IQaTuddL9 9rznuNMAJmUXaNjQOVhJqtv44luEe2QT7FqhWtPb5GgxBDhye2nwKHUUSt8+6yogQs3KDhpaj2l8W soqXZ3O82dk2gk1vSaUF1G2iYB/FNZvn5Wpb7I+Qu4XiNsMYS7/A1NchPYDmNxaD+jB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/smp: Speed up on_selected_cpus() Message-Id: Date: Tue, 08 Feb 2022 16:55:11 +0000 commit f97c1abf2934e76fb69fabaf4f5ec04afa813816 Author: Andrew Cooper AuthorDate: Fri Feb 4 20:12:04 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 xen/smp: Speed up on_selected_cpus() cpumask_weight() is an incredibly expensive way to find if no bits are set, made worse by the fact that the calculation is performed with the global call_lock held. This appears to be a missing optimisation from c/s 433f14699d48 ("x86: Clean up smp_call_function handling.") in 2011 which dropped the logic requiring the count of CPUs. Switch to using cpumask_empty() instead, which will short circuit as soon as it finds any set bit in the cpumask. Signed-off-by: Andrew Cooper Reviewed-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/smp.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/xen/common/smp.c b/xen/common/smp.c index 781bcf2c24..a011f541f1 100644 --- a/xen/common/smp.c +++ b/xen/common/smp.c @@ -50,8 +50,6 @@ void on_selected_cpus( void *info, int wait) { - unsigned int nr_cpus; - ASSERT(local_irq_is_enabled()); ASSERT(cpumask_subset(selected, &cpu_online_map)); @@ -59,8 +57,7 @@ void on_selected_cpus( cpumask_copy(&call_data.selected, selected); - nr_cpus = cpumask_weight(&call_data.selected); - if ( nr_cpus == 0 ) + if ( cpumask_empty(&call_data.selected) ) goto out; call_data.func = func; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 16:55:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 16:55:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268476.462317 (Exim 4.92) (envelope-from ) id 1nHTly-0007lq-M9; Tue, 08 Feb 2022 16:55:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268476.462317; Tue, 08 Feb 2022 16:55:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTly-0007lj-Im; Tue, 08 Feb 2022 16:55:22 +0000 Received: by outflank-mailman (input) for mailman id 268476; Tue, 08 Feb 2022 16:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTlx-0007lW-OO for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHTlx-0004QW-NV for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHTlx-0007WO-Mm for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 16:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kli7wFTkPh/QC+16PyJhAmq1yAEdeV4Vv1yddzo2rKU=; b=WJDNmWiIZZSxZNxzcvnp2vwmcs mNxJ6bUjzt3hE+pT8POpdn/QHZOeTJigKKhYSGCiaiI9vBg9re7nx8f4bd7+fEOtGyZ+1+x5kt2hz 6cBNnvDZz1fdZ4AYV3x4FbujyiRwRRaxp3XZdHNzJioD2MfDvLWCpledUTAiTbncvU9c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] dom0/pvh: fix processing softirqs during memory map population Message-Id: Date: Tue, 08 Feb 2022 16:55:21 +0000 commit 10d33220f2363a21a52a394159118ab4ddaed50e Author: Roger Pau Monne AuthorDate: Mon Feb 7 12:20:08 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 7 17:41:24 2022 +0000 dom0/pvh: fix processing softirqs during memory map population Make sure softirqs are processed after every successful call to guest_physmap_add_page. Even if only a single page is to be added, it's unknown whether the p2m or the IOMMU will require splitting the provided page into smaller ones, and thus in case of having to break a 1G page into 4K entries the amount of time taken by a single of those additions will be non-trivial. Stay on the safe side and check for pending softirqs on every successful loop iteration. Fixes: 5427134eae ('x86: populate PVHv2 Dom0 physical memory map') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index afba6e7dfd..f9e17249dc 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -113,10 +113,9 @@ static int __init pvh_populate_memory_range(struct domain *d, { .align = PFN_DOWN(MB(2)), .order = PAGE_ORDER_2M }, { .align = PFN_DOWN(KB(4)), .order = PAGE_ORDER_4K }, }; - unsigned int max_order = MAX_ORDER, i = 0; + unsigned int max_order = MAX_ORDER; struct page_info *page; int rc; -#define MAP_MAX_ITER 64 while ( nr_pages != 0 ) { @@ -185,12 +184,16 @@ static int __init pvh_populate_memory_range(struct domain *d, start += 1UL << order; nr_pages -= 1UL << order; order_stats[order]++; - if ( (++i % MAP_MAX_ITER) == 0 ) - process_pending_softirqs(); + /* + * Process pending softirqs on every successful loop: it's unknown + * whether the p2m/IOMMU code will have split the page into multiple + * smaller entries, and thus the time consumed would be much higher + * than populating a single entry. + */ + process_pending_softirqs(); } return 0; -#undef MAP_MAX_ITER } /* Steal RAM from the end of a memory region. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268623.462508 (Exim 4.92) (envelope-from ) id 1nHUxG-0008Fv-Ki; Tue, 08 Feb 2022 18:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268623.462508; Tue, 08 Feb 2022 18:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxG-0008Fl-Gj; Tue, 08 Feb 2022 18:11:06 +0000 Received: by outflank-mailman (input) for mailman id 268623; Tue, 08 Feb 2022 18:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxF-0008Ev-4Y for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxF-0005vd-26 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUxF-0004RS-1B for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QwpsIgjuiVw7OatyoK7thVgCq2L7kZLBdRFVylKODfI=; b=JaInyj3xkRdnNvVq//tC5Vopsa cIP3Q+v9pSsMZWwuwskL5lETuS2Gaa2W1vq68h/wIuju+7H8QTER14ZTnbJf3KwmSqqo6PaFMoLp/ 37x8RsnkQrzgEcXIhvdW//zhdI+JEzbXMVD/PrgkHHJBFHWx1QBhj2TCnfcsnMqIYa9Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Tue, 08 Feb 2022 18:11:05 +0000 commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 +++++++++++++++++++++++++++++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/processor.h | 3 +++ xen/arch/x86/include/asm/spec_ctrl.h | 2 -- xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 ++++++++++++----------------------- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 9b011c3446..e7d4dd652f 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 4754940e23..a0ab6d7d78 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -134,6 +134,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index e2e1eaf5bd..23639d5479 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -626,6 +626,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index a803d16f90..f760295236 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 22ae4c1b2d..335129a010 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -385,8 +385,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ee862089b7..3628b4b415 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1251,32 +1250,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1314,9 +1305,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268624.462512 (Exim 4.92) (envelope-from ) id 1nHUxQ-0008KT-Nf; Tue, 08 Feb 2022 18:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268624.462512; Tue, 08 Feb 2022 18:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxQ-0008KJ-KP; Tue, 08 Feb 2022 18:11:16 +0000 Received: by outflank-mailman (input) for mailman id 268624; Tue, 08 Feb 2022 18:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxP-0008K7-5w for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxP-0005xI-5D for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUxP-0004SD-4L for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=183wJpQcjl2QGXPACPe7MCOHSZ76H0w0cwwiDJ6zaTk=; b=wmKOhpT+wCXFfF+yEOrxnYUKWV Etwv6lSuO6+OoYa/d45mXOnESXpKk/373cF+Ma7tv/QJdu9h710A7uzC5vm2Xaq2AcmxJPb6AoOhJ AmpaP0Ej+nS2lfF5zXgGfyW+JTXL9dSP+ErDsKqUYyi4BbaIVVxZIi0k0JWyraeYXXOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Tue, 08 Feb 2022 18:11:15 +0000 commit 4116139131e93b4f075e5442e3c1b424280f6f1f Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268625.462516 (Exim 4.92) (envelope-from ) id 1nHUxa-0008OX-Oy; Tue, 08 Feb 2022 18:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268625.462516; Tue, 08 Feb 2022 18:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxa-0008OP-Lw; Tue, 08 Feb 2022 18:11:26 +0000 Received: by outflank-mailman (input) for mailman id 268625; Tue, 08 Feb 2022 18:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxZ-0008Nj-9D for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxZ-0005xP-8Q for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUxZ-0004Sj-7b for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7kI54XpllhImaD/YvZ5kE86x5PrhTWj+OBefuGWhrRc=; b=jLP1GQ+okD5YolaLc1Xdd70ZQA MpfidtRSYP3u5U9+KhbeL0WqI/COw0Sd34YEk39liE+wQyevf9zHeBtyKmav3dZXA44Sz9q0YUNnX O56qEjy9GY4FVX4OnqPeA/L7GpNLKoxrbgmExPYjbN1Peg1amnl5vWoDICWfizvfdOJA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Tue, 08 Feb 2022 18:11:25 +0000 commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 25 +++++++++--- xen/arch/x86/include/asm/msr-index.h | 2 + xen/arch/x86/spec_ctrl.c | 7 +++- xen/arch/x86/tsx.c | 76 ++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 6b3da6ddc1..8e75e592e7 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2387,7 +2387,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2395,19 +2397,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index ab68ef2681..9df1959fe5 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -78,6 +78,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3628b4b415..2b93468d39 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1233,11 +1233,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268629.462520 (Exim 4.92) (envelope-from ) id 1nHUxk-0008TV-QR; Tue, 08 Feb 2022 18:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268629.462520; Tue, 08 Feb 2022 18:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxk-0008TN-NU; Tue, 08 Feb 2022 18:11:36 +0000 Received: by outflank-mailman (input) for mailman id 268629; Tue, 08 Feb 2022 18:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxj-0008SY-CI for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxj-0005xW-Bc for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUxj-0004TK-Ac for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ehL/8VP122DTNLIxHg9pSjRSOzu+8aQtsjA53u17kh8=; b=SaGD5BeQJP6Bxrlyh8pBWQRi3P 5DBJfarm2VS5V1VQbxpZ6zactrvnJFEn6ERZ+jv1jpsCrJz5mKPzlNLvtqGWBTPoke8ZnX14J9SwH 9lNwFc9H+s/ltIoQQ9h7d3M0EO8ktpJXhXM/32lJ2hDY0UZH4lLquHf6UDgY6/R10KJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL Message-Id: Date: Tue, 08 Feb 2022 18:11:35 +0000 commit 4b45c4faa8c0637eb41cb4b143ccd4e9548c4908 Author: Andrew Cooper AuthorDate: Thu Jun 10 12:34:45 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL This MSR needs to be identical across the system for TSX to have identical behaviour everywhere. Furthermore, its CPUID bit (SRBDS_CTRL) shouldn't be visible to guests. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- tools/tests/tsx/test-tsx.c | 9 ++++++++- xen/arch/x86/platform_hypercall.c | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index a3d987b6d2..f11e8c54e0 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -42,6 +42,7 @@ enum { #define ARCH_CAPS_TSX_CTRL (1 << 7) #define MSR_TSX_FORCE_ABORT 0x0000010f #define MSR_TSX_CTRL 0x00000122 +#define MSR_MCU_OPT_CTRL 0x00000123 static unsigned int nr_failures; #define fail(fmt, ...) \ @@ -155,6 +156,10 @@ static void test_tsx_msrs(void) printf("Testing MSR_TSX_CTRL consistency\n"); test_tsx_msr_consistency( MSR_TSX_CTRL, host.msr.arch_caps.tsx_ctrl); + + printf("Testing MSR_MCU_OPT_CTRL consistency\n"); + test_tsx_msr_consistency( + MSR_MCU_OPT_CTRL, host.cpuid.feat.srbds_ctrl); } /* @@ -313,7 +318,8 @@ static void test_guest_policies(const struct xc_cpu_policy *max, if ( ((cm->feat.raw[0].d | cd->feat.raw[0].d) & (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT))) || + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | + bitmaskof(X86_FEATURE_SRBDS_CTRL))) || ((mm->arch_caps.raw | md->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) fail(" Xen-only TSX controls offered to guest\n"); @@ -388,6 +394,7 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.cpuid.feat.hle || guest_policy.cpuid.feat.tsx_force_abort || guest_policy.cpuid.feat.rtm_always_abort || + guest_policy.cpuid.feat.srbds_ctrl || guest_policy.msr.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 284c2dfb9e..bf4090c942 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -80,6 +80,9 @@ static bool msr_read_allowed(unsigned int msr) case MSR_TSX_CTRL: return cpu_has_tsx_ctrl; + + case MSR_MCU_OPT_CTRL: + return cpu_has_srbds_ctrl; } if ( ppin_msr && msr == ppin_msr ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268637.462535 (Exim 4.92) (envelope-from ) id 1nHUxu-0000Na-52; Tue, 08 Feb 2022 18:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268637.462535; Tue, 08 Feb 2022 18:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxu-0000NQ-1k; Tue, 08 Feb 2022 18:11:46 +0000 Received: by outflank-mailman (input) for mailman id 268637; Tue, 08 Feb 2022 18:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxt-0000Mn-Fd for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUxt-0005xf-Ev for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUxt-0004Tt-Dv for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xeesTCU9dWJR5g77TGDhkuSvoWqPOBNclFiS/pfyME4=; b=2x4u44866UWRA+Hwfvvr2OHfL/ Vl1S3KMAnyRRsntG9jqp4sXpcQoVKgHfLc4jcPy8wEZjnpbm3tkYUXoYfBw62P2FBS/9dNQmhr1Sr OPT5ELZ+TKaAHw8p2oJ1beBhBQK4kUbxtq9GefodgkpeFs4b1KKVBgan1499apaY3dh0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Tue, 08 Feb 2022 18:11:45 +0000 commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 3c8f3ed1ba..4062629698 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -200,6 +200,10 @@ static const char *const str_7b1[32] = [ 0] = "ppin", }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -219,6 +223,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d4f5028fa2..c4f07f2d1d 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -447,6 +447,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 957df23b65..81b0f5e0aa 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -302,6 +302,8 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory Number */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:11:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268639.462539 (Exim 4.92) (envelope-from ) id 1nHUy4-0000YU-7U; Tue, 08 Feb 2022 18:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268639.462539; Tue, 08 Feb 2022 18:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUy4-0000YH-3p; Tue, 08 Feb 2022 18:11:56 +0000 Received: by outflank-mailman (input) for mailman id 268639; Tue, 08 Feb 2022 18:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUy3-0000Xg-Iq for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUy3-0005xz-I9 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUy3-0004UZ-HO for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VVjMzEpccb0EXQ9P/KDzKrknDkgnS6bCYb5xAra1GG0=; b=gucNXBLSyUz0WLz07S71hRAPgX F93udc18P9DNZkwlS/GNK841kCnSKJBEqrV3pLjf8FjX3RKpo9IDx7zBYsTENA1BdL3+Toi4nZqjX 4lnBLq8yNKb3aymuSyjqR7FbkV64ShO0Rw9RHqNB0HVC9FvjJ3yV4D2DfSdReuggWis0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Tue, 08 Feb 2022 18:11:55 +0000 commit 52ce1c97844db213de01c5300eaaa8cf101a285f Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648d..d462f9e421 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4062629698..0b1b3333fe 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -202,6 +202,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 4ac5b5a048..01a15857b7 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -443,7 +443,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b93468d39..cbeeb19903 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 81b0f5e0aa..9cee4b439e 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,6 +303,7 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory Number */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 39c8b0c774..e0e3f2f463 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -287,7 +287,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268645.462543 (Exim 4.92) (envelope-from ) id 1nHUyF-0000oy-9s; Tue, 08 Feb 2022 18:12:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268645.462543; Tue, 08 Feb 2022 18:12:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyF-0000op-6m; Tue, 08 Feb 2022 18:12:07 +0000 Received: by outflank-mailman (input) for mailman id 268645; Tue, 08 Feb 2022 18:12:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyE-0000nM-6o for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyE-0005yG-62 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUyE-0004Xn-4G for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e1ozA9QV64GTbOvekfNPXpTIbE3k7olC0lMfULViOD4=; b=4tULiO1kNWq6fTl5nwql3W8/E0 C5S1uKhe14phckYlg26vmQjhGOE8TIfWAMn0xPPXt/4EUa+Cv9a9IilMGm82iBuFOb9ZhkZ7sl/TN K/2NXiCV82l10tO5JktD+9BindZzjpcVuMpTzXKCFC/q8TyuwIvH0/mS1OHSCTtDTbjs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Tue, 08 Feb 2022 18:12:06 +0000 commit 548f91b260f5cdfc3176e5f9a29af292756f0786 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:41:24 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 4a163afbfc..c6773c85fd 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -379,7 +379,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -394,7 +394,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -404,53 +404,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 517d632b50..39c8b0c774 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -427,6 +427,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268647.462547 (Exim 4.92) (envelope-from ) id 1nHUyP-0000sn-Bm; Tue, 08 Feb 2022 18:12:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268647.462547; Tue, 08 Feb 2022 18:12:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyP-0000sg-8O; Tue, 08 Feb 2022 18:12:17 +0000 Received: by outflank-mailman (input) for mailman id 268647; Tue, 08 Feb 2022 18:12:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyO-0000sT-A2 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyO-0005yK-9G for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUyO-0004ge-8Z for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tYxRHna8MqjjZ/Y6DLT5egNSQTVz7hahHEDFxTSWdRY=; b=GhGHrXHESSaxPYcYcc6Gg0qZ0L 0XzF2/1y7Rp99fqV/57k8ATIcjYC7dEGtogPfyrDigVuc70x/wtK7D4sDVO9NBYFo2b+yFzhSivK6 k0lGggPTXmKIj23PGL6baIzdwSOEliWBuIS6566Cl7t6Xm5JUpCSYv1Astj4YVd4SNrI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Tue, 08 Feb 2022 18:12:16 +0000 commit 50183d9f7cce12cac0e089ccf765417aa5832efc Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:41:24 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 34f31326c0..fae84b4c69 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -193,6 +193,10 @@ static const char *const str_e21a[32] = [ 6] = "nscb", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c6773c85fd..d4f5028fa2 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -445,7 +445,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 228a5dc29e..a4b900d753 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -297,6 +297,8 @@ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268648.462551 (Exim 4.92) (envelope-from ) id 1nHUyZ-0000wD-DG; Tue, 08 Feb 2022 18:12:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268648.462551; Tue, 08 Feb 2022 18:12:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyZ-0000w5-A9; Tue, 08 Feb 2022 18:12:27 +0000 Received: by outflank-mailman (input) for mailman id 268648; Tue, 08 Feb 2022 18:12:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyY-0000vo-D9 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyY-0005yU-CO for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUyY-0004hg-Bi for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=15uclakmdtn8CB19FdIjuF9Myx6nra3rptAS7HS12aI=; b=KFKxucmkxkyscqIJlYxVyF2DBN T8ST9Z0TFRmQln9Xas8aE/QoZ8M89GVtkkFuv8ZFWH6fV/YwFvJi478YW8vRauVIph9psX1aheVTn crtm0tLZ6Gjhey4Ton95LqY/XokytwYokHzEFW22aiunOQHJ3Lve1qpaDCpSuZrdN9Jg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Tue, 08 Feb 2022 18:12:26 +0000 commit 41e477b4f367269dc1b768a335cfa16f48f7f02f Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 9b011c3446..e7d4dd652f 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 54237c6c6d..2596e4374b 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -384,8 +384,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ee862089b7..3628b4b415 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1251,32 +1250,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1314,9 +1305,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index ba0fe7c0aa..0ff6d899f9 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -133,6 +133,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index bc4dc69253..3d8aacd3aa 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -630,6 +630,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a803d16f90..f760295236 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268649.462554 (Exim 4.92) (envelope-from ) id 1nHUyj-0000zX-Ew; Tue, 08 Feb 2022 18:12:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268649.462554; Tue, 08 Feb 2022 18:12:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyj-0000zR-Bf; Tue, 08 Feb 2022 18:12:37 +0000 Received: by outflank-mailman (input) for mailman id 268649; Tue, 08 Feb 2022 18:12:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyi-0000zE-GS for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyi-0005yY-FY for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUyi-0004iN-Eh for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EZR9Or21JIYm33AEeSTLsGWJSbjr7kF/v221kb4p1pk=; b=bCaYx8kbArmziZ/cE/E6ZfI3Co uly3SNRxNKxfgs+9vrQZbnG5syhXLrOON/ZSOQVoIDk0Q7VtYRZ+0ipp348uIoKBhdavhqp6iw/ak lIfQ+bKaYVhEb7OpL8X6CNCbEHNiyCnP60TTMq2bCpzackDx0I5dVTugl8aD70YEt22Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Tue, 08 Feb 2022 18:12:36 +0000 commit 0ce302cfd6a9fa97328208f9fd02daf02cf5c3ad Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268650.462558 (Exim 4.92) (envelope-from ) id 1nHUyt-00013N-IS; Tue, 08 Feb 2022 18:12:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268650.462558; Tue, 08 Feb 2022 18:12:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUyt-00013G-FW; Tue, 08 Feb 2022 18:12:47 +0000 Received: by outflank-mailman (input) for mailman id 268650; Tue, 08 Feb 2022 18:12:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUys-000135-K0 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUys-0005z2-JK for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUys-0004jA-IG for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JTsbJhe7NzX88V1ZycgJrp5++mCFuXXngZVgWFXlvfw=; b=KyTNlp6MMbby3LRMBKaKMWz+Zv /JkzNe7rfpuq11AWDruIi2MG3wdYI14Pmni6N1P4Woh9eX46EyhkJuXB+rhNc2P9SU4ZRHETZQgLz 2mQxGvC5UieGvVHuE/zcEsGPYDj61T1eHaKkOKavQ127vL7GJBKeq+FebFGV/DE4CN/k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Tue, 08 Feb 2022 18:12:46 +0000 commit 0c46d108b74bd38e0887cdd02cb82dd1084586cb Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index f7797ea233..995197f4b2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2371,7 +2371,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2379,19 +2381,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3628b4b415..2b93468d39 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1233,11 +1233,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index ab68ef2681..9df1959fe5 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -78,6 +78,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:12:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:12:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268658.462564 (Exim 4.92) (envelope-from ) id 1nHUz3-00017p-KT; Tue, 08 Feb 2022 18:12:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268658.462564; Tue, 08 Feb 2022 18:12:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUz3-00017h-HD; Tue, 08 Feb 2022 18:12:57 +0000 Received: by outflank-mailman (input) for mailman id 268658; Tue, 08 Feb 2022 18:12:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUz2-00017X-Mz for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUz2-0005z7-MI for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUz2-0004lP-Lg for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:12:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s895ooQrQsro2Q6aXKF+Z8ithRF85Z7txUVXmgeN+bg=; b=O6urEsFhLHormTp3ZRGO9Rim45 Haa5FgR7AEZ3jzKWCeLKOUjjwLHE5bAbJf6mtQ89WXTqS0CrUmqXVAFVfTpQ7RvPEVW+dhsBdmLbk iSpickxM7FnutncRRuLWjTxOKmZ1TEPY+qJswDMwNi/jwoyMUQgN/CD8oY3dyGQCGP0Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL Message-Id: Date: Tue, 08 Feb 2022 18:12:56 +0000 commit 60f5eb827bec993c824f426ab7d574362c0b4863 Author: Andrew Cooper AuthorDate: Thu Jun 10 12:34:45 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL This MSR needs to be identical across the system for TSX to have identical behaviour everywhere. Furthermore, its CPUID bit (SRBDS_CTRL) shouldn't be visible to guests. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 4b45c4faa8c0637eb41cb4b143ccd4e9548c4908) --- tools/tests/tsx/test-tsx.c | 9 ++++++++- xen/arch/x86/platform_hypercall.c | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index a3d987b6d2..f11e8c54e0 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -42,6 +42,7 @@ enum { #define ARCH_CAPS_TSX_CTRL (1 << 7) #define MSR_TSX_FORCE_ABORT 0x0000010f #define MSR_TSX_CTRL 0x00000122 +#define MSR_MCU_OPT_CTRL 0x00000123 static unsigned int nr_failures; #define fail(fmt, ...) \ @@ -155,6 +156,10 @@ static void test_tsx_msrs(void) printf("Testing MSR_TSX_CTRL consistency\n"); test_tsx_msr_consistency( MSR_TSX_CTRL, host.msr.arch_caps.tsx_ctrl); + + printf("Testing MSR_MCU_OPT_CTRL consistency\n"); + test_tsx_msr_consistency( + MSR_MCU_OPT_CTRL, host.cpuid.feat.srbds_ctrl); } /* @@ -313,7 +318,8 @@ static void test_guest_policies(const struct xc_cpu_policy *max, if ( ((cm->feat.raw[0].d | cd->feat.raw[0].d) & (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT))) || + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | + bitmaskof(X86_FEATURE_SRBDS_CTRL))) || ((mm->arch_caps.raw | md->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) fail(" Xen-only TSX controls offered to guest\n"); @@ -388,6 +394,7 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.cpuid.feat.hle || guest_policy.cpuid.feat.tsx_force_abort || guest_policy.cpuid.feat.rtm_always_abort || + guest_policy.cpuid.feat.srbds_ctrl || guest_policy.msr.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 284c2dfb9e..bf4090c942 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -80,6 +80,9 @@ static bool msr_read_allowed(unsigned int msr) case MSR_TSX_CTRL: return cpu_has_tsx_ctrl; + + case MSR_MCU_OPT_CTRL: + return cpu_has_srbds_ctrl; } if ( ppin_msr && msr == ppin_msr ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268659.462567 (Exim 4.92) (envelope-from ) id 1nHUzD-0001Ah-Lk; Tue, 08 Feb 2022 18:13:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268659.462567; Tue, 08 Feb 2022 18:13:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzD-0001AZ-Ik; Tue, 08 Feb 2022 18:13:07 +0000 Received: by outflank-mailman (input) for mailman id 268659; Tue, 08 Feb 2022 18:13:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzC-0001AP-Ps for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzC-0005zO-P9 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUzC-0004md-OW for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V48uJHnLnKlGlqi8h8NyzeMFgwZYt+fgq7z3MFJJjkM=; b=RwophXRP5PmOtd2lG/OKrRC/fQ wY6xKemnmMFUjDd7p2M6Uy2f7yzFPtEfDNlstKk/0NDqEkQPsRzhxOH1kZ/b/TOGRzn9vKcOZFVEZ K3q+Nrboi8Z1MfKAPi8y2DPZXFkfw9f1zDLkyE4MpSdZ56lqLLmsORUxlznzaLg5/J3k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Tue, 08 Feb 2022 18:13:06 +0000 commit b8fec3e3f513dccbe5e25acf325673e50614d863 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index fae84b4c69..a36aa2fae0 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -197,6 +197,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -216,6 +220,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d4f5028fa2..c4f07f2d1d 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -447,6 +447,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a4b900d753..1d01b42b61 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -299,6 +299,8 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268661.462570 (Exim 4.92) (envelope-from ) id 1nHUzN-0001Dr-Na; Tue, 08 Feb 2022 18:13:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268661.462570; Tue, 08 Feb 2022 18:13:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzN-0001Dj-KH; Tue, 08 Feb 2022 18:13:17 +0000 Received: by outflank-mailman (input) for mailman id 268661; Tue, 08 Feb 2022 18:13:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzM-0001Da-Sv for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzM-0005zS-SG for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUzM-0004na-Rc for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aHufQtpTEGvj9N1ww9/1dCaxRDrjevYXKk8fcz49ok4=; b=a379k7gRFd3VVUfK9BzsKG8x8/ hRHhrBRI7sLDet0CUhVRJY6jqWI/0Ae6h+7EAumPmcVwCLPfjZnJ58niD7WAqZ05IFTtyYKwtlIVd E+W225yDr0SSw4G+HfywCEyGsA1be6n8KcGyY4PNJXj8wmu7Dx34NfJbtuevplqsjQiA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Tue, 08 Feb 2022 18:13:16 +0000 commit 2d8eade97343e99c26b004a05868532613007c8d Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648d..d462f9e421 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a36aa2fae0..bc7dcf5575 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -199,6 +199,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 119ebfa91c..aaedb2c312 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -443,7 +443,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b93468d39..cbeeb19903 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 1d01b42b61..743b857dcd 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,6 +300,7 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 39c8b0c774..e0e3f2f463 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -287,7 +287,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268662.462576 (Exim 4.92) (envelope-from ) id 1nHUzY-0001HP-Qv; Tue, 08 Feb 2022 18:13:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268662.462576; Tue, 08 Feb 2022 18:13:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzY-0001HH-NQ; Tue, 08 Feb 2022 18:13:28 +0000 Received: by outflank-mailman (input) for mailman id 268662; Tue, 08 Feb 2022 18:13:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzX-0001H7-B9 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzX-0005zi-AQ for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUzX-0004pE-9r for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b0I3DLRh5kXHHTCkbVL8z0I1ojSngHXKoalrIwgaeOE=; b=4wZn4zrAZbpd/SviY1v9R2JGcT YGBjj4qTCfeD83dmd7BuKlt5T4SvH18ZOLDYdo3HNudY6/ZBlO9C0xxXuOFYobXUM+VedwfZuRks8 wHiWrjD9j+DCq1VsN/kxI2wObbz5+osELKJaZS6TKJgXgC5A4S8HaIbKFQXzVV0kC0jM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Tue, 08 Feb 2022 18:13:27 +0000 commit 0facadbbf7fc9cf042451181dc3b08b8b44a3284 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 292f764d9e..d5e9f9e37c 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -366,7 +366,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -381,7 +381,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -391,53 +391,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index a45995d246..152ce1afb6 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -425,6 +425,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268663.462579 (Exim 4.92) (envelope-from ) id 1nHUzi-0001KR-Rz; Tue, 08 Feb 2022 18:13:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268663.462579; Tue, 08 Feb 2022 18:13:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzi-0001KJ-P0; Tue, 08 Feb 2022 18:13:38 +0000 Received: by outflank-mailman (input) for mailman id 268663; Tue, 08 Feb 2022 18:13:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzh-0001K1-E4 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzh-0005zu-DN for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUzh-0004pt-Ci for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=okrfdv8aS9kZD6wST2NIQXSSfY15YvuPCzLWd4QB5AM=; b=ec3UnnlbuIK61AwEb2hkEpuGmd mo/7fUP6u48/7DY1g/FyhGNMuRq3FMe1EgKqq/l8V/u6ehml24fo2LokHI52qQ+45kA1bsGNTZcb6 R9rwTQNy0VPEYb9ZX66AsXGXNxNKA/XGARsM+bNLDd47cML4FkMQiE7RMZrad2r2lsUE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Tue, 08 Feb 2022 18:13:37 +0000 commit ff1215c25fa215ffcf094347c5104c4473cba706 Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 92c40b045c..4440fd6c5e 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -188,6 +188,10 @@ static const char *const str_e21a[32] = [ 2] = "lfence+", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -206,6 +210,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d5e9f9e37c..36f55e285b 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -432,7 +432,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bafc898774..45b29542c5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -291,6 +291,8 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268664.462583 (Exim 4.92) (envelope-from ) id 1nHUzs-0001NL-TZ; Tue, 08 Feb 2022 18:13:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268664.462583; Tue, 08 Feb 2022 18:13:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzs-0001ND-Qc; Tue, 08 Feb 2022 18:13:48 +0000 Received: by outflank-mailman (input) for mailman id 268664; Tue, 08 Feb 2022 18:13:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzr-0001N2-HJ for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHUzr-00060K-Ga for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHUzr-0004qM-Fn for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7iB/uV/BZQSMknDBPIRBwt9GJHxVbeJSsoW74LTVkzs=; b=Ax9wFkVRTE0hHRSvDDOfDS/qrZ gg8EvHnJgR33tqlQ+s3jAbNqtKJuYUvQaosMuqN2XMEXDM8zWtjtYVYkgbxJm5bj1stg0io4kGt4Z pcsOvt2TyG/8VEzlZLBBeqvH0/wQOn3P00R6mYBIzJC6fza7rIUpMf34wnPHabF4CtA0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Tue, 08 Feb 2022 18:13:47 +0000 commit fdd61d3c059f5da4c447c4c3de93202f3ff86f56 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..21419e08c3 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index d5b538e4b6..2a2e093cff 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -384,8 +384,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fc4ef370a0..e271f76386 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1203,32 +1202,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1266,9 +1257,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 3983200e67..fe04d98fa1 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -136,6 +136,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index 44752bfdf6..c8745e1f31 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -632,6 +632,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index b252bb8631..9caecddfec 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:13:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:13:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268665.462587 (Exim 4.92) (envelope-from ) id 1nHV02-0001QW-Vs; Tue, 08 Feb 2022 18:13:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268665.462587; Tue, 08 Feb 2022 18:13:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV02-0001QO-SC; Tue, 08 Feb 2022 18:13:58 +0000 Received: by outflank-mailman (input) for mailman id 268665; Tue, 08 Feb 2022 18:13:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV01-0001QE-KI for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV01-00060O-Jd for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV01-0004rK-Il for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:13:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mvKWiZsZcLE2lb4oa4jvSLW6KvN1ra5LHJXdj41xEik=; b=AR0Ty6v9zF1myon0DdWjwD3c+v FfR30zpsGqILzZUnEa5NgrcyCvMEmAADryOeMVIus1RUZUZrBDStsXap8XtnZ06z/SE0CXDMdLc5q Uvgc/lmiPZYFVguooHBNdn6sx25IorL7tkNOy9JAM+fUoAw4EbzqDByjx5iABrAKWiAg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Tue, 08 Feb 2022 18:13:57 +0000 commit 8ae80402a20e6469f6497367b313f1f3a3f4d1b6 Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:14:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:14:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268666.462591 (Exim 4.92) (envelope-from ) id 1nHV0D-0001TX-2N; Tue, 08 Feb 2022 18:14:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268666.462591; Tue, 08 Feb 2022 18:14:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0C-0001TP-Vg; Tue, 08 Feb 2022 18:14:08 +0000 Received: by outflank-mailman (input) for mailman id 268666; Tue, 08 Feb 2022 18:14:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0B-0001TD-NV for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0B-00060l-Mh for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV0B-0004s2-M1 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SoGS4nBWcwW7fjamNze5n01b+zcUtPOcZxfuZJMo6HI=; b=qVbWPBAVwJi70NwQy89mEA4UUU kKoMw+PpZfOMpXleln0FLCcKnDRQOQhkWBbW8FOqKO8195LuS9H/gW7gwYqFoonGFnwMMqgeUsjxV +dU+d1U1IkZXPIRmrBofZas9/QDlsH/JcF1NWBVrAmFokt2t8Fm5zibxHanjozh0XEtU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Tue, 08 Feb 2022 18:14:07 +0000 commit d5d7a8f7e6a6cc459fb3d0bad1d3fe1b05debe54 Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 3ece83a427..443802b3d2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2307,7 +2307,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2315,19 +2317,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e271f76386..3edf650f01 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1185,11 +1185,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index e3d44813ff..e2d4ebead0 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -71,6 +71,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:14:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:14:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268667.462594 (Exim 4.92) (envelope-from ) id 1nHV0N-0001Wa-3w; Tue, 08 Feb 2022 18:14:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268667.462594; Tue, 08 Feb 2022 18:14:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0N-0001WU-14; Tue, 08 Feb 2022 18:14:19 +0000 Received: by outflank-mailman (input) for mailman id 268667; Tue, 08 Feb 2022 18:14:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0L-0001WD-QN for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0L-00060v-Pi for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV0L-0004sk-P7 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n+fZuxlf+1KbYKzsXEZTFew/2E5h6LZag6AqN2C4OQQ=; b=M+WBsIAv9wpxkf9K1RoxNaIv/g KZhE6dpeikFj7v54noZnCYxZkN2/Rhk0QrbPLCKP2jqyozQLFe+bJ5QhYp8mAoZSpDk6YrinMw3/x jlxXijtgCtMRyOQwv1rfSzuKkZEyGl0ta3gO/8H3SCizmtb1CZkmSD+NNKj+G4D2tCwU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Tue, 08 Feb 2022 18:14:17 +0000 commit 96c17e7cafc710d5e6fd1fa0aa9aa8c3cdd3376b Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4440fd6c5e..8c2564ca5c 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -192,6 +192,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 36f55e285b..0ded3148d3 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -434,6 +434,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 45b29542c5..64a5c6d351 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -293,6 +293,8 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:14:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:14:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268668.462598 (Exim 4.92) (envelope-from ) id 1nHV0X-0001ZK-5b; Tue, 08 Feb 2022 18:14:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268668.462598; Tue, 08 Feb 2022 18:14:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0X-0001ZC-2g; Tue, 08 Feb 2022 18:14:29 +0000 Received: by outflank-mailman (input) for mailman id 268668; Tue, 08 Feb 2022 18:14:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0V-0001Z3-Tx for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0V-00060z-TF for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV0V-0004tU-S6 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O52tlv5o2bwKujyG8eEF6B676f1XpR5K6crVozIyUTA=; b=RRQv9xjUIrpjcnoXZ8x6qNLbq7 G9Y2t//lil9vdOd1zm3Z+9xfCm5CvcjGJhLDrnVfUwGp/LqWY9Pe7SSibxXJu3srqpxSKys7RI9lQ MkEFbyycE/vn5ZbV5LX4+z25QfDs0k/++1YtKFbb3PA5smUp8FDy+2W7jdrzHL5YQIxI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Tue, 08 Feb 2022 18:14:27 +0000 commit 1ec097c35c4f402d7a3fbb05c2b9797afdc3f59c Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 9f55073f0a..9a4eb8015a 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -230,6 +230,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx-vnni", 0x00000007, 1, CPUID_REG_EAX, 4, 1}, {"avx512-bf16", 0x00000007, 1, CPUID_REG_EAX, 5, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 8c2564ca5c..12111fe12d 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -194,6 +194,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index de9953aac3..999ddf5107 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -428,7 +428,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3edf650f01..9301d95bd7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 64a5c6d351..9686c82ed7 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -294,6 +294,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 152ce1afb6..1e7020de46 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -285,7 +285,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:14:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:14:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268670.462603 (Exim 4.92) (envelope-from ) id 1nHV0i-0001cL-7e; Tue, 08 Feb 2022 18:14:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268670.462603; Tue, 08 Feb 2022 18:14:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0i-0001cD-4A; Tue, 08 Feb 2022 18:14:40 +0000 Received: by outflank-mailman (input) for mailman id 268670; Tue, 08 Feb 2022 18:14:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0g-0001bw-CJ for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0g-000613-BW for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV0g-0004vd-Aj for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2+tRFb0JXB2Wpc3lxYlKYQ9OBInSnHyz1iVTzp/Yado=; b=nlrk+g+BkLgQcqtXeqN2qbnbPt 3RMfiqav7LuASUmxYr8PPfp5ZwMOpBYumQhYHEuHYI8h630FiBm6IEEQfVGAUkatORdFj9C4EpLaU exNLIF7vTpocQQHjhhY93/Bl2h17llOuq7JEF9ZKE1mUw8HpE74Lf6bI25jtbglZ/Qcs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Tue, 08 Feb 2022 18:14:38 +0000 commit 6af894521e11ee5b94b6ffe271970fd4f7a889e9 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 8a37d863a8..5b1f38c8bf 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -366,7 +366,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -381,7 +381,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -391,53 +391,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index bd3a403182..b0b0ad10db 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -425,6 +425,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:14:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:14:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268671.462607 (Exim 4.92) (envelope-from ) id 1nHV0s-0001ff-Aa; Tue, 08 Feb 2022 18:14:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268671.462607; Tue, 08 Feb 2022 18:14:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0s-0001fX-7j; Tue, 08 Feb 2022 18:14:50 +0000 Received: by outflank-mailman (input) for mailman id 268671; Tue, 08 Feb 2022 18:14:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0q-0001fH-FK for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV0q-00061Z-Ef for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV0q-0004wd-Dy for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=swFXjibY4uIIfHGtmuMOhhX1NVAJ+UNFY7dK8L88Dv8=; b=aKIZ1jQvk3+sDQPFHfQ3+DM6zm Z6ZX6KBa5+XR3RFYZvpQ8Vx0ikJK7d0qPbzU9CkdGSYpKrShAwGobYwhuAEZ4r27T0BzCnhU8/SDe ARhEFvPf/FVOUs6VuRc2Ug+/R8micE7eKqwsPrBCuBYyub/N++L90lQX62HTNGSlmZRc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Tue, 08 Feb 2022 18:14:48 +0000 commit 08ec8c11d653c40f8ea9c7e9740b0718de01a3f7 Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index bfe20c0c5f..0b91dff2e3 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -188,6 +188,10 @@ static const char *const str_e21a[32] = [ 2] = "lfence+", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -206,6 +210,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 5b1f38c8bf..f1d5661b8b 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -432,7 +432,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index ceac28b0d1..01a30491e4 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -288,6 +288,8 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:15:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:15:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268672.462611 (Exim 4.92) (envelope-from ) id 1nHV12-0001iW-C7; Tue, 08 Feb 2022 18:15:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268672.462611; Tue, 08 Feb 2022 18:15:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV12-0001iM-9F; Tue, 08 Feb 2022 18:15:00 +0000 Received: by outflank-mailman (input) for mailman id 268672; Tue, 08 Feb 2022 18:14:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV10-0001i2-Ij for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV10-00061k-Hz for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV10-0004xI-H8 for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:14:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eC4TqS1UoFABGoToIdPIwgrINjnFZDUV8CINDYakRPA=; b=fKHRazVbBKayr6djsmmVN9mX43 JqvdCeGGfkeWrrVxLjx5UXmA0wThSRm+yRavvp1ClvejSzrGAt/Nr/jpXhX3yyt9dHYObt7GrT7ZE XEQM1rYvLm1xPdUELFVNvxrItvzq7s5QbHlriz/4twHxMszO+b6yF0yIIJ6Th3P/T5vI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Tue, 08 Feb 2022 18:14:58 +0000 commit 89eede61225c31efbe14a14711b57a2c01f08ca0 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5edb9aa965..774e0fcd35 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -299,8 +299,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..21419e08c3 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 7d535144ec..5abfae4c72 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -383,8 +383,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fc4ef370a0..e271f76386 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1203,32 +1202,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1266,9 +1257,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index a4900ef0c3..004cbdcb10 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -133,6 +133,7 @@ /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index f8e1e4d523..3ff7cc5807 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -632,6 +632,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_X86_PROCESSOR_H */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index b252bb8631..9caecddfec 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:15:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:15:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268673.462614 (Exim 4.92) (envelope-from ) id 1nHV1C-0001lz-DW; Tue, 08 Feb 2022 18:15:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268673.462614; Tue, 08 Feb 2022 18:15:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1C-0001lr-Ai; Tue, 08 Feb 2022 18:15:10 +0000 Received: by outflank-mailman (input) for mailman id 268673; Tue, 08 Feb 2022 18:15:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1A-0001lf-LX for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1A-00062E-Ks for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV1A-0004yG-KA for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3MdQD5Nu2ur3mtWM604P7MjD1RpKUXERHEwvoql+7LM=; b=rA+6bPYqx+IsK3J3nvUTgu5gVA bzqmg0cH1r5nYqffviIkmBN+QQbh6so0kcVhkLxcdkyXsO6KarY1K8Njs+oYrfFMAvdmcF6s3jHxe 58jVxuXAjUfjfhTEkqKBFbP8lHS7sSfZTc3t63b9VQvRjQ9zPHab2HC6/1RyArmg0N+8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Tue, 08 Feb 2022 18:15:08 +0000 commit 366d4424776bd869c01bfc67b047aa1c619844c5 Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:15:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:15:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268674.462619 (Exim 4.92) (envelope-from ) id 1nHV1M-0001oj-FU; Tue, 08 Feb 2022 18:15:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268674.462619; Tue, 08 Feb 2022 18:15:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1M-0001ob-CC; Tue, 08 Feb 2022 18:15:20 +0000 Received: by outflank-mailman (input) for mailman id 268674; Tue, 08 Feb 2022 18:15:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1K-0001oR-Od for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1K-00062I-Nt for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV1K-0004ym-NK for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=677Zrtw+T+AaC/fRzl95YHVXaB5t2qL02Sk0Xse1StQ=; b=Si95v6GhRUTIcXOEskBuOtQ3xF /B1vaHNt+Udc76ViQi9FYah0M+iRr/JDCOcxKsHJBZBKpL5QM/NcHhHasz/3gYqzlvFcwDRpQLFx9 PFKLoyRL2NwOZajZc2iKMuKElOqLXWiqmo+9OetgKcq0Vro/ER32IL6RXcmNakhYWQvE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Tue, 08 Feb 2022 18:15:18 +0000 commit 96e94760aed1e995b52d7a9e32e5159570895971 Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a889c23c64..fd8f825491 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2242,7 +2242,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2250,19 +2252,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e271f76386..3edf650f01 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1185,11 +1185,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9366386ef4..93f96e2ace 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -71,6 +71,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:15:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:15:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268675.462623 (Exim 4.92) (envelope-from ) id 1nHV1V-0001rb-Ie; Tue, 08 Feb 2022 18:15:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268675.462623; Tue, 08 Feb 2022 18:15:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1V-0001rT-Fk; Tue, 08 Feb 2022 18:15:29 +0000 Received: by outflank-mailman (input) for mailman id 268675; Tue, 08 Feb 2022 18:15:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1U-0001rI-RP for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1U-00062P-Qk for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV1U-0004zW-QA for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z+L+CvZdUMVekxWS/QwIyuu3fikG1zMDmGwXXJcruCk=; b=QfXBu8DyA3hoFzccfY6dF/BWsU lzFrUTA06zWmcR3srR/Q0Y8m6xEeAr06EfpXfot+zOb5QeZqAZPlt/cwl49u7705WgidfK6QhB+L9 M/BZZ/9et3zTK70tqhG0ywT6cOOmPhsA9n2X4X5KoB5O5CDssXgnlcDahuFTKulhaPB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Tue, 08 Feb 2022 18:15:28 +0000 commit 90565c9e5da809ab21ba3c72ad14740f179efb04 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0b91dff2e3..d2b1cd21b4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -192,6 +192,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index f1d5661b8b..b6672b56da 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -434,6 +434,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 01a30491e4..9f6c933151 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -290,6 +290,8 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Feb 08 18:15:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Feb 2022 18:15:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268676.462628 (Exim 4.92) (envelope-from ) id 1nHV1f-0001ue-Kf; Tue, 08 Feb 2022 18:15:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268676.462628; Tue, 08 Feb 2022 18:15:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1f-0001uW-HG; Tue, 08 Feb 2022 18:15:39 +0000 Received: by outflank-mailman (input) for mailman id 268676; Tue, 08 Feb 2022 18:15:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1e-0001uN-UY for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHV1e-00062U-Tq for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHV1e-000505-TB for xen-changelog@lists.xenproject.org; Tue, 08 Feb 2022 18:15:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z7b3JhB24/FEWHUfiG0O2HsBrOrREszYvB2LKWuTg1M=; b=gEob5CEMk5eMIOXp6pLp9SNTLU CNu6w1dutf6lkWjH5FTvji0qY/2CPHfhsPIh8i+YHOYLpTYtRSxVnauUXPqakdg7bJcNz+kkqqICW Da+F55wC4wJ+6lmKGHvYQdT/oA75JzdScJIK0Cscr0wyVBJ/iYu9LxjsOFeb7VdVj0CI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Tue, 08 Feb 2022 18:15:38 +0000 commit 496fb0be938a30971af05ffe0e58bb65643a0971 Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libxl/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index a06f7a6606..86c8d21555 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -227,6 +227,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-bf16", 0x00000007, 1, CPUID_REG_EAX, 5, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d2b1cd21b4..7ebf520a71 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -194,6 +194,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 02f8b554da..576235e507 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -368,7 +368,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3edf650f01..9301d95bd7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9f6c933151..c5af6f03cf 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -291,6 +291,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b0b0ad10db..e77672ddcd 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -285,7 +285,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268949.462867 (Exim 4.92) (envelope-from ) id 1nHkSA-0005ru-CP; Wed, 09 Feb 2022 10:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268949.462867; Wed, 09 Feb 2022 10:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSA-0005rm-9M; Wed, 09 Feb 2022 10:44:02 +0000 Received: by outflank-mailman (input) for mailman id 268949; Wed, 09 Feb 2022 10:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkS9-0005rQ-I1 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkS9-0001yK-FZ for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkS9-0002VR-Ea for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xsCoKTLrdge8Ttgs3wsLxG4oW/qgkrUa69v8IAP2SbI=; b=djSDaQU8RBpR7vzQXfMY80NOYY X+QEt/df9iPw4wip2zqE5aGY2G/K8MvUgvUSoww0irgSn8uvayPeCyXgp9dxf75mRgcf4D7cesypZ qQClgJ5FsQXfm+ev+uvaAdcNsw5EBwWT1ssUavZKuc52EslYvLUZvOWUm6LXNcxNSl8Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/include: generate a _xen_list.h file Message-Id: Date: Wed, 09 Feb 2022 10:44:01 +0000 commit 9b8dcd08e6a98d6e56c5cb8645bb3736d292ed80 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:34 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:51 2022 +0000 tools/include: generate a _xen_list.h file Today tools/include contains two basically identical header files generated from the same source. They just differ by the used name space and they are being generated from different Makefiles via a perl script. Prepare to have only one such header by using a more generic namespace "XEN" for _xen_list.h. As the original header hasn't been updated in the Xen tree since its introduction about 10 years ago, and the updates of FreeBSD side have mostly covered BSD internal debugging aids, just don't generate the new header during build, especially as using the current FreeBSD version of the file would require some updates of the perl script, which are potentially more work than just doing the needed editing by hand. Additionally this enables to remove the not needed debugging extensions of FreeBSD. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/Makefile | 2 + tools/include/_xen_list.h | 509 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 511 insertions(+) diff --git a/tools/include/Makefile b/tools/include/Makefile index d7b51006e0..d965987f55 100644 --- a/tools/include/Makefile +++ b/tools/include/Makefile @@ -70,11 +70,13 @@ install: all $(INSTALL_DATA) xen/io/*.h $(DESTDIR)$(includedir)/xen/io $(INSTALL_DATA) xen/sys/*.h $(DESTDIR)$(includedir)/xen/sys $(INSTALL_DATA) xen/xsm/*.h $(DESTDIR)$(includedir)/xen/xsm + $(INSTALL_DATA) _xen_list.h $(DESTDIR)$(includedir) .PHONY: uninstall uninstall: echo "[FIXME] uninstall headers" rm -rf $(DESTDIR)$(includedir)/xen + rm -f $(DESTDIR)$(includedir)/_xen_list.h .PHONY: clean clean: diff --git a/tools/include/_xen_list.h b/tools/include/_xen_list.h new file mode 100644 index 0000000000..ce246f95c9 --- /dev/null +++ b/tools/include/_xen_list.h @@ -0,0 +1,509 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + * $FreeBSD$ + */ + +#ifndef XEN__SYS_QUEUE_H_ +#define XEN__SYS_QUEUE_H_ + +/* #include */ + +/* + * This file defines four types of data structures: singly-linked lists, + * singly-linked tail queues, lists and tail queues. + * + * A singly-linked list is headed by a single forward pointer. The elements + * are singly linked for minimum space and pointer manipulation overhead at + * the expense of O(n) removal for arbitrary elements. New elements can be + * added to the list after an existing element or at the head of the list. + * Elements being removed from the head of the list should use the explicit + * macro for this purpose for optimum efficiency. A singly-linked list may + * only be traversed in the forward direction. Singly-linked lists are ideal + * for applications with large datasets and few or no removals or for + * implementing a LIFO queue. + * + * A singly-linked tail queue is headed by a pair of pointers, one to the + * head of the list and the other to the tail of the list. The elements are + * singly linked for minimum space and pointer manipulation overhead at the + * expense of O(n) removal for arbitrary elements. New elements can be added + * to the list after an existing element, at the head of the list, or at the + * end of the list. Elements being removed from the head of the tail queue + * should use the explicit macro for this purpose for optimum efficiency. + * A singly-linked tail queue may only be traversed in the forward direction. + * Singly-linked tail queues are ideal for applications with large datasets + * and few or no removals or for implementing a FIFO queue. + * + * A list is headed by a single forward pointer (or an array of forward + * pointers for a hash table header). The elements are doubly linked + * so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before + * or after an existing element or at the head of the list. A list + * may only be traversed in the forward direction. + * + * A tail queue is headed by a pair of pointers, one to the head of the + * list and the other to the tail of the list. The elements are doubly + * linked so that an arbitrary element can be removed without a need to + * traverse the list. New elements can be added to the list before or + * after an existing element, at the head of the list, or at the end of + * the list. A tail queue may be traversed in either direction. + * + * For details on the use of these macros, see the queue(3) manual page. + * + * + * XEN_SLIST XEN_LIST XEN_STAILQ XEN_TAILQ + * _HEAD + + + + + * _HEAD_INITIALIZER + + + + + * _ENTRY + + + + + * _INIT + + + + + * _EMPTY + + + + + * _FIRST + + + + + * _NEXT + + + + + * _PREV - - - + + * _LAST - - + + + * _FOREACH + + + + + * _FOREACH_SAFE + + + + + * _FOREACH_REVERSE - - - + + * _FOREACH_REVERSE_SAFE - - - + + * _INSERT_HEAD + + + + + * _INSERT_BEFORE - + - + + * _INSERT_AFTER + + + + + * _INSERT_TAIL - - + + + * _CONCAT - - + + + * _REMOVE_AFTER + - + - + * _REMOVE_HEAD + - + - + * _REMOVE + + + + + * _SWAP + + + + + * + */ + +/* + * Singly-linked List declarations. + */ +#define XEN_SLIST_HEAD(name, type) \ +struct name { \ + type *slh_first; /* first element */ \ +} + +#define XEN_SLIST_HEAD_INITIALIZER(head) \ + { 0 } + +#define XEN_SLIST_ENTRY(type) \ +struct { \ + type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List functions. + */ +#define XEN_SLIST_EMPTY(head) ((head)->slh_first == 0) + +#define XEN_SLIST_FIRST(head) ((head)->slh_first) + +#define XEN_SLIST_FOREACH(var, head, field) \ + for ((var) = XEN_SLIST_FIRST((head)); \ + (var); \ + (var) = XEN_SLIST_NEXT((var), field)) + +#define XEN_SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_SLIST_FIRST((head)); \ + (var) && ((tvar) = XEN_SLIST_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_SLIST_FOREACH_PREVPTR(var, varp, head, field) \ + for ((varp) = &XEN_SLIST_FIRST((head)); \ + ((var) = *(varp)) != 0; \ + (varp) = &XEN_SLIST_NEXT((var), field)) + +#define XEN_SLIST_INIT(head) do { \ + XEN_SLIST_FIRST((head)) = 0; \ +} while (0) + +#define XEN_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + XEN_SLIST_NEXT((elm), field) = XEN_SLIST_NEXT((slistelm), field);\ + XEN_SLIST_NEXT((slistelm), field) = (elm); \ +} while (0) + +#define XEN_SLIST_INSERT_HEAD(head, elm, field) do { \ + XEN_SLIST_NEXT((elm), field) = XEN_SLIST_FIRST((head)); \ + XEN_SLIST_FIRST((head)) = (elm); \ +} while (0) + +#define XEN_SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#define XEN_SLIST_REMOVE(head, elm, type, field) do { \ + if (XEN_SLIST_FIRST((head)) == (elm)) { \ + XEN_SLIST_REMOVE_HEAD((head), field); \ + } \ + else { \ + type *curelm = XEN_SLIST_FIRST((head)); \ + while (XEN_SLIST_NEXT(curelm, field) != (elm)) \ + curelm = XEN_SLIST_NEXT(curelm, field); \ + XEN_SLIST_REMOVE_AFTER(curelm, field); \ + } \ +} while (0) + +#define XEN_SLIST_REMOVE_AFTER(elm, field) do { \ + XEN_SLIST_NEXT(elm, field) = \ + XEN_SLIST_NEXT(XEN_SLIST_NEXT(elm, field), field); \ +} while (0) + +#define XEN_SLIST_REMOVE_HEAD(head, field) do { \ + XEN_SLIST_FIRST((head)) = XEN_SLIST_NEXT(XEN_SLIST_FIRST((head)), field);\ +} while (0) + +#define XEN_SLIST_SWAP(head1, head2, type) do { \ + type *swap_first = XEN_SLIST_FIRST(head1); \ + XEN_SLIST_FIRST(head1) = XEN_SLIST_FIRST(head2); \ + XEN_SLIST_FIRST(head2) = swap_first; \ +} while (0) + +/* + * Singly-linked Tail queue declarations. + */ +#define XEN_STAILQ_HEAD(name, type) \ +struct name { \ + type *stqh_first;/* first element */ \ + type **stqh_last;/* addr of last next element */ \ +} + +#define XEN_STAILQ_HEAD_INITIALIZER(head) \ + { 0, &(head).stqh_first } + +#define XEN_STAILQ_ENTRY(type) \ +struct { \ + type *stqe_next; /* next element */ \ +} + +/* + * Singly-linked Tail queue functions. + */ +#define XEN_STAILQ_CONCAT(head1, head2) do { \ + if (!XEN_STAILQ_EMPTY((head2))) { \ + *(head1)->stqh_last = (head2)->stqh_first; \ + (head1)->stqh_last = (head2)->stqh_last; \ + XEN_STAILQ_INIT((head2)); \ + } \ +} while (0) + +#define XEN_STAILQ_EMPTY(head) ((head)->stqh_first == 0) + +#define XEN_STAILQ_FIRST(head) ((head)->stqh_first) + +#define XEN_STAILQ_FOREACH(var, head, field) \ + for((var) = XEN_STAILQ_FIRST((head)); \ + (var); \ + (var) = XEN_STAILQ_NEXT((var), field)) + + +#define XEN_STAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_STAILQ_FIRST((head)); \ + (var) && ((tvar) = XEN_STAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_STAILQ_INIT(head) do { \ + XEN_STAILQ_FIRST((head)) = 0; \ + (head)->stqh_last = &XEN_STAILQ_FIRST((head)); \ +} while (0) + +#define XEN_STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ + if ((XEN_STAILQ_NEXT((elm), field) = XEN_STAILQ_NEXT((tqelm), field)) == 0)\ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ + XEN_STAILQ_NEXT((tqelm), field) = (elm); \ +} while (0) + +#define XEN_STAILQ_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_STAILQ_NEXT((elm), field) = XEN_STAILQ_FIRST((head))) == 0)\ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ + XEN_STAILQ_FIRST((head)) = (elm); \ +} while (0) + +#define XEN_STAILQ_INSERT_TAIL(head, elm, field) do { \ + XEN_STAILQ_NEXT((elm), field) = 0; \ + *(head)->stqh_last = (elm); \ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_STAILQ_LAST(head, type, field) \ + (XEN_STAILQ_EMPTY((head)) ? \ + 0 : \ + ((type *)(void *) \ + ((char *)((head)->stqh_last) - offsetof(type, field)))) + +#define XEN_STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) + +#define XEN_STAILQ_REMOVE(head, elm, type, field) do { \ + if (XEN_STAILQ_FIRST((head)) == (elm)) { \ + XEN_STAILQ_REMOVE_HEAD((head), field); \ + } \ + else { \ + type *curelm = XEN_STAILQ_FIRST((head)); \ + while (XEN_STAILQ_NEXT(curelm, field) != (elm)) \ + curelm = XEN_STAILQ_NEXT(curelm, field); \ + XEN_STAILQ_REMOVE_AFTER(head, curelm, field); \ + } \ +} while (0) + +#define XEN_STAILQ_REMOVE_AFTER(head, elm, field) do { \ + if ((XEN_STAILQ_NEXT(elm, field) = \ + XEN_STAILQ_NEXT(XEN_STAILQ_NEXT(elm, field), field)) == 0) \ + (head)->stqh_last = &XEN_STAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_STAILQ_REMOVE_HEAD(head, field) do { \ + if ((XEN_STAILQ_FIRST((head)) = \ + XEN_STAILQ_NEXT(XEN_STAILQ_FIRST((head)), field)) == 0) \ + (head)->stqh_last = &XEN_STAILQ_FIRST((head)); \ +} while (0) + +#define XEN_STAILQ_SWAP(head1, head2, type) do { \ + type *swap_first = XEN_STAILQ_FIRST(head1); \ + type **swap_last = (head1)->stqh_last; \ + XEN_STAILQ_FIRST(head1) = XEN_STAILQ_FIRST(head2); \ + (head1)->stqh_last = (head2)->stqh_last; \ + XEN_STAILQ_FIRST(head2) = swap_first; \ + (head2)->stqh_last = swap_last; \ + if (XEN_STAILQ_EMPTY(head1)) \ + (head1)->stqh_last = &XEN_STAILQ_FIRST(head1); \ + if (XEN_STAILQ_EMPTY(head2)) \ + (head2)->stqh_last = &XEN_STAILQ_FIRST(head2); \ +} while (0) + + +/* + * List declarations. + */ +#define XEN_LIST_HEAD(name, type) \ +struct name { \ + type *lh_first; /* first element */ \ +} + +#define XEN_LIST_HEAD_INITIALIZER(head) \ + { 0 } + +#define XEN_LIST_ENTRY(type) \ +struct { \ + type *le_next; /* next element */ \ + type **le_prev; /* address of previous next element */ \ +} + +/* + * List functions. + */ + +#define XEN_LIST_EMPTY(head) ((head)->lh_first == 0) + +#define XEN_LIST_FIRST(head) ((head)->lh_first) + +#define XEN_LIST_FOREACH(var, head, field) \ + for ((var) = XEN_LIST_FIRST((head)); \ + (var); \ + (var) = XEN_LIST_NEXT((var), field)) + +#define XEN_LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_LIST_FIRST((head)); \ + (var) && ((tvar) = XEN_LIST_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_LIST_INIT(head) do { \ + XEN_LIST_FIRST((head)) = 0; \ +} while (0) + +#define XEN_LIST_INSERT_AFTER(listelm, elm, field) do { \ + if ((XEN_LIST_NEXT((elm), field) = XEN_LIST_NEXT((listelm), field)) != 0)\ + XEN_LIST_NEXT((listelm), field)->field.le_prev = \ + &XEN_LIST_NEXT((elm), field); \ + XEN_LIST_NEXT((listelm), field) = (elm); \ + (elm)->field.le_prev = &XEN_LIST_NEXT((listelm), field); \ +} while (0) + +#define XEN_LIST_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.le_prev = (listelm)->field.le_prev; \ + XEN_LIST_NEXT((elm), field) = (listelm); \ + *(listelm)->field.le_prev = (elm); \ + (listelm)->field.le_prev = &XEN_LIST_NEXT((elm), field); \ +} while (0) + +#define XEN_LIST_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_LIST_NEXT((elm), field) = XEN_LIST_FIRST((head))) != 0)\ + XEN_LIST_FIRST((head))->field.le_prev = &XEN_LIST_NEXT((elm), field);\ + XEN_LIST_FIRST((head)) = (elm); \ + (elm)->field.le_prev = &XEN_LIST_FIRST((head)); \ +} while (0) + +#define XEN_LIST_NEXT(elm, field) ((elm)->field.le_next) + +#define XEN_LIST_REMOVE(elm, field) do { \ + if (XEN_LIST_NEXT((elm), field) != 0) \ + XEN_LIST_NEXT((elm), field)->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = XEN_LIST_NEXT((elm), field); \ +} while (0) + +#define XEN_LIST_SWAP(head1, head2, type, field) do { \ + type *swap_tmp = XEN_LIST_FIRST((head1)); \ + XEN_LIST_FIRST((head1)) = XEN_LIST_FIRST((head2)); \ + XEN_LIST_FIRST((head2)) = swap_tmp; \ + if ((swap_tmp = XEN_LIST_FIRST((head1))) != 0) \ + swap_tmp->field.le_prev = &XEN_LIST_FIRST((head1)); \ + if ((swap_tmp = XEN_LIST_FIRST((head2))) != 0) \ + swap_tmp->field.le_prev = &XEN_LIST_FIRST((head2)); \ +} while (0) + +/* + * Tail queue declarations. + */ +#define XEN_TAILQ_HEAD(name, type) \ +struct name { \ + type *tqh_first; /* first element */ \ + type **tqh_last; /* addr of last next element */ \ +} + +#define XEN_TAILQ_HEAD_INITIALIZER(head) \ + { 0, &(head).tqh_first } + +#define XEN_TAILQ_ENTRY(type) \ +struct { \ + type *tqe_next; /* next element */ \ + type **tqe_prev; /* address of previous next element */ \ +} + +/* + * Tail queue functions. + */ + +#define XEN_TAILQ_CONCAT(head1, head2, field) do { \ + if (!XEN_TAILQ_EMPTY(head2)) { \ + *(head1)->tqh_last = (head2)->tqh_first; \ + (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ + (head1)->tqh_last = (head2)->tqh_last; \ + XEN_TAILQ_INIT((head2)); \ + } \ +} while (0) + +#define XEN_TAILQ_EMPTY(head) ((head)->tqh_first == 0) + +#define XEN_TAILQ_FIRST(head) ((head)->tqh_first) + +#define XEN_TAILQ_FOREACH(var, head, field) \ + for ((var) = XEN_TAILQ_FIRST((head)); \ + (var); \ + (var) = XEN_TAILQ_NEXT((var), field)) + +#define XEN_TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = XEN_TAILQ_FIRST((head)); \ + (var) && ((tvar) = XEN_TAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) + +#define XEN_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for ((var) = XEN_TAILQ_LAST((head), headname); \ + (var); \ + (var) = XEN_TAILQ_PREV((var), headname, field)) + +#define XEN_TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ + for ((var) = XEN_TAILQ_LAST((head), headname); \ + (var) && ((tvar) = XEN_TAILQ_PREV((var), headname, field), 1);\ + (var) = (tvar)) + +#define XEN_TAILQ_INIT(head) do { \ + XEN_TAILQ_FIRST((head)) = 0; \ + (head)->tqh_last = &XEN_TAILQ_FIRST((head)); \ +} while (0) + +#define XEN_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field) = XEN_TAILQ_NEXT((listelm), field)) != 0)\ + XEN_TAILQ_NEXT((elm), field)->field.tqe_prev = \ + &XEN_TAILQ_NEXT((elm), field); \ + else { \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ + } \ + XEN_TAILQ_NEXT((listelm), field) = (elm); \ + (elm)->field.tqe_prev = &XEN_TAILQ_NEXT((listelm), field); \ +} while (0) + +#define XEN_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + XEN_TAILQ_NEXT((elm), field) = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_INSERT_HEAD(head, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field) = XEN_TAILQ_FIRST((head))) != 0)\ + XEN_TAILQ_FIRST((head))->field.tqe_prev = \ + &XEN_TAILQ_NEXT((elm), field); \ + else \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ + XEN_TAILQ_FIRST((head)) = (elm); \ + (elm)->field.tqe_prev = &XEN_TAILQ_FIRST((head)); \ +} while (0) + +#define XEN_TAILQ_INSERT_TAIL(head, elm, field) do { \ + XEN_TAILQ_NEXT((elm), field) = 0; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) + +#define XEN_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) + +#define XEN_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + +#define XEN_TAILQ_REMOVE(head, elm, field) do { \ + if ((XEN_TAILQ_NEXT((elm), field)) != 0) \ + XEN_TAILQ_NEXT((elm), field)->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else { \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + } \ + *(elm)->field.tqe_prev = XEN_TAILQ_NEXT((elm), field); \ +} while (0) + +#define XEN_TAILQ_SWAP(head1, head2, type, field) do { \ + type *swap_first = (head1)->tqh_first; \ + type **swap_last = (head1)->tqh_last; \ + (head1)->tqh_first = (head2)->tqh_first; \ + (head1)->tqh_last = (head2)->tqh_last; \ + (head2)->tqh_first = swap_first; \ + (head2)->tqh_last = swap_last; \ + if ((swap_first = (head1)->tqh_first) != 0) \ + swap_first->field.tqe_prev = &(head1)->tqh_first; \ + else \ + (head1)->tqh_last = &(head1)->tqh_first; \ + if ((swap_first = (head2)->tqh_first) != 0) \ + swap_first->field.tqe_prev = &(head2)->tqh_first; \ + else \ + (head2)->tqh_last = &(head2)->tqh_first; \ +} while (0) + +#endif /* !XEN__SYS_QUEUE_H_ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268950.462872 (Exim 4.92) (envelope-from ) id 1nHkSK-0005uH-G1; Wed, 09 Feb 2022 10:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268950.462872; Wed, 09 Feb 2022 10:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSK-0005u9-CW; Wed, 09 Feb 2022 10:44:12 +0000 Received: by outflank-mailman (input) for mailman id 268950; Wed, 09 Feb 2022 10:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSJ-0005tu-L2 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSJ-0001yO-Jv for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkSJ-0002Wf-Iq for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m6PMZZAzIJLTih+7kiHpu7Iwvq07UkNv1Qga+ZvE/R0=; b=AYcrU8j5Xt+6yfkAnSYlJeZnqw xYuPC2seyhkVysdX06QlJqx4G4xzPhJXkTqr3yJMoEjEXMPNYlFFuObaXGWK+g7tTbWioell4MXvy M6pQ2HjGXLbQIpEDfKyAfUD53fUyq8gu6j4eGi9na3Ersf85+LO7M5SrzkL38/OQYt+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/light: replace _libxl_list.h with _xen_list.h Message-Id: Date: Wed, 09 Feb 2022 10:44:11 +0000 commit 9096f0e01e4ce24feb3a5e362fe547fceddb0d2d Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:35 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:52 2022 +0000 tools/libs/light: replace _libxl_list.h with _xen_list.h Remove generating _libxl_list.h and use the common _xen_list.h instead. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/libxl.h | 4 +- tools/libs/light/Makefile | 10 +-- tools/libs/light/libxl.c | 40 +++++------ tools/libs/light/libxl_aoutils.c | 20 +++--- tools/libs/light/libxl_device.c | 27 ++++---- tools/libs/light/libxl_disk.c | 4 +- tools/libs/light/libxl_domain.c | 18 ++--- tools/libs/light/libxl_event.c | 128 +++++++++++++++++------------------ tools/libs/light/libxl_fork.c | 44 ++++++------ tools/libs/light/libxl_internal.h | 86 +++++++++++------------ tools/libs/light/libxl_qmp.c | 19 +++--- tools/libs/light/libxl_stream_read.c | 20 +++--- 12 files changed, 206 insertions(+), 214 deletions(-) diff --git a/tools/include/libxl.h b/tools/include/libxl.h index 2bbbd21f0b..51a9b6cfac 100644 --- a/tools/include/libxl.h +++ b/tools/include/libxl.h @@ -747,7 +747,7 @@ typedef struct libxl__ctx libxl_ctx; #include -#include <_libxl_list.h> +#include <_xen_list.h> /* API compatibility. */ #ifdef LIBXL_API_VERSION @@ -1448,7 +1448,7 @@ typedef struct { } libxl_enum_string_table; struct libxl_event; -typedef LIBXL_TAILQ_ENTRY(struct libxl_event) libxl_ev_link; +typedef XEN_TAILQ_ENTRY(struct libxl_event) libxl_ev_link; /* * A boolean variable with an explicit default state. diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index be32d95d39..5642955672 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -153,14 +153,14 @@ LIBXL_TEST_OBJS += $(foreach t, $(LIBXL_TESTS_INSIDE),libxl_test_$t.opic) TEST_PROG_OBJS += $(foreach t, $(LIBXL_TESTS_PROGS),test_$t.o) test_common.o TEST_PROGS += $(foreach t, $(LIBXL_TESTS_PROGS),test_$t) -AUTOINCS = $(XEN_INCLUDE)/_libxl_list.h _libxl_save_msgs_callout.h _libxl_save_msgs_helper.h +AUTOINCS = _libxl_save_msgs_callout.h _libxl_save_msgs_helper.h AUTOSRCS = _libxl_save_msgs_callout.c _libxl_save_msgs_helper.c CLIENTS = testidl libxl-save-helper SAVE_HELPER_OBJS = libxl_save_helper.o _libxl_save_msgs_helper.o -LIBHEADER := libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h _libxl_list.h libxl_utils.h libxl_uuid.h +LIBHEADER := libxl.h libxl_event.h libxl_json.h _libxl_types.h _libxl_types_json.h libxl_utils.h libxl_uuid.h NO_HEADERS_CHK := y @@ -201,17 +201,13 @@ _libxl.api-for-check: $(XEN_INCLUDE)/libxl.h $(AUTOINCS) >$@.new mv -f $@.new $@ -$(XEN_INCLUDE)/_libxl_list.h: $(XEN_INCLUDE)/xen-external/bsd-sys-queue-h-seddery $(XEN_INCLUDE)/xen-external/bsd-sys-queue.h - $(PERL) $^ --prefix=libxl >$(notdir $@).new - $(call move-if-changed,$(notdir $@).new,$@) - _libxl_save_msgs_helper.c _libxl_save_msgs_callout.c \ _libxl_save_msgs_helper.h _libxl_save_msgs_callout.h: \ libxl_save_msgs_gen.pl $(PERL) -w $< $@ >$@.new $(call move-if-changed,$@.new,$@) -$(XEN_INCLUDE)/libxl.h: $(XEN_INCLUDE)/_libxl_types.h $(XEN_INCLUDE)/_libxl_list.h +$(XEN_INCLUDE)/libxl.h: $(XEN_INCLUDE)/_libxl_types.h $(XEN_INCLUDE)/libxl_json.h: $(XEN_INCLUDE)/_libxl_types_json.h libxl_internal.h: _libxl_types_internal.h _libxl_types_private.h _libxl_types_internal_private.h libxl_internal_json.h: _libxl_types_internal_json.h diff --git a/tools/libs/light/libxl.c b/tools/libs/light/libxl.c index 667ae6409b..a0bf7d186f 100644 --- a/tools/libs/light/libxl.c +++ b/tools/libs/light/libxl.c @@ -41,29 +41,29 @@ int libxl_ctx_alloc(libxl_ctx **pctx, int version, ctx->nogc_gc.alloc_maxsize = -1; ctx->nogc_gc.owner = ctx; - LIBXL_TAILQ_INIT(&ctx->occurred); + XEN_TAILQ_INIT(&ctx->occurred); ctx->osevent_hooks = 0; ctx->poller_app = 0; - LIBXL_LIST_INIT(&ctx->pollers_event); - LIBXL_LIST_INIT(&ctx->pollers_idle); - LIBXL_LIST_INIT(&ctx->pollers_active); + XEN_LIST_INIT(&ctx->pollers_event); + XEN_LIST_INIT(&ctx->pollers_idle); + XEN_LIST_INIT(&ctx->pollers_active); - LIBXL_LIST_INIT(&ctx->efds); - LIBXL_TAILQ_INIT(&ctx->etimes); + XEN_LIST_INIT(&ctx->efds); + XEN_TAILQ_INIT(&ctx->etimes); ctx->watch_slots = 0; - LIBXL_SLIST_INIT(&ctx->watch_freeslots); + XEN_SLIST_INIT(&ctx->watch_freeslots); libxl__ev_fd_init(&ctx->watch_efd); ctx->xce = 0; - LIBXL_LIST_INIT(&ctx->evtchns_waiting); + XEN_LIST_INIT(&ctx->evtchns_waiting); libxl__ev_fd_init(&ctx->evtchn_efd); - LIBXL_LIST_INIT(&ctx->aos_inprogress); + XEN_LIST_INIT(&ctx->aos_inprogress); - LIBXL_TAILQ_INIT(&ctx->death_list); + XEN_TAILQ_INIT(&ctx->death_list); libxl__ev_xswatch_init(&ctx->death_watch); ctx->childproc_hooks = &libxl__childproc_default_hooks; @@ -122,14 +122,14 @@ int libxl_ctx_alloc(libxl_ctx **pctx, int version, static void free_disable_deaths(libxl__gc *gc, struct libxl__evgen_domain_death_list *l) { libxl_evgen_domain_death *death; - while ((death = LIBXL_TAILQ_FIRST(l))) + while ((death = XEN_TAILQ_FIRST(l))) libxl__evdisable_domain_death(gc, death); } static void discard_events(struct libxl__event_list *l) { /* doesn't bother unlinking from the list, so l is corrupt on return */ libxl_event *ev, *next; - LIBXL_TAILQ_FOREACH_SAFE(ev, l, link, next) + XEN_TAILQ_FOREACH_SAFE(ev, l, link, next) libxl_event_free(0, ev); } @@ -150,7 +150,7 @@ int libxl_ctx_free(libxl_ctx *ctx) free_disable_deaths(gc, &CTX->death_reported); libxl_evgen_disk_eject *eject; - while ((eject = LIBXL_LIST_FIRST(&CTX->disk_eject_evgens))) + while ((eject = XEN_LIST_FIRST(&CTX->disk_eject_evgens))) libxl__evdisable_disk_eject(gc, eject); libxl_childproc_setmode(CTX,0,0); @@ -162,10 +162,10 @@ int libxl_ctx_free(libxl_ctx *ctx) /* Now there should be no more events requested from the application: */ - assert(LIBXL_LIST_EMPTY(&ctx->efds)); - assert(LIBXL_TAILQ_EMPTY(&ctx->etimes)); - assert(LIBXL_LIST_EMPTY(&ctx->evtchns_waiting)); - assert(LIBXL_LIST_EMPTY(&ctx->aos_inprogress)); + assert(XEN_LIST_EMPTY(&ctx->efds)); + assert(XEN_TAILQ_EMPTY(&ctx->etimes)); + assert(XEN_LIST_EMPTY(&ctx->evtchns_waiting)); + assert(XEN_LIST_EMPTY(&ctx->aos_inprogress)); if (ctx->xch) xc_interface_close(ctx->xch); libxl_version_info_dispose(&ctx->version_info); @@ -174,10 +174,10 @@ int libxl_ctx_free(libxl_ctx *ctx) libxl__poller_put(ctx, ctx->poller_app); ctx->poller_app = NULL; - assert(LIBXL_LIST_EMPTY(&ctx->pollers_event)); - assert(LIBXL_LIST_EMPTY(&ctx->pollers_active)); + assert(XEN_LIST_EMPTY(&ctx->pollers_event)); + assert(XEN_LIST_EMPTY(&ctx->pollers_active)); libxl__poller *poller, *poller_tmp; - LIBXL_LIST_FOREACH_SAFE(poller, &ctx->pollers_idle, entry, poller_tmp) { + XEN_LIST_FOREACH_SAFE(poller, &ctx->pollers_idle, entry, poller_tmp) { libxl__poller_dispose(poller); free(poller); } diff --git a/tools/libs/light/libxl_aoutils.c b/tools/libs/light/libxl_aoutils.c index c4c095a5ba..c2d42e7cac 100644 --- a/tools/libs/light/libxl_aoutils.c +++ b/tools/libs/light/libxl_aoutils.c @@ -106,7 +106,7 @@ void libxl__datacopier_init(libxl__datacopier_state *dc) libxl__ao_abortable_init(&dc->abrt); libxl__ev_fd_init(&dc->toread); libxl__ev_fd_init(&dc->towrite); - LIBXL_TAILQ_INIT(&dc->bufs); + XEN_TAILQ_INIT(&dc->bufs); } void libxl__datacopier_kill(libxl__datacopier_state *dc) @@ -117,9 +117,9 @@ void libxl__datacopier_kill(libxl__datacopier_state *dc) libxl__ao_abortable_deregister(&dc->abrt); libxl__ev_fd_deregister(gc, &dc->toread); libxl__ev_fd_deregister(gc, &dc->towrite); - LIBXL_TAILQ_FOREACH_SAFE(buf, &dc->bufs, entry, tbuf) + XEN_TAILQ_FOREACH_SAFE(buf, &dc->bufs, entry, tbuf) free(buf); - LIBXL_TAILQ_INIT(&dc->bufs); + XEN_TAILQ_INIT(&dc->bufs); } static void datacopier_callback(libxl__egc *egc, libxl__datacopier_state *dc, @@ -182,7 +182,7 @@ void libxl__datacopier_prefixdata(libxl__egc *egc, libxl__datacopier_state *dc, memcpy(buf->buf, ptr, buf->used); dc->used += buf->used; - LIBXL_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); + XEN_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); } } @@ -235,18 +235,18 @@ static void datacopier_readable(libxl__egc *egc, libxl__ev_fd *ev, r = read(ev->fd, dc->readbuf + dc->used, dc->bytes_to_read); } else { while (dc->used >= dc->maxsz) { - libxl__datacopier_buf *rm = LIBXL_TAILQ_FIRST(&dc->bufs); + libxl__datacopier_buf *rm = XEN_TAILQ_FIRST(&dc->bufs); dc->used -= rm->used; assert(dc->used >= 0); - LIBXL_TAILQ_REMOVE(&dc->bufs, rm, entry); + XEN_TAILQ_REMOVE(&dc->bufs, rm, entry); free(rm); } - buf = LIBXL_TAILQ_LAST(&dc->bufs, libxl__datacopier_bufs); + buf = XEN_TAILQ_LAST(&dc->bufs, libxl__datacopier_bufs); if (!buf || buf->used >= sizeof(buf->buf)) { buf = libxl__malloc(NOGC, sizeof(*buf)); buf->used = 0; - LIBXL_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); + XEN_TAILQ_INSERT_TAIL(&dc->bufs, buf, entry); } r = read(ev->fd, buf->buf + buf->used, min_t(size_t, sizeof(buf->buf) - buf->used, @@ -331,11 +331,11 @@ static void datacopier_writable(libxl__egc *egc, libxl__ev_fd *ev, } assert(revents & POLLOUT); for (;;) { - libxl__datacopier_buf *buf = LIBXL_TAILQ_FIRST(&dc->bufs); + libxl__datacopier_buf *buf = XEN_TAILQ_FIRST(&dc->bufs); if (!buf) break; if (!buf->used) { - LIBXL_TAILQ_REMOVE(&dc->bufs, buf, entry); + XEN_TAILQ_REMOVE(&dc->bufs, buf, entry); free(buf); continue; } diff --git a/tools/libs/light/libxl_device.c b/tools/libs/light/libxl_device.c index 36c4e41e4d..e6025d135e 100644 --- a/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c @@ -1476,7 +1476,7 @@ static void qdisk_spawn_outcome(libxl__egc *egc, libxl__dm_spawn_state *dmss, */ typedef struct libxl__ddomain_device { libxl__device *dev; - LIBXL_SLIST_ENTRY(struct libxl__ddomain_device) next; + XEN_SLIST_ENTRY(struct libxl__ddomain_device) next; } libxl__ddomain_device; /* @@ -1485,8 +1485,8 @@ typedef struct libxl__ddomain_device { typedef struct libxl__ddomain_guest { uint32_t domid; int num_qdisks; - LIBXL_SLIST_HEAD(, struct libxl__ddomain_device) devices; - LIBXL_SLIST_ENTRY(struct libxl__ddomain_guest) next; + XEN_SLIST_HEAD(, struct libxl__ddomain_device) devices; + XEN_SLIST_ENTRY(struct libxl__ddomain_guest) next; } libxl__ddomain_guest; /* @@ -1496,7 +1496,7 @@ typedef struct libxl__ddomain_guest { typedef struct { libxl__ao *ao; libxl__ev_xswatch watch; - LIBXL_SLIST_HEAD(, struct libxl__ddomain_guest) guests; + XEN_SLIST_HEAD(, struct libxl__ddomain_guest) guests; } libxl__ddomain; static libxl__ddomain_guest *search_for_guest(libxl__ddomain *ddomain, @@ -1504,7 +1504,7 @@ static libxl__ddomain_guest *search_for_guest(libxl__ddomain *ddomain, { libxl__ddomain_guest *dguest; - LIBXL_SLIST_FOREACH(dguest, &ddomain->guests, next) { + XEN_SLIST_FOREACH(dguest, &ddomain->guests, next) { if (dguest->domid == domid) return dguest; } @@ -1516,7 +1516,7 @@ static libxl__ddomain_device *search_for_device(libxl__ddomain_guest *dguest, { libxl__ddomain_device *ddev; - LIBXL_SLIST_FOREACH(ddev, &dguest->devices, next) { + XEN_SLIST_FOREACH(ddev, &dguest->devices, next) { #define LIBXL_DEVICE_CMP(dev1, dev2, entry) (dev1->entry == dev2->entry) if (LIBXL_DEVICE_CMP(ddev->dev, dev, backend_devid) && LIBXL_DEVICE_CMP(ddev->dev, dev, backend_domid) && @@ -1537,8 +1537,8 @@ static void check_and_maybe_remove_guest(libxl__gc *gc, { assert(ddomain); - if (dguest != NULL && LIBXL_SLIST_FIRST(&dguest->devices) == NULL) { - LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, + if (dguest != NULL && XEN_SLIST_FIRST(&dguest->devices) == NULL) { + XEN_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, next); LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests"); /* Clear any leftovers in libxl/ */ @@ -1572,7 +1572,7 @@ static int add_device(libxl__egc *egc, libxl__ao *ao, ddev = libxl__zalloc(NOGC, sizeof(*ddev)); ddev->dev = libxl__zalloc(NOGC, sizeof(*ddev->dev)); *ddev->dev = *dev; - LIBXL_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); + XEN_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); LOGD(DEBUG, dev->domid, "Added device %s to the list of active devices", libxl__device_backend_path(gc, dev)); @@ -1649,8 +1649,7 @@ static int remove_device(libxl__egc *egc, libxl__ao *ao, * above or from add_device make a copy of the data they use, so * there's no risk of dereferencing. */ - LIBXL_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, - next); + XEN_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, next); LOGD(DEBUG, dev->domid, "Removed device %s from the list of active devices", libxl__device_backend_path(gc, dev)); @@ -1716,8 +1715,8 @@ static void backend_watch_callback(libxl__egc *egc, libxl__ev_xswatch *watch, /* Create a new guest struct and initialize it */ dguest = libxl__zalloc(NOGC, sizeof(*dguest)); dguest->domid = dev->domid; - LIBXL_SLIST_INIT(&dguest->devices); - LIBXL_SLIST_INSERT_HEAD(&ddomain->guests, dguest, next); + XEN_SLIST_INIT(&dguest->devices); + XEN_SLIST_INSERT_HEAD(&ddomain->guests, dguest, next); LOGD(DEBUG, dguest->domid, "Added domain to the list of active guests"); } ddev = search_for_device(dguest, dev); @@ -1766,7 +1765,7 @@ int libxl_device_events_handler(libxl_ctx *ctx, int i, j, k; ddomain.ao = ao; - LIBXL_SLIST_INIT(&ddomain.guests); + XEN_SLIST_INIT(&ddomain.guests); rc = libxl__get_domid(gc, &domid); if (rc) { diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index 93936d0dd0..a5ca77850f 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -88,7 +88,7 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t guest_domid, memset(evg, 0, sizeof(*evg)); evg->user = user; evg->domid = guest_domid; - LIBXL_LIST_INSERT_HEAD(&CTX->disk_eject_evgens, evg, entry); + XEN_LIST_INSERT_HEAD(&CTX->disk_eject_evgens, evg, entry); uint32_t domid = libxl_get_stubdom_id(ctx, guest_domid); @@ -133,7 +133,7 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t guest_domid, void libxl__evdisable_disk_eject(libxl__gc *gc, libxl_evgen_disk_eject *evg) { CTX_LOCK; - LIBXL_LIST_REMOVE(evg, entry); + XEN_LIST_REMOVE(evg, entry); if (libxl__ev_xswatch_isregistered(&evg->watch)) libxl__ev_xswatch_deregister(gc, &evg->watch); diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index d438232117..7f0986c185 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -867,7 +867,7 @@ static void domain_death_occurred(libxl__egc *egc, LOGD(DEBUG, evg->domid, "%s", why); - libxl_evgen_domain_death *evg_next = LIBXL_TAILQ_NEXT(evg, entry); + libxl_evgen_domain_death *evg_next = XEN_TAILQ_NEXT(evg, entry); *evg_upd = evg_next; libxl_event *ev = NEW_EVENT(egc, DOMAIN_DEATH, evg->domid, evg->user); @@ -875,8 +875,8 @@ static void domain_death_occurred(libxl__egc *egc, libxl__event_occurred(egc, ev); evg->death_reported = 1; - LIBXL_TAILQ_REMOVE(&CTX->death_list, evg, entry); - LIBXL_TAILQ_INSERT_HEAD(&CTX->death_reported, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_list, evg, entry); + XEN_TAILQ_INSERT_HEAD(&CTX->death_reported, evg, entry); } static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, @@ -887,12 +887,12 @@ static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, CTX_LOCK; - evg = LIBXL_TAILQ_FIRST(&CTX->death_list); + evg = XEN_TAILQ_FIRST(&CTX->death_list); for (;;) { if (!evg) goto out; - int nentries = LIBXL_TAILQ_NEXT(evg, entry) ? 200 : 1; + int nentries = XEN_TAILQ_NEXT(evg, entry) ? 200 : 1; xc_domaininfo_t domaininfos[nentries]; const xc_domaininfo_t *got = domaininfos, *gotend; @@ -966,7 +966,7 @@ static void domain_death_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, evg->shutdown_reported = 1; } - evg = LIBXL_TAILQ_NEXT(evg, entry); + evg = XEN_TAILQ_NEXT(evg, entry); } assert(rc); /* rc==0 results in us eating all evgs and quitting */ @@ -1015,13 +1015,13 @@ void libxl__evdisable_domain_death(libxl__gc *gc, CTX_LOCK; if (!evg->death_reported) - LIBXL_TAILQ_REMOVE(&CTX->death_list, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_list, evg, entry); else - LIBXL_TAILQ_REMOVE(&CTX->death_reported, evg, entry); + XEN_TAILQ_REMOVE(&CTX->death_reported, evg, entry); free(evg); - if (!LIBXL_TAILQ_FIRST(&CTX->death_list) && + if (!XEN_TAILQ_FIRST(&CTX->death_list) && libxl__ev_xswatch_isregistered(&CTX->death_watch)) libxl__ev_xswatch_deregister(gc, &CTX->death_watch); diff --git a/tools/libs/light/libxl_event.c b/tools/libs/light/libxl_event.c index 7c5387e94f..c8bcd13960 100644 --- a/tools/libs/light/libxl_event.c +++ b/tools/libs/light/libxl_event.c @@ -165,7 +165,7 @@ static void ao__check_destroy(libxl_ctx *ctx, libxl__ao *ao); */ static void pollers_note_osevent_added(libxl_ctx *ctx) { libxl__poller *poller; - LIBXL_LIST_FOREACH(poller, &ctx->pollers_active, active_entry) + XEN_LIST_FOREACH(poller, &ctx->pollers_active, active_entry) poller->osevents_added = 1; } @@ -189,7 +189,7 @@ void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc) if (CTX->poller_app->osevents_added) baton_wake(gc, CTX->poller_app); - LIBXL_LIST_FOREACH(search, &CTX->pollers_active, active_entry) { + XEN_LIST_FOREACH(search, &CTX->pollers_active, active_entry) { if (search == CTX->poller_app) /* This one is special. We can't give it the baton. */ continue; @@ -279,7 +279,7 @@ void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc) struct libxl__osevent_hook_nexus { void *ev; void *for_app_reg; - LIBXL_SLIST_ENTRY(libxl__osevent_hook_nexus) next; + XEN_SLIST_ENTRY(libxl__osevent_hook_nexus) next; }; static void *osevent_ev_from_hook_nexus(libxl_ctx *ctx, @@ -293,7 +293,7 @@ static void osevent_release_nexus(libxl__gc *gc, libxl__osevent_hook_nexus *nexus) { nexus->ev = 0; - LIBXL_SLIST_INSERT_HEAD(nexi_idle, nexus, next); + XEN_SLIST_INSERT_HEAD(nexi_idle, nexus, next); } /*----- OSEVENT* hook functions for nexusop "alloc" -----*/ @@ -301,9 +301,9 @@ static void osevent_hook_pre_alloc(libxl__gc *gc, void *ev, libxl__osevent_hook_nexi *nexi_idle, libxl__osevent_hook_nexus **nexus_r) { - libxl__osevent_hook_nexus *nexus = LIBXL_SLIST_FIRST(nexi_idle); + libxl__osevent_hook_nexus *nexus = XEN_SLIST_FIRST(nexi_idle); if (nexus) { - LIBXL_SLIST_REMOVE_HEAD(nexi_idle, next); + XEN_SLIST_REMOVE_HEAD(nexi_idle, next); } else { nexus = libxl__zalloc(NOGC, sizeof(*nexus)); } @@ -364,7 +364,7 @@ int libxl__ev_fd_register(libxl__gc *gc, libxl__ev_fd *ev, ev->events = events; ev->func = func; - LIBXL_LIST_INSERT_HEAD(&CTX->efds, ev, entry); + XEN_LIST_INSERT_HEAD(&CTX->efds, ev, entry); pollers_note_osevent_added(CTX); rc = 0; @@ -409,10 +409,10 @@ void libxl__ev_fd_deregister(libxl__gc *gc, libxl__ev_fd *ev) DBG("ev_fd=%p deregister fd=%d", ev, ev->fd); OSEVENT_HOOK_VOID(fd,deregister, release, ev->fd, ev->nexus->for_app_reg); - LIBXL_LIST_REMOVE(ev, entry); + XEN_LIST_REMOVE(ev, entry); ev->fd = -1; - LIBXL_LIST_FOREACH(poller, &CTX->pollers_active, active_entry) + XEN_LIST_FOREACH(poller, &CTX->pollers_active, active_entry) poller->fds_deregistered = 1; out: @@ -504,7 +504,7 @@ static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) OSEVENT_HOOK_VOID(timeout,modify, noop /* release nexus in _occurred_ */, &ev->nexus->for_app_reg, right_away); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); + XEN_TAILQ_REMOVE(&CTX->etimes, ev, entry); } } @@ -640,7 +640,7 @@ static void time_occurs(libxl__egc *egc, libxl__ev_time *etime, int rc) libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, int slotnum) { libxl__ev_watch_slot *slot = &CTX->watch_slots[slotnum]; - libxl__ev_watch_slot *slotcontents = LIBXL_SLIST_NEXT(slot, empty); + libxl__ev_watch_slot *slotcontents = XEN_SLIST_NEXT(slot, empty); if (slotcontents == NULL || ((uintptr_t)slotcontents >= (uintptr_t)CTX->watch_slots && @@ -672,7 +672,7 @@ libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, int slotnum) static void libxl__set_watch_slot_contents(libxl__ev_watch_slot *slot, libxl__ev_xswatch *w) { - /* we look a bit behind the curtain of LIBXL_SLIST, to explicitly + /* we look a bit behind the curtain of XEN_SLIST, to explicitly * assign to the pointer that's the next link. See the comment * by the definition of libxl__ev_watch_slot */ slot->empty.sle_next = (void*)w; @@ -784,7 +784,7 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, if (rc) goto out_rc; } - if (LIBXL_SLIST_EMPTY(&CTX->watch_freeslots)) { + if (XEN_SLIST_EMPTY(&CTX->watch_freeslots)) { /* Free list is empty so there is not in fact a linked * free list in the array and we can safely realloc it */ int newarraysize = (CTX->watch_nslots + 1) << 2; @@ -794,14 +794,13 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, CTX->watch_slots, sizeof(*newarray) * newarraysize); if (!newarray) goto out_nomem; for (i = CTX->watch_nslots; i < newarraysize; i++) - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, - &newarray[i], empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, &newarray[i], empty); CTX->watch_slots = newarray; CTX->watch_nslots = newarraysize; } - use = LIBXL_SLIST_FIRST(&CTX->watch_freeslots); + use = XEN_SLIST_FIRST(&CTX->watch_freeslots); assert(use); - LIBXL_SLIST_REMOVE_HEAD(&CTX->watch_freeslots, empty); + XEN_SLIST_REMOVE_HEAD(&CTX->watch_freeslots, empty); path_copy = strdup(path); if (!path_copy) goto out_nomem; @@ -832,7 +831,7 @@ int libxl__ev_xswatch_register(libxl__gc *gc, libxl__ev_xswatch *w, rc = ERROR_NOMEM; out_rc: if (use) - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, use, empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, use, empty); free(path_copy); watches_check_fd_deregister(gc); CTX_UNLOCK; @@ -856,7 +855,7 @@ void libxl__ev_xswatch_deregister(libxl__gc *gc, libxl__ev_xswatch *w) LOGEV(ERROR, errno, "remove watch for path %s", w->path); libxl__ev_watch_slot *slot = &CTX->watch_slots[w->slotnum]; - LIBXL_SLIST_INSERT_HEAD(&CTX->watch_freeslots, slot, empty); + XEN_SLIST_INSERT_HEAD(&CTX->watch_freeslots, slot, empty); w->slotnum = -1; CTX->nwatches--; watches_check_fd_deregister(gc); @@ -927,7 +926,7 @@ static void evtchn_fd_callback(libxl__egc *egc, libxl__ev_fd *ev, return; } - LIBXL_LIST_FOREACH(evev, &CTX->evtchns_waiting, entry) + XEN_LIST_FOREACH(evev, &CTX->evtchns_waiting, entry) if (port == evev->port) goto found; /* not found */ @@ -937,7 +936,7 @@ static void evtchn_fd_callback(libxl__egc *egc, libxl__ev_fd *ev, found: DBG("ev_evtchn=%p port=%d signaled", evev, port); evev->waiting = 0; - LIBXL_LIST_REMOVE(evev, entry); + XEN_LIST_REMOVE(evev, entry); evev->callback(egc, evev); } } @@ -972,7 +971,7 @@ int libxl__ctx_evtchn_init(libxl__gc *gc) { static void evtchn_check_fd_deregister(libxl__gc *gc) { - if (CTX->xce && LIBXL_LIST_EMPTY(&CTX->evtchns_waiting)) + if (CTX->xce && XEN_LIST_EMPTY(&CTX->evtchns_waiting)) libxl__ev_fd_deregister(gc, &CTX->evtchn_efd); } @@ -1003,7 +1002,7 @@ int libxl__ev_evtchn_wait(libxl__gc *gc, libxl__ev_evtchn *evev) } evev->waiting = 1; - LIBXL_LIST_INSERT_HEAD(&CTX->evtchns_waiting, evev, entry); + XEN_LIST_INSERT_HEAD(&CTX->evtchns_waiting, evev, entry); return 0; out: @@ -1020,7 +1019,7 @@ void libxl__ev_evtchn_cancel(libxl__gc *gc, libxl__ev_evtchn *evev) return; evev->waiting = 0; - LIBXL_LIST_REMOVE(evev, entry); + XEN_LIST_REMOVE(evev, entry); evtchn_check_fd_deregister(gc); } @@ -1095,7 +1094,7 @@ int libxl__ev_devstate_wait(libxl__ao *ao, libxl__ev_devstate *ds, void libxl__ev_immediate_register(libxl__egc *egc, libxl__ev_immediate *ei) { - LIBXL_STAILQ_INSERT_TAIL(&egc->ev_immediates, ei, entry); + XEN_STAILQ_INSERT_TAIL(&egc->ev_immediates, ei, entry); } /* @@ -1221,7 +1220,7 @@ static int beforepoll_internal(libxl__gc *gc, libxl__poller *poller, #define REQUIRE_FDS(BODY) do{ \ \ - LIBXL_LIST_FOREACH(efd, &CTX->efds, entry) \ + XEN_LIST_FOREACH(efd, &CTX->efds, entry) \ REQUIRE_FD(efd->fd, efd->events, BODY); \ \ REQUIRE_FD(poller->wakeup_pipe[0], POLLIN, BODY); \ @@ -1298,7 +1297,7 @@ static int beforepoll_internal(libxl__gc *gc, libxl__poller *poller, poller->fds_deregistered = 0; poller->osevents_added = 0; - libxl__ev_time *etime = LIBXL_TAILQ_FIRST(&CTX->etimes); + libxl__ev_time *etime = XEN_TAILQ_FIRST(&CTX->etimes); if (etime) { int our_timeout; struct timeval rel; @@ -1436,7 +1435,7 @@ static void afterpoll_internal(libxl__egc *egc, libxl__poller *poller, * so that we don't call the same function again. */ int revents; - LIBXL_LIST_FOREACH(efd, &CTX->efds, entry) { + XEN_LIST_FOREACH(efd, &CTX->efds, entry) { if (!efd->events) continue; @@ -1454,7 +1453,7 @@ static void afterpoll_internal(libxl__egc *egc, libxl__poller *poller, } for (;;) { - libxl__ev_time *etime = LIBXL_TAILQ_FIRST(&CTX->etimes); + libxl__ev_time *etime = XEN_TAILQ_FIRST(&CTX->etimes); if (!etime) break; @@ -1494,8 +1493,8 @@ void libxl_osevent_register_hooks(libxl_ctx *ctx, { GC_INIT(ctx); CTX_LOCK; - assert(LIBXL_LIST_EMPTY(&ctx->efds)); - assert(LIBXL_TAILQ_EMPTY(&ctx->etimes)); + assert(XEN_LIST_EMPTY(&ctx->efds)); + assert(XEN_TAILQ_EMPTY(&ctx->etimes)); ctx->osevent_hooks = hooks; ctx->osevent_user = user; CTX_UNLOCK; @@ -1534,7 +1533,7 @@ void libxl_osevent_occurred_timeout(libxl_ctx *ctx, void *for_libxl) if (!ev) goto out; assert(!ev->infinite); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); + XEN_TAILQ_REMOVE(&CTX->etimes, ev, entry); time_occurs(egc, ev, ERROR_TIMEDOUT); @@ -1577,9 +1576,9 @@ static void egc_run_callbacks(libxl__egc *egc) libxl__aop_occurred *aop, *aop_tmp; libxl__ev_immediate *ei; - while (!LIBXL_STAILQ_EMPTY(&egc->ev_immediates)) { - ei = LIBXL_STAILQ_FIRST(&egc->ev_immediates); - LIBXL_STAILQ_REMOVE_HEAD(&egc->ev_immediates, entry); + while (!XEN_STAILQ_EMPTY(&egc->ev_immediates)) { + ei = XEN_STAILQ_FIRST(&egc->ev_immediates); + XEN_STAILQ_REMOVE_HEAD(&egc->ev_immediates, entry); CTX_LOCK; /* This callback is internal to libxl and expects CTX to be * locked. */ @@ -1587,15 +1586,15 @@ static void egc_run_callbacks(libxl__egc *egc) CTX_UNLOCK; } - LIBXL_TAILQ_FOREACH_SAFE(ev, &egc->occurred_for_callback, link, ev_tmp) { - LIBXL_TAILQ_REMOVE(&egc->occurred_for_callback, ev, link); + XEN_TAILQ_FOREACH_SAFE(ev, &egc->occurred_for_callback, link, ev_tmp) { + XEN_TAILQ_REMOVE(&egc->occurred_for_callback, ev, link); LOG(DEBUG,"event %p callback type=%s", ev, libxl_event_type_to_string(ev->type)); CTX->event_hooks->event_occurs(CTX->event_hooks_user, ev); } - LIBXL_TAILQ_FOREACH_SAFE(aop, &egc->aops_for_callback, entry, aop_tmp) { - LIBXL_TAILQ_REMOVE(&egc->aops_for_callback, aop, entry); + XEN_TAILQ_FOREACH_SAFE(aop, &egc->aops_for_callback, entry, aop_tmp) { + XEN_TAILQ_REMOVE(&egc->aops_for_callback, aop, entry); LOG(DEBUG,"ao %p: progress report: callback aop=%p", aop->ao, aop); aop->how->callback(CTX, aop->ev, aop->how->for_callback); @@ -1607,9 +1606,9 @@ static void egc_run_callbacks(libxl__egc *egc) } libxl__ao *ao, *ao_tmp; - LIBXL_TAILQ_FOREACH_SAFE(ao, &egc->aos_for_callback, - entry_for_callback, ao_tmp) { - LIBXL_TAILQ_REMOVE(&egc->aos_for_callback, ao, entry_for_callback); + XEN_TAILQ_FOREACH_SAFE(ao, &egc->aos_for_callback, + entry_for_callback, ao_tmp) { + XEN_TAILQ_REMOVE(&egc->aos_for_callback, ao, entry_for_callback); LOG(DEBUG,"ao %p: completion callback", ao); ao->how.callback(CTX, ao->rc, ao->how.u.for_callback); CTX_LOCK; @@ -1648,12 +1647,12 @@ void libxl__event_occurred(libxl__egc *egc, libxl_event *event) * from libxl. This helps avoid reentrancy bugs: parts of * libxl that call libxl__event_occurred do not have to worry * that libxl might be reentered at that point. */ - LIBXL_TAILQ_INSERT_TAIL(&egc->occurred_for_callback, event, link); + XEN_TAILQ_INSERT_TAIL(&egc->occurred_for_callback, event, link); return; } else { libxl__poller *poller; - LIBXL_TAILQ_INSERT_TAIL(&CTX->occurred, event, link); - LIBXL_LIST_FOREACH(poller, &CTX->pollers_event, entry) + XEN_TAILQ_INSERT_TAIL(&CTX->occurred, event, link); + XEN_LIST_FOREACH(poller, &CTX->pollers_event, entry) libxl__poller_wakeup(gc, poller); } } @@ -1691,7 +1690,7 @@ static int event_check_internal(libxl__egc *egc, libxl_event **event_r, libxl_event *ev; int rc; - LIBXL_TAILQ_FOREACH(ev, &CTX->occurred, link) { + XEN_TAILQ_FOREACH(ev, &CTX->occurred, link) { if (!(typemask & ((uint64_t)1 << ev->type))) continue; @@ -1699,7 +1698,7 @@ static int event_check_internal(libxl__egc *egc, libxl_event **event_r, continue; /* got one! */ - LIBXL_TAILQ_REMOVE(&CTX->occurred, ev, link); + XEN_TAILQ_REMOVE(&CTX->occurred, ev, link); *event_r = ev; rc = 0; goto out; @@ -1820,9 +1819,9 @@ libxl__poller *libxl__poller_get(libxl__gc *gc) /* must be called with ctx locked */ int rc; - libxl__poller *p = LIBXL_LIST_FIRST(&CTX->pollers_idle); + libxl__poller *p = XEN_LIST_FIRST(&CTX->pollers_idle); if (p) { - LIBXL_LIST_REMOVE(p, entry); + XEN_LIST_REMOVE(p, entry); } else { p = libxl__zalloc(NOGC, sizeof(*p)); @@ -1833,16 +1832,15 @@ libxl__poller *libxl__poller_get(libxl__gc *gc) } } - LIBXL_LIST_INSERT_HEAD(&CTX->pollers_active, p, - active_entry); + XEN_LIST_INSERT_HEAD(&CTX->pollers_active, p, active_entry); return p; } void libxl__poller_put(libxl_ctx *ctx, libxl__poller *p) { if (!p) return; - LIBXL_LIST_REMOVE(p, active_entry); - LIBXL_LIST_INSERT_HEAD(&ctx->pollers_idle, p, entry); + XEN_LIST_REMOVE(p, active_entry); + XEN_LIST_INSERT_HEAD(&ctx->pollers_idle, p, entry); } void libxl__poller_wakeup(libxl__gc *gc, libxl__poller *p) @@ -2048,7 +2046,7 @@ void libxl__ao_create_fail(libxl__ao *ao) assert(!ao->complete); assert(!ao->progress_reports_outstanding); assert(!ao->aborting); - LIBXL_LIST_REMOVE(ao, inprogress_entry); + XEN_LIST_REMOVE(ao, inprogress_entry); libxl__ao__destroy(CTX, ao); } @@ -2070,7 +2068,7 @@ void libxl__ao_complete(libxl__egc *egc, libxl__ao *ao, int rc) assert(!ao->nested_progeny); ao->complete = 1; ao->rc = rc; - LIBXL_LIST_REMOVE(ao, inprogress_entry); + XEN_LIST_REMOVE(ao, inprogress_entry); if (ao->outstanding_killed_child) LOG(DEBUG, "ao %p: .. but waiting for %d fork to exit", ao, ao->outstanding_killed_child); @@ -2107,7 +2105,7 @@ void libxl__ao_complete_check_progress_reports(libxl__egc *egc, libxl__ao *ao) libxl__poller_wakeup(gc, ao->poller); } else if (ao->how.callback) { LOG(DEBUG, "ao %p: complete for callback", ao); - LIBXL_TAILQ_INSERT_TAIL(&egc->aos_for_callback, ao, entry_for_callback); + XEN_TAILQ_INSERT_TAIL(&egc->aos_for_callback, ao, entry_for_callback); } else { libxl_event *ev; ev = NEW_EVENT(egc, OPERATION_COMPLETE, ao->domid, ao->how.u.for_event); @@ -2148,7 +2146,7 @@ libxl__ao *libxl__ao_create(libxl_ctx *ctx, uint32_t domid, "ao %p: create: how=%p callback=%p poller=%p", ao, how, ao->how.callback, ao->poller); - LIBXL_LIST_INSERT_HEAD(&ctx->aos_inprogress, ao, inprogress_entry); + XEN_LIST_INSERT_HEAD(&ctx->aos_inprogress, ao, inprogress_entry); return ao; @@ -2255,7 +2253,7 @@ static int ao__abort(libxl_ctx *ctx, libxl__ao *parent) parent->aborting = 1; - if (LIBXL_LIST_EMPTY(&parent->abortables)) { + if (XEN_LIST_EMPTY(&parent->abortables)) { LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, "ao %p: abort requested and noted, but no-one interested", parent); @@ -2264,13 +2262,13 @@ static int ao__abort(libxl_ctx *ctx, libxl__ao *parent) } /* We keep calling abort hooks until there are none left */ - while (!LIBXL_LIST_EMPTY(&parent->abortables)) { + while (!XEN_LIST_EMPTY(&parent->abortables)) { assert(!parent->complete); - libxl__ao_abortable *abrt = LIBXL_LIST_FIRST(&parent->abortables); + libxl__ao_abortable *abrt = XEN_LIST_FIRST(&parent->abortables); assert(parent == ao_nested_root(abrt->ao)); - LIBXL_LIST_REMOVE(abrt, entry); + XEN_LIST_REMOVE(abrt, entry); abrt->registered = 0; LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, @@ -2300,7 +2298,7 @@ int libxl_ao_abort(libxl_ctx *ctx, const libxl_asyncop_how *how) libxl__ctx_lock(ctx); int rc; - LIBXL_LIST_FOREACH(search, &ctx->aos_inprogress, inprogress_entry) { + XEN_LIST_FOREACH(search, &ctx->aos_inprogress, inprogress_entry) { if (how) { /* looking for ao to be reported by callback or event */ if (search->poller) @@ -2356,7 +2354,7 @@ int libxl__ao_abortable_register(libxl__ao_abortable *abrt) } DBG("ao=%p, abrt=%p: registering (root=%p)", ao, abrt, root); - LIBXL_LIST_INSERT_HEAD(&root->abortables, abrt, entry); + XEN_LIST_INSERT_HEAD(&root->abortables, abrt, entry); abrt->registered = 1; return 0; @@ -2372,7 +2370,7 @@ _hidden void libxl__ao_abortable_deregister(libxl__ao_abortable *abrt) AO_GC; DBG("ao=%p, abrt=%p: deregistering (root=%p)", ao, abrt, root); - LIBXL_LIST_REMOVE(abrt, entry); + XEN_LIST_REMOVE(abrt, entry); abrt->registered = 0; } @@ -2408,7 +2406,7 @@ void libxl__ao_progress_report(libxl__egc *egc, libxl__ao *ao, aop->ao = ao; aop->ev = ev; aop->how = how; - LIBXL_TAILQ_INSERT_TAIL(&egc->aops_for_callback, aop, entry); + XEN_TAILQ_INSERT_TAIL(&egc->aops_for_callback, aop, entry); LOG(DEBUG,"ao %p: progress report: callback queued aop=%p",ao,aop); } else { LOG(DEBUG,"ao %p: progress report: event queued ev=%p type=%s", diff --git a/tools/libs/light/libxl_fork.c b/tools/libs/light/libxl_fork.c index 5d47dceb8a..676a14bb28 100644 --- a/tools/libs/light/libxl_fork.c +++ b/tools/libs/light/libxl_fork.c @@ -37,14 +37,14 @@ */ struct libxl__carefd { - LIBXL_LIST_ENTRY(libxl__carefd) entry; + XEN_LIST_ENTRY(libxl__carefd) entry; int fd; }; static pthread_mutex_t no_forking = PTHREAD_MUTEX_INITIALIZER; static int atfork_registered; -static LIBXL_LIST_HEAD(, libxl__carefd) carefds = - LIBXL_LIST_HEAD_INITIALIZER(carefds); +static XEN_LIST_HEAD(, libxl__carefd) carefds = + XEN_LIST_HEAD_INITIALIZER(carefds); /* Protected against concurrency by no_forking. sigchld_users is * protected against being interrupted by SIGCHLD (and thus read @@ -52,8 +52,8 @@ static LIBXL_LIST_HEAD(, libxl__carefd) carefds = * below). */ static bool sigchld_installed; /* 0 means not */ static pthread_mutex_t sigchld_defer_mutex = PTHREAD_MUTEX_INITIALIZER; -static LIBXL_LIST_HEAD(, libxl_ctx) sigchld_users = - LIBXL_LIST_HEAD_INITIALIZER(sigchld_users); +static XEN_LIST_HEAD(, libxl_ctx) sigchld_users = + XEN_LIST_HEAD_INITIALIZER(sigchld_users); static struct sigaction sigchld_saved_action; static void sigchld_removehandler_core(void); /* idempotent */ @@ -105,7 +105,7 @@ libxl__carefd *libxl__carefd_record(libxl_ctx *ctx, int fd) libxl_fd_set_cloexec(ctx, fd, 1); cf = libxl__zalloc(&ctx->nogc_gc, sizeof(*cf)); cf->fd = fd; - LIBXL_LIST_INSERT_HEAD(&carefds, cf, entry); + XEN_LIST_INSERT_HEAD(&carefds, cf, entry); return cf; } @@ -141,7 +141,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) atfork_lock(); - LIBXL_LIST_FOREACH_SAFE(cf, &carefds, entry, cf_tmp) { + XEN_LIST_FOREACH_SAFE(cf, &carefds, entry, cf_tmp) { if (cf->fd >= 0) { r = close(cf->fd); if (r) @@ -151,7 +151,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) } free(cf); } - LIBXL_LIST_INIT(&carefds); + XEN_LIST_INIT(&carefds); if (sigchld_installed) { /* We are in theory not at risk of concurrent execution of the @@ -172,7 +172,7 @@ void libxl_postfork_child_noexec(libxl_ctx *ctx) * use SIGCHLD, but instead just waits for the child(ren). */ defer_sigchld(); - LIBXL_LIST_INIT(&sigchld_users); + XEN_LIST_INIT(&sigchld_users); /* After this the ->sigchld_user_registered entries in the * now-obsolete contexts may be lies. But that's OK because * no-one will look at them. */ @@ -190,7 +190,7 @@ int libxl__carefd_close(libxl__carefd *cf) atfork_lock(); int r = cf->fd < 0 ? 0 : close(cf->fd); int esave = errno; - LIBXL_LIST_REMOVE(cf, entry); + XEN_LIST_REMOVE(cf, entry); atfork_unlock(); free(cf); errno = esave; @@ -238,7 +238,7 @@ static void sigchld_handler(int signo) int r = pthread_mutex_lock(&sigchld_defer_mutex); assert(!r); - LIBXL_LIST_FOREACH(notify, &sigchld_users, sigchld_users_entry) { + XEN_LIST_FOREACH(notify, &sigchld_users, sigchld_users_entry) { int e = libxl__self_pipe_wakeup(notify->sigchld_selfpipe[1]); if (e) abort(); /* errors are probably EBADF, very bad */ } @@ -362,11 +362,11 @@ static void sigchld_user_remove(libxl_ctx *ctx) /* idempotent */ atfork_lock(); defer_sigchld(); - LIBXL_LIST_REMOVE(ctx, sigchld_users_entry); + XEN_LIST_REMOVE(ctx, sigchld_users_entry); release_sigchld(); - if (LIBXL_LIST_EMPTY(&sigchld_users)) + if (XEN_LIST_EMPTY(&sigchld_users)) sigchld_removehandler_core(); atfork_unlock(); @@ -404,7 +404,7 @@ int libxl__sigchld_needed(libxl__gc *gc) /* non-reentrant, idempotent */ defer_sigchld(); - LIBXL_LIST_INSERT_HEAD(&sigchld_users, CTX, sigchld_users_entry); + XEN_LIST_INSERT_HEAD(&sigchld_users, CTX, sigchld_users_entry); release_sigchld(); atfork_unlock(); @@ -421,7 +421,7 @@ static bool chldmode_ours(libxl_ctx *ctx, bool creating) { switch (ctx->childproc_hooks->chldowner) { case libxl_sigchld_owner_libxl: - return creating || !LIBXL_LIST_EMPTY(&ctx->children); + return creating || !XEN_LIST_EMPTY(&ctx->children); case libxl_sigchld_owner_mainloop: return 0; case libxl_sigchld_owner_libxl_always: @@ -452,7 +452,7 @@ static void childproc_reaped_ours(libxl__egc *egc, libxl__ev_child *ch, int status) { pid_t pid = ch->pid; - LIBXL_LIST_REMOVE(ch, entry); + XEN_LIST_REMOVE(ch, entry); ch->pid = -1; ch->callback(egc, ch, pid, status); } @@ -462,7 +462,7 @@ static int childproc_reaped(libxl__egc *egc, pid_t pid, int status) EGC_GC; libxl__ev_child *ch; - LIBXL_LIST_FOREACH(ch, &CTX->children, entry) + XEN_LIST_FOREACH(ch, &CTX->children, entry) if (ch->pid == pid) goto found; @@ -497,7 +497,7 @@ static void childproc_checkall(libxl__egc *egc) int status; pid_t got; - LIBXL_LIST_FOREACH(ch, &CTX->children, entry) { + XEN_LIST_FOREACH(ch, &CTX->children, entry) { got = checked_waitpid(egc, ch->pid, &status); if (got) goto found; @@ -625,7 +625,7 @@ pid_t libxl__ev_child_fork(libxl__gc *gc, libxl__ev_child *ch, ch->pid = pid; ch->callback = death; - LIBXL_LIST_INSERT_HEAD(&CTX->children, ch, entry); + XEN_LIST_INSERT_HEAD(&CTX->children, ch, entry); rc = pid; out: @@ -640,7 +640,7 @@ void libxl_childproc_setmode(libxl_ctx *ctx, const libxl_childproc_hooks *hooks, GC_INIT(ctx); CTX_LOCK; - assert(LIBXL_LIST_EMPTY(&CTX->children)); + assert(XEN_LIST_EMPTY(&CTX->children)); if (!hooks) hooks = &libxl__childproc_default_hooks; @@ -698,10 +698,10 @@ void libxl__ev_child_kill_deregister(libxl__ao *ao, libxl__ev_child *ch, new_ch->ao = ao; new_ch->ch.pid = pid; new_ch->ch.callback = deregistered_child_callback; - LIBXL_LIST_INSERT_HEAD(&CTX->children, &new_ch->ch, entry); + XEN_LIST_INSERT_HEAD(&CTX->children, &new_ch->ch, entry); ao->outstanding_killed_child++; - LIBXL_LIST_REMOVE(ch, entry); + XEN_LIST_REMOVE(ch, entry); ch->pid = -1; int r = kill(pid, sig); if (r) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 37d5c27756..c0e7779d97 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -245,7 +245,7 @@ struct libxl__ev_fd { short events; libxl__ev_fd_callback *func; /* remainder is private for libxl__ev_fd... */ - LIBXL_LIST_ENTRY(libxl__ev_fd) entry; + XEN_LIST_ENTRY(libxl__ev_fd) entry; libxl__osevent_hook_nexus *nexus; }; @@ -260,7 +260,7 @@ struct libxl__ao_abortable { libxl__ao_abortable_callback *callback; /* remainder is private for abort machinery */ bool registered; - LIBXL_LIST_ENTRY(libxl__ao_abortable) entry; + XEN_LIST_ENTRY(libxl__ao_abortable) entry; /* * For nested aos: * Semantically, abort affects the whole tree of aos, @@ -296,7 +296,7 @@ struct libxl__ev_time { libxl__ev_time_callback *func; /* remainder is private for libxl__ev_time... */ int infinite; /* not registered in list or with app if infinite */ - LIBXL_TAILQ_ENTRY(libxl__ev_time) entry; + XEN_TAILQ_ENTRY(libxl__ev_time) entry; struct timeval abs; libxl__osevent_hook_nexus *nexus; libxl__ao_abortable abrt; @@ -323,7 +323,7 @@ struct libxl__ev_evtchn { int port; /* remainder is private for libxl__ev_evtchn_... */ bool waiting; - LIBXL_LIST_ENTRY(libxl__ev_evtchn) entry; + XEN_LIST_ENTRY(libxl__ev_evtchn) entry; }; /* @@ -341,7 +341,7 @@ struct libxl__ev_evtchn { * xswatch pointers when we store and retrieve them. */ typedef struct libxl__ev_watch_slot { - LIBXL_SLIST_ENTRY(struct libxl__ev_watch_slot) empty; + XEN_SLIST_ENTRY(struct libxl__ev_watch_slot) empty; } libxl__ev_watch_slot; _hidden libxl__ev_xswatch *libxl__watch_slot_contents(libxl__gc *gc, @@ -357,7 +357,7 @@ struct libxl__ev_child { pid_t pid; /* -1 means unused ("unregistered", ie Idle) */ libxl__ev_child_callback *callback; /* remainder is private for libxl__ev_... */ - LIBXL_LIST_ENTRY(struct libxl__ev_child) entry; + XEN_LIST_ENTRY(struct libxl__ev_child) entry; }; /* libxl__ev_immediate @@ -370,7 +370,7 @@ struct libxl__ev_immediate { /* filled by user */ void (*callback)(libxl__egc *, libxl__ev_immediate *); /* private to libxl__ev_immediate */ - LIBXL_STAILQ_ENTRY(libxl__ev_immediate) entry; + XEN_STAILQ_ENTRY(libxl__ev_immediate) entry; }; void libxl__ev_immediate_register(libxl__egc *, libxl__ev_immediate *); @@ -582,7 +582,7 @@ _hidden void libxl__qmp_param_add_integer(libxl__gc *gc, struct libxl__evgen_domain_death { uint32_t domid; unsigned shutdown_reported:1, death_reported:1; - LIBXL_TAILQ_ENTRY(libxl_evgen_domain_death) entry; + XEN_TAILQ_ENTRY(libxl_evgen_domain_death) entry; /* on list .death_reported ? CTX->death_list : CTX->death_reported */ libxl_ev_user user; }; @@ -592,7 +592,7 @@ libxl__evdisable_domain_death(libxl__gc*, libxl_evgen_domain_death*); struct libxl__evgen_disk_eject { libxl__ev_xswatch watch; uint32_t domid; - LIBXL_LIST_ENTRY(libxl_evgen_disk_eject) entry; + XEN_LIST_ENTRY(libxl_evgen_disk_eject) entry; libxl_ev_user user; char *vdev, *be_ptr_path; }; @@ -620,7 +620,7 @@ struct libxl__poller { * The "poller_app" is never idle, but is sometimes on * pollers_event. */ - LIBXL_LIST_ENTRY(libxl__poller) entry; + XEN_LIST_ENTRY(libxl__poller) entry; struct pollfd *fd_polls; int fd_polls_allocd; @@ -653,7 +653,7 @@ struct libxl__poller { * a promise to also make this check, so the baton will never be * dropped. */ - LIBXL_LIST_ENTRY(libxl__poller) active_entry; + XEN_LIST_ENTRY(libxl__poller) active_entry; bool fds_deregistered; bool osevents_added; }; @@ -687,7 +687,7 @@ struct libxl__ctx { * documented in the libxl public interface. */ - LIBXL_TAILQ_HEAD(libxl__event_list, libxl_event) occurred; + XEN_TAILQ_HEAD(libxl__event_list, libxl_event) occurred; int osevent_in_hook; const libxl_osevent_hooks *osevent_hooks; @@ -696,40 +696,40 @@ struct libxl__ctx { * for restrictions on the use of the osevent fields. */ libxl__poller *poller_app; /* libxl_osevent_beforepoll and _afterpoll */ - LIBXL_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; - LIBXL_LIST_HEAD(, libxl__poller) pollers_active; + XEN_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; + XEN_LIST_HEAD(, libxl__poller) pollers_active; - LIBXL_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) + XEN_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) hook_fd_nexi_idle, hook_timeout_nexi_idle; - LIBXL_LIST_HEAD(, libxl__ev_fd) efds; - LIBXL_TAILQ_HEAD(, libxl__ev_time) etimes; + XEN_LIST_HEAD(, libxl__ev_fd) efds; + XEN_TAILQ_HEAD(, libxl__ev_time) etimes; libxl__ev_watch_slot *watch_slots; int watch_nslots, nwatches; - LIBXL_SLIST_HEAD(, libxl__ev_watch_slot) watch_freeslots; + XEN_SLIST_HEAD(, libxl__ev_watch_slot) watch_freeslots; uint32_t watch_counter; /* helps disambiguate slot reuse */ libxl__ev_fd watch_efd; xenevtchn_handle *xce; /* waiting must be done only with libxl__ev_evtchn* */ - LIBXL_LIST_HEAD(, libxl__ev_evtchn) evtchns_waiting; + XEN_LIST_HEAD(, libxl__ev_evtchn) evtchns_waiting; libxl__ev_fd evtchn_efd; - LIBXL_LIST_HEAD(, libxl__ao) aos_inprogress; + XEN_LIST_HEAD(, libxl__ao) aos_inprogress; - LIBXL_TAILQ_HEAD(libxl__evgen_domain_death_list, libxl_evgen_domain_death) + XEN_TAILQ_HEAD(libxl__evgen_domain_death_list, libxl_evgen_domain_death) death_list /* sorted by domid */, death_reported; libxl__ev_xswatch death_watch; - LIBXL_LIST_HEAD(, libxl_evgen_disk_eject) disk_eject_evgens; + XEN_LIST_HEAD(, libxl_evgen_disk_eject) disk_eject_evgens; const libxl_childproc_hooks *childproc_hooks; void *childproc_user; int sigchld_selfpipe[2]; /* [0]==-1 means handler not installed */ libxl__ev_fd sigchld_selfpipe_efd; - LIBXL_LIST_HEAD(, libxl__ev_child) children; + XEN_LIST_HEAD(, libxl__ev_child) children; bool sigchld_user_registered; - LIBXL_LIST_ENTRY(libxl_ctx) sigchld_users_entry; + XEN_LIST_ENTRY(libxl_ctx) sigchld_users_entry; libxl_version_info version_info; @@ -774,9 +774,9 @@ struct libxl__egc { * The egc and its gc may be accessed only on the creating thread. */ struct libxl__gc gc; struct libxl__event_list occurred_for_callback; - LIBXL_TAILQ_HEAD(, libxl__ao) aos_for_callback; - LIBXL_TAILQ_HEAD(, libxl__aop_occurred) aops_for_callback; - LIBXL_STAILQ_HEAD(, libxl__ev_immediate) ev_immediates; + XEN_TAILQ_HEAD(, libxl__ao) aos_for_callback; + XEN_TAILQ_HEAD(, libxl__aop_occurred) aops_for_callback; + XEN_STAILQ_HEAD(, libxl__ev_immediate) ev_immediates; }; struct libxl__aop_occurred { @@ -787,7 +787,7 @@ struct libxl__aop_occurred { * While an aop exists, it corresponds to one refcount in * ao->progress_reports_outstanding, preventing ao destruction. */ - LIBXL_TAILQ_ENTRY(libxl__aop_occurred) entry; + XEN_TAILQ_ENTRY(libxl__aop_occurred) entry; libxl__ao *ao; libxl_event *ev; const libxl_asyncprogress_how *how; @@ -819,13 +819,13 @@ struct libxl__ao { int nested_progeny; int progress_reports_outstanding; int rc; - LIBXL_LIST_HEAD(, libxl__ao_abortable) abortables; - LIBXL_LIST_ENTRY(libxl__ao) inprogress_entry; + XEN_LIST_HEAD(, libxl__ao_abortable) abortables; + XEN_LIST_ENTRY(libxl__ao) inprogress_entry; libxl__gc gc; libxl_asyncop_how how; libxl__poller *poller; uint32_t domid; - LIBXL_TAILQ_ENTRY(libxl__ao) entry_for_callback; + XEN_TAILQ_ENTRY(libxl__ao) entry_for_callback; int outstanding_killed_child; }; @@ -2379,10 +2379,10 @@ bool libxl__stubdomain_is_linux(libxl_domain_build_info *b_info) #define LIBXL_INIT_EGC(egc,ctx) do{ \ LIBXL_INIT_GC((egc).gc,ctx); \ - LIBXL_TAILQ_INIT(&(egc).occurred_for_callback); \ - LIBXL_TAILQ_INIT(&(egc).aos_for_callback); \ - LIBXL_TAILQ_INIT(&(egc).aops_for_callback); \ - LIBXL_STAILQ_INIT(&(egc).ev_immediates); \ + XEN_TAILQ_INIT(&(egc).occurred_for_callback); \ + XEN_TAILQ_INIT(&(egc).aos_for_callback); \ + XEN_TAILQ_INIT(&(egc).aops_for_callback); \ + XEN_STAILQ_INIT(&(egc).ev_immediates); \ } while(0) _hidden void libxl__egc_ao_cleanup_1_baton(libxl__gc *gc); @@ -3141,7 +3141,7 @@ typedef void libxl__datacopier_callback(libxl__egc *egc, struct libxl__datacopier_buf { /* private to datacopier */ - LIBXL_TAILQ_ENTRY(libxl__datacopier_buf) entry; + XEN_TAILQ_ENTRY(libxl__datacopier_buf) entry; int used; char buf[1000]; }; @@ -3163,7 +3163,7 @@ struct libxl__datacopier_state { libxl__ao_abortable abrt; libxl__ev_fd toread, towrite; ssize_t used; - LIBXL_TAILQ_HEAD(libxl__datacopier_bufs, libxl__datacopier_buf) bufs; + XEN_TAILQ_HEAD(libxl__datacopier_bufs, libxl__datacopier_buf) bufs; }; _hidden void libxl__datacopier_init(libxl__datacopier_state *dc); @@ -3443,7 +3443,7 @@ typedef struct libxl__stream_read_state libxl__stream_read_state; typedef struct libxl__sr_record_buf { /* private to stream read helper */ - LIBXL_STAILQ_ENTRY(struct libxl__sr_record_buf) entry; + XEN_STAILQ_ENTRY(struct libxl__sr_record_buf) entry; libxl__sr_rec_hdr hdr; void *body; /* iff hdr.length != 0 */ } libxl__sr_record_buf; @@ -3473,7 +3473,7 @@ struct libxl__stream_read_state { /* Main stream-reading data. */ libxl__datacopier_state dc; /* Only used when reading a record */ libxl__sr_hdr hdr; - LIBXL_STAILQ_HEAD(, libxl__sr_record_buf) record_queue; /* NOGC */ + XEN_STAILQ_HEAD(, libxl__sr_record_buf) record_queue; /* NOGC */ enum { SRS_PHASE_NORMAL, SRS_PHASE_BUFFERING, @@ -4599,9 +4599,9 @@ static inline int libxl__defbool_is_default(libxl_defbool *db) #define LIBXL_TAILQ_INSERT_SORTED(head, entry, elm_new, elm_search, \ search_body, new_after_search_p) \ do { \ - for ((elm_search) = LIBXL_TAILQ_FIRST((head)); \ + for ((elm_search) = XEN_TAILQ_FIRST((head)); \ (elm_search); \ - (elm_search) = LIBXL_TAILQ_NEXT((elm_search), entry)) { \ + (elm_search) = XEN_TAILQ_NEXT((elm_search), entry)) { \ search_body; \ if (!(new_after_search_p)) \ break; \ @@ -4610,9 +4610,9 @@ static inline int libxl__defbool_is_default(libxl_defbool *db) * to place elm_new, or NULL meaning we want to put elm_new at \ * the end */ \ if ((elm_search)) \ - LIBXL_TAILQ_INSERT_BEFORE((elm_search), (elm_new), entry); \ + XEN_TAILQ_INSERT_BEFORE((elm_search), (elm_new), entry); \ else \ - LIBXL_TAILQ_INSERT_TAIL((head), (elm_new), entry); \ + XEN_TAILQ_INSERT_TAIL((head), (elm_new), entry); \ } while(0) diff --git a/tools/libs/light/libxl_qmp.c b/tools/libs/light/libxl_qmp.c index fb146a54cb..8faa102e4d 100644 --- a/tools/libs/light/libxl_qmp.c +++ b/tools/libs/light/libxl_qmp.c @@ -63,7 +63,7 @@ #include -#include "_libxl_list.h" +#include "_xen_list.h" #include "libxl_internal.h" /* #define DEBUG_RECEIVED */ @@ -107,7 +107,7 @@ typedef struct callback_id_pair { qmp_callback_t callback; void *opaque; qmp_request_context *context; - LIBXL_STAILQ_ENTRY(struct callback_id_pair) next; + XEN_STAILQ_ENTRY(struct callback_id_pair) next; } callback_id_pair; struct libxl__qmp_handler { @@ -123,7 +123,7 @@ struct libxl__qmp_handler { uint32_t domid; int last_id_used; - LIBXL_STAILQ_HEAD(callback_list, callback_id_pair) callback_list; + XEN_STAILQ_HEAD(callback_list, callback_id_pair) callback_list; struct { int major; int minor; @@ -189,7 +189,7 @@ static callback_id_pair *qmp_get_callback_from_id(libxl__qmp_handler *qmp, if (id_object) { id = libxl__json_object_get_integer(id_object); - LIBXL_STAILQ_FOREACH(pp, &qmp->callback_list, next) { + XEN_STAILQ_FOREACH(pp, &qmp->callback_list, next) { if (pp->id == id) { return pp; } @@ -217,7 +217,7 @@ static void qmp_handle_error_response(libxl__gc *gc, libxl__qmp_handler *qmp, /* tell that the id have been processed */ qmp->wait_for_id = 0; } - LIBXL_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); + XEN_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); free(pp); } @@ -266,8 +266,7 @@ static int qmp_handle_response(libxl__gc *gc, libxl__qmp_handler *qmp, /* tell that the id have been processed */ qmp->wait_for_id = 0; } - LIBXL_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, - next); + XEN_STAILQ_REMOVE(&qmp->callback_list, pp, callback_id_pair, next); free(pp); } return 0; @@ -325,7 +324,7 @@ static libxl__qmp_handler *qmp_init_handler(libxl__gc *gc, uint32_t domid) qmp->domid = domid; qmp->timeout = 5; - LIBXL_STAILQ_INIT(&qmp->callback_list); + XEN_STAILQ_INIT(&qmp->callback_list); return qmp; } @@ -383,7 +382,7 @@ static void qmp_close(libxl__qmp_handler *qmp) callback_id_pair *tmp = NULL; close(qmp->qmp_fd); - LIBXL_STAILQ_FOREACH(pp, &qmp->callback_list, next) { + XEN_STAILQ_FOREACH(pp, &qmp->callback_list, next) { free(tmp); tmp = pp; } @@ -547,7 +546,7 @@ static char *qmp_send_prepare(libxl__gc *gc, libxl__qmp_handler *qmp, elm->callback = callback; elm->opaque = opaque; elm->context = context; - LIBXL_STAILQ_INSERT_TAIL(&qmp->callback_list, elm, next); + XEN_STAILQ_INSERT_TAIL(&qmp->callback_list, elm, next); LOGD(DEBUG, qmp->domid, "next qmp command: '%s'", buf); diff --git a/tools/libs/light/libxl_stream_read.c b/tools/libs/light/libxl_stream_read.c index 99a6714e76..e64e8f0ead 100644 --- a/tools/libs/light/libxl_stream_read.c +++ b/tools/libs/light/libxl_stream_read.c @@ -214,7 +214,7 @@ void libxl__stream_read_init(libxl__stream_read_state *stream) stream->sync_teardown = false; FILLZERO(stream->dc); FILLZERO(stream->hdr); - LIBXL_STAILQ_INIT(&stream->record_queue); + XEN_STAILQ_INIT(&stream->record_queue); stream->phase = SRS_PHASE_NORMAL; stream->recursion_guard = false; stream->incoming_record = NULL; @@ -402,7 +402,7 @@ static void stream_continue(libxl__egc *egc, * processing the record. There should never be two records * in the queue. */ - if (LIBXL_STAILQ_EMPTY(&stream->record_queue)) + if (XEN_STAILQ_EMPTY(&stream->record_queue)) setup_read_record(egc, stream); else { if (process_record(egc, stream)) @@ -412,7 +412,7 @@ static void stream_continue(libxl__egc *egc, * process_record() had better have consumed the one and * only record in the queue. */ - assert(LIBXL_STAILQ_EMPTY(&stream->record_queue)); + assert(XEN_STAILQ_EMPTY(&stream->record_queue)); } break; @@ -428,7 +428,7 @@ static void stream_continue(libxl__egc *egc, * the tail to spot the CHECKPOINT_END record, and switch to * the unbuffering phase. */ - libxl__sr_record_buf *rec = LIBXL_STAILQ_LAST( + libxl__sr_record_buf *rec = XEN_STAILQ_LAST( &stream->record_queue, libxl__sr_record_buf, entry); assert(stream->in_checkpoint); @@ -537,7 +537,7 @@ static void record_body_done(libxl__egc *egc, if (rc) goto err; - LIBXL_STAILQ_INSERT_TAIL(&stream->record_queue, rec, entry); + XEN_STAILQ_INSERT_TAIL(&stream->record_queue, rec, entry); stream->incoming_record = NULL; stream_continue(egc, stream); @@ -567,9 +567,9 @@ static bool process_record(libxl__egc *egc, int rc = 0; /* Pop a record from the head of the queue. */ - assert(!LIBXL_STAILQ_EMPTY(&stream->record_queue)); - rec = LIBXL_STAILQ_FIRST(&stream->record_queue); - LIBXL_STAILQ_REMOVE_HEAD(&stream->record_queue, entry); + assert(!XEN_STAILQ_EMPTY(&stream->record_queue)); + rec = XEN_STAILQ_FIRST(&stream->record_queue); + XEN_STAILQ_REMOVE_HEAD(&stream->record_queue, entry); LOG(DEBUG, "Record: %u, length %u", rec->hdr.type, rec->hdr.length); @@ -813,9 +813,9 @@ static void stream_done(libxl__egc *egc, /* The record queue had better be empty if the stream believes * itself to have been successful. */ - assert(LIBXL_STAILQ_EMPTY(&stream->record_queue) || stream->rc); + assert(XEN_STAILQ_EMPTY(&stream->record_queue) || stream->rc); - LIBXL_STAILQ_FOREACH_SAFE(rec, &stream->record_queue, entry, trec) + XEN_STAILQ_FOREACH_SAFE(rec, &stream->record_queue, entry, trec) free_record(rec); if (!stream->back_channel) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268951.462876 (Exim 4.92) (envelope-from ) id 1nHkSU-0005xX-JJ; Wed, 09 Feb 2022 10:44:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268951.462876; Wed, 09 Feb 2022 10:44:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSU-0005xP-GI; Wed, 09 Feb 2022 10:44:22 +0000 Received: by outflank-mailman (input) for mailman id 268951; Wed, 09 Feb 2022 10:44:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkST-0005xG-Nz for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkST-0001yf-ND for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkST-0002Xl-MO for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KolZswB+foyJaND4h0EMATDn/R3splZYDS3NWUyLgXQ=; b=xGQJUsXBg8Paqc6MmU1lxWrIm4 wDH/IuU2H+/27Yvhb0Dc8dqlUPTdofETg/wto6e2eQbqOjaEn0uYB02Fi58iXJrYIol3cKZPj0zts UR3e/J8XL5YVEXWpUnr5raCJhgqP2hPPfva610OkGrtVGSmF3/I6gKhN1g+fHBeNm1tI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/toolcore: replace _xentoolcore_list.h with _xen_list.h Message-Id: Date: Wed, 09 Feb 2022 10:44:21 +0000 commit 4721d932337e1fe788b24d1289f55fe3a6f06ba1 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:36 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:52 2022 +0000 tools/libs/toolcore: replace _xentoolcore_list.h with _xen_list.h Remove generating _xentoolcore_list.h and use the common _xen_list.h instead. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- .gitignore | 1 - tools/include/xentoolcore_internal.h | 4 ++-- tools/libs/toolcore/Makefile | 8 -------- tools/libs/toolcore/handlereg.c | 8 ++++---- 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 1f53b0320e..2403841e49 100644 --- a/.gitignore +++ b/.gitignore @@ -227,7 +227,6 @@ tools/hotplug/NetBSD/rc.d/xencommons tools/hotplug/NetBSD/rc.d/xendriverdomain tools/include/acpi tools/include/_libxl*.h -tools/include/_xentoolcore_list.h tools/include/xen/* tools/include/xen-xsm/* tools/include/xen-foreign/*.(c|h|size) diff --git a/tools/include/xentoolcore_internal.h b/tools/include/xentoolcore_internal.h index 04f5848f09..deccefd612 100644 --- a/tools/include/xentoolcore_internal.h +++ b/tools/include/xentoolcore_internal.h @@ -27,7 +27,7 @@ #include #include "xentoolcore.h" -#include "_xentoolcore_list.h" +#include "_xen_list.h" /*---------- active handle registration ----------*/ @@ -87,7 +87,7 @@ typedef int Xentoolcore__Restrict_Callback(Xentoolcore__Active_Handle*, struct Xentoolcore__Active_Handle { Xentoolcore__Restrict_Callback *restrict_callback; - XENTOOLCORE_LIST_ENTRY(Xentoolcore__Active_Handle) entry; + XEN_LIST_ENTRY(Xentoolcore__Active_Handle) entry; }; void xentoolcore__register_active_handle(Xentoolcore__Active_Handle*); diff --git a/tools/libs/toolcore/Makefile b/tools/libs/toolcore/Makefile index ed4ae00694..9c013b2879 100644 --- a/tools/libs/toolcore/Makefile +++ b/tools/libs/toolcore/Makefile @@ -3,7 +3,6 @@ include $(XEN_ROOT)/tools/Rules.mk MAJOR = 1 MINOR = 0 -AUTOINCS := $(XEN_INCLUDE)/_xentoolcore_list.h LIBHEADER := xentoolcore.h @@ -12,10 +11,3 @@ SRCS-y += handlereg.c include $(XEN_ROOT)/tools/libs/libs.mk PKG_CONFIG_DESC := Central support for Xen Hypervisor userland libraries - -$(LIB_OBJS): $(AUTOINCS) -$(PIC_OBJS): $(AUTOINCS) - -$(XEN_INCLUDE)/_xentoolcore_list.h: $(XEN_INCLUDE)/xen-external/bsd-sys-queue-h-seddery $(XEN_INCLUDE)/xen-external/bsd-sys-queue.h - $(PERL) $^ --prefix=xentoolcore >$(notdir $@).new - $(call move-if-changed,$(notdir $@).new,$@) diff --git a/tools/libs/toolcore/handlereg.c b/tools/libs/toolcore/handlereg.c index baec55e2a4..b43cb0e8ac 100644 --- a/tools/libs/toolcore/handlereg.c +++ b/tools/libs/toolcore/handlereg.c @@ -31,7 +31,7 @@ #include static pthread_mutex_t handles_lock = PTHREAD_MUTEX_INITIALIZER; -static XENTOOLCORE_LIST_HEAD(, Xentoolcore__Active_Handle) handles; +static XEN_LIST_HEAD(, Xentoolcore__Active_Handle) handles; static void lock(void) { int e = pthread_mutex_lock(&handles_lock); @@ -45,13 +45,13 @@ static void unlock(void) { void xentoolcore__register_active_handle(Xentoolcore__Active_Handle *ah) { lock(); - XENTOOLCORE_LIST_INSERT_HEAD(&handles, ah, entry); + XEN_LIST_INSERT_HEAD(&handles, ah, entry); unlock(); } void xentoolcore__deregister_active_handle(Xentoolcore__Active_Handle *ah) { lock(); - XENTOOLCORE_LIST_REMOVE(ah, entry); + XEN_LIST_REMOVE(ah, entry); unlock(); } @@ -60,7 +60,7 @@ int xentoolcore_restrict_all(domid_t domid) { Xentoolcore__Active_Handle *ah; lock(); - XENTOOLCORE_LIST_FOREACH(ah, &handles, entry) { + XEN_LIST_FOREACH(ah, &handles, entry) { r = ah->restrict_callback(ah, domid); if (r) goto out; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268952.462880 (Exim 4.92) (envelope-from ) id 1nHkSe-000610-Kr; Wed, 09 Feb 2022 10:44:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268952.462880; Wed, 09 Feb 2022 10:44:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSe-00060s-Hv; Wed, 09 Feb 2022 10:44:32 +0000 Received: by outflank-mailman (input) for mailman id 268952; Wed, 09 Feb 2022 10:44:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSd-00060j-RE for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSd-0001yp-QS for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkSd-0002Yv-PS for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QJW8Mk7MBabyeebeKKe7iCpAum3Cq32BLHo8w3Mu8SE=; b=4hHYEIy8GnK3Ai6H1NGy0incLS nagZ2F3MKI3LR12FCG30cYD2/cFVEFfOTYMaLNnMd4qEET44KiwyKhey3Tbw5L+cUlMDzLVroTZCs aS3XqQMyrTuhETe7GnH7ZoReY8YCoy7uYG2f3ugARp6UVuG5vbAAoSyEYk+sXWv5hd0w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs/evtchn: use _xen_list.h Message-Id: Date: Wed, 09 Feb 2022 10:44:31 +0000 commit 8bd039921adb81033f819d2eedc2c94373dacb70 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:37 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:53 2022 +0000 tools/libs/evtchn: use _xen_list.h Instead of including xen-external/bsd-sys-queue.h use the header _xen_list.h in minios.c. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/libs/evtchn/minios.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/libs/evtchn/minios.c b/tools/libs/evtchn/minios.c index 30f98bc7e4..65cfccfd09 100644 --- a/tools/libs/evtchn/minios.c +++ b/tools/libs/evtchn/minios.c @@ -20,7 +20,7 @@ * Split off from xc_minios.c */ -#include "xen-external/bsd-sys-queue.h" +#include "_xen_list.h" #include #include #include @@ -38,10 +38,10 @@ #include "private.h" -LIST_HEAD(port_list, port_info); +XEN_LIST_HEAD(port_list, struct port_info); struct port_info { - LIST_ENTRY(port_info) list; + XEN_LIST_ENTRY(struct port_info) list; evtchn_port_t port; bool pending; bool bound; @@ -62,7 +62,7 @@ static struct port_info *port_alloc(xenevtchn_handle *xce) port_info->port = -1; port_info->bound = false; - LIST_INSERT_HEAD(port_list, port_info, list); + XEN_LIST_INSERT_HEAD(port_list, port_info, list); return port_info; } @@ -72,7 +72,7 @@ static void port_dealloc(struct port_info *port_info) if ( port_info->bound ) unbind_evtchn(port_info->port); - LIST_REMOVE(port_info, list); + XEN_LIST_REMOVE(port_info, list); free(port_info); } @@ -81,7 +81,7 @@ static int evtchn_close_fd(struct file *file) struct port_info *port_info, *tmp; struct port_list *port_list = file->dev; - LIST_FOREACH_SAFE(port_info, port_list, list, tmp) + XEN_LIST_FOREACH_SAFE(port_info, port_list, list, tmp) port_dealloc(port_info); free(port_list); @@ -126,7 +126,7 @@ int osdep_evtchn_open(xenevtchn_handle *xce, unsigned int flags) } file->dev = list; - LIST_INIT(list); + XEN_LIST_INIT(list); xce->fd = fd; printf("evtchn_open() -> %d\n", fd); @@ -173,7 +173,7 @@ static void evtchn_handler(evtchn_port_t port, struct pt_regs *regs, void *data) assert(file); port_list = file->dev; mask_evtchn(port); - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port == port ) goto found; @@ -257,7 +257,7 @@ int xenevtchn_unbind(xenevtchn_handle *xce, evtchn_port_t port) struct port_info *port_info; struct port_list *port_list = file->dev; - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port == port ) { @@ -314,7 +314,7 @@ xenevtchn_port_or_error_t xenevtchn_pending(xenevtchn_handle *xce) file->read = false; - LIST_FOREACH(port_info, port_list, list) + XEN_LIST_FOREACH(port_info, port_list, list) { if ( port_info->port != -1 && port_info->pending ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268953.462883 (Exim 4.92) (envelope-from ) id 1nHkSo-00063l-N0; Wed, 09 Feb 2022 10:44:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268953.462883; Wed, 09 Feb 2022 10:44:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSo-00063e-Jq; Wed, 09 Feb 2022 10:44:42 +0000 Received: by outflank-mailman (input) for mailman id 268953; Wed, 09 Feb 2022 10:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSn-00063O-Ub for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSn-0001z3-TT for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkSn-0002Zt-Sc for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5pwOO02xRdMM4M+UCAbbPDdpdyHbTrpS06uNiOabLBQ=; b=ICr6Ea8rz26h6xz8PeGzrqEQcS pGN/+p25bYk4dCP3NpdU3mR9DEeEWh70pJJtgSQXAeHD5tzRBLqf3YDhSVcpHwgikynK5DZgH2LuB 1FmzjW6STKdzZ4xaulyotTsHfT2RfjIghm4gWfinqIpt3aGKQ6JPUMay7YGnUseyTHuQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/include: remove xen-external directory Message-Id: Date: Wed, 09 Feb 2022 10:44:41 +0000 commit bfb148a0fcb19678cdb7f2c46bbc5fbe3beaf584 Author: Juergen Gross AuthorDate: Tue Feb 8 08:06:38 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:10:53 2022 +0000 tools/include: remove xen-external directory There is no user of tools/include/xen-external/* left. Remove it. Signed-off-by: Juergen Gross Acked-by: Anthony PERARD --- tools/include/xen-external/README | 24 - tools/include/xen-external/bsd-COPYRIGHT | 126 --- tools/include/xen-external/bsd-queue.3 | 1044 -------------------- tools/include/xen-external/bsd-sys-queue-h-seddery | 74 -- tools/include/xen-external/bsd-sys-queue.h | 637 ------------ 5 files changed, 1905 deletions(-) diff --git a/tools/include/xen-external/README b/tools/include/xen-external/README deleted file mode 100644 index 93c2bc9cd8..0000000000 --- a/tools/include/xen-external/README +++ /dev/null @@ -1,24 +0,0 @@ -WARNING - DO NOT EDIT THINGS IN THIS DIRECTORY ----------------------------------------------- - -These files were obtained elsewhere and should only be updated by -copying new versions from the source location, as documented below: - -bsd-COPYRIGHT -bsd-sys-queue.h -bsd-queue.3 - - Obtained from the FreeBSD SVN using the following commands: - svn co -r 221843 svn://svn.freebsd.org/base/head/sys/sys/ - svn co -r 221843 svn://svn.freebsd.org/base/head/share/man/man3 - svn cat -r 221843 http://svn.freebsd.org/base/head/COPYRIGHT >tools/libxl/external/bsd-COPYRIGHT - -Exceptions: - -README - - This file - -bsd-sys-queue-h-seddery - - Script to transform the above into a new namespace. diff --git a/tools/include/xen-external/bsd-COPYRIGHT b/tools/include/xen-external/bsd-COPYRIGHT deleted file mode 100644 index 6dc5d16b46..0000000000 --- a/tools/include/xen-external/bsd-COPYRIGHT +++ /dev/null @@ -1,126 +0,0 @@ -# $FreeBSD$ -# @(#)COPYRIGHT 8.2 (Berkeley) 3/21/94 - -The compilation of software known as FreeBSD is distributed under the -following terms: - -Copyright (c) 1992-2011 The FreeBSD Project. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The 4.4BSD and 4.4BSD-Lite software is distributed under the following -terms: - -All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite -Releases is copyrighted by The Regents of the University of California. - -Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 - The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: -This product includes software developed by the University of -California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The Institute of Electrical and Electronics Engineers and the American -National Standards Committee X3, on Information Processing Systems have -given us permission to reprint portions of their documentation. - -In the following statement, the phrase ``this text'' refers to portions -of the system documentation. - -Portions of this text are reprinted and reproduced in electronic form in -the second BSD Networking Software Release, from IEEE Std 1003.1-1988, IEEE -Standard Portable Operating System Interface for Computer Environments -(POSIX), copyright C 1988 by the Institute of Electrical and Electronics -Engineers, Inc. In the event of any discrepancy between these versions -and the original IEEE Standard, the original IEEE Standard is the referee -document. - -In the following statement, the phrase ``This material'' refers to portions -of the system documentation. - -This material is reproduced with permission from American National -Standards Committee X3, on Information Processing Systems. Computer and -Business Equipment Manufacturers Association (CBEMA), 311 First St., NW, -Suite 500, Washington, DC 20001-2178. The developmental work of -Programming Language C was completed by the X3J11 Technical Committee. - -The views and conclusions contained in the software and documentation are -those of the authors and should not be interpreted as representing official -policies, either expressed or implied, of the Regents of the University -of California. - - -NOTE: The copyright of UC Berkeley's Berkeley Software Distribution ("BSD") -source has been updated. The copyright addendum may be found at -ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change and is -included below. - -July 22, 1999 - -To All Licensees, Distributors of Any Version of BSD: - -As you know, certain of the Berkeley Software Distribution ("BSD") source -code files require that further distributions of products containing all or -portions of the software, acknowledge within their advertising materials -that such products contain software developed by UC Berkeley and its -contributors. - -Specifically, the provision reads: - -" * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors." - -Effective immediately, licensees and distributors are no longer required to -include the acknowledgement within advertising materials. Accordingly, the -foregoing paragraph of those BSD Unix files containing it is hereby deleted -in its entirety. - -William Hoskins -Director, Office of Technology Licensing -University of California, Berkeley diff --git a/tools/include/xen-external/bsd-queue.3 b/tools/include/xen-external/bsd-queue.3 deleted file mode 100644 index 007ca5c629..0000000000 --- a/tools/include/xen-external/bsd-queue.3 +++ /dev/null @@ -1,1044 +0,0 @@ -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)queue.3 8.2 (Berkeley) 1/24/94 -.\" $FreeBSD$ -.\" -.Dd May 13, 2011 -.Dt QUEUE 3 -.Os -.Sh NAME -.Nm SLIST_EMPTY , -.Nm SLIST_ENTRY , -.Nm SLIST_FIRST , -.Nm SLIST_FOREACH , -.Nm SLIST_FOREACH_SAFE , -.Nm SLIST_HEAD , -.Nm SLIST_HEAD_INITIALIZER , -.Nm SLIST_INIT , -.Nm SLIST_INSERT_AFTER , -.Nm SLIST_INSERT_HEAD , -.Nm SLIST_NEXT , -.Nm SLIST_REMOVE_AFTER , -.Nm SLIST_REMOVE_HEAD , -.Nm SLIST_REMOVE , -.Nm SLIST_SWAP , -.Nm STAILQ_CONCAT , -.Nm STAILQ_EMPTY , -.Nm STAILQ_ENTRY , -.Nm STAILQ_FIRST , -.Nm STAILQ_FOREACH , -.Nm STAILQ_FOREACH_SAFE , -.Nm STAILQ_HEAD , -.Nm STAILQ_HEAD_INITIALIZER , -.Nm STAILQ_INIT , -.Nm STAILQ_INSERT_AFTER , -.Nm STAILQ_INSERT_HEAD , -.Nm STAILQ_INSERT_TAIL , -.Nm STAILQ_LAST , -.Nm STAILQ_NEXT , -.Nm STAILQ_REMOVE_AFTER , -.Nm STAILQ_REMOVE_HEAD , -.Nm STAILQ_REMOVE , -.Nm STAILQ_SWAP , -.Nm LIST_EMPTY , -.Nm LIST_ENTRY , -.Nm LIST_FIRST , -.Nm LIST_FOREACH , -.Nm LIST_FOREACH_SAFE , -.Nm LIST_HEAD , -.Nm LIST_HEAD_INITIALIZER , -.Nm LIST_INIT , -.Nm LIST_INSERT_AFTER , -.Nm LIST_INSERT_BEFORE , -.Nm LIST_INSERT_HEAD , -.Nm LIST_NEXT , -.Nm LIST_REMOVE , -.Nm LIST_SWAP , -.Nm TAILQ_CONCAT , -.Nm TAILQ_EMPTY , -.Nm TAILQ_ENTRY , -.Nm TAILQ_FIRST , -.Nm TAILQ_FOREACH , -.Nm TAILQ_FOREACH_SAFE , -.Nm TAILQ_FOREACH_REVERSE , -.Nm TAILQ_FOREACH_REVERSE_SAFE , -.Nm TAILQ_HEAD , -.Nm TAILQ_HEAD_INITIALIZER , -.Nm TAILQ_INIT , -.Nm TAILQ_INSERT_AFTER , -.Nm TAILQ_INSERT_BEFORE , -.Nm TAILQ_INSERT_HEAD , -.Nm TAILQ_INSERT_TAIL , -.Nm TAILQ_LAST , -.Nm TAILQ_NEXT , -.Nm TAILQ_PREV , -.Nm TAILQ_REMOVE , -.Nm TAILQ_SWAP -.Nd implementations of singly-linked lists, singly-linked tail queues, -lists and tail queues -.Sh SYNOPSIS -.In sys/queue.h -.\" -.Fn SLIST_EMPTY "SLIST_HEAD *head" -.Fn SLIST_ENTRY "TYPE" -.Fn SLIST_FIRST "SLIST_HEAD *head" -.Fn SLIST_FOREACH "TYPE *var" "SLIST_HEAD *head" "SLIST_ENTRY NAME" -.Fn SLIST_FOREACH_SAFE "TYPE *var" "SLIST_HEAD *head" "SLIST_ENTRY NAME" "TYPE *temp_var" -.Fn SLIST_HEAD "HEADNAME" "TYPE" -.Fn SLIST_HEAD_INITIALIZER "SLIST_HEAD head" -.Fn SLIST_INIT "SLIST_HEAD *head" -.Fn SLIST_INSERT_AFTER "TYPE *listelm" "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_INSERT_HEAD "SLIST_HEAD *head" "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_NEXT "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE_AFTER "TYPE *elm" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE_HEAD "SLIST_HEAD *head" "SLIST_ENTRY NAME" -.Fn SLIST_REMOVE "SLIST_HEAD *head" "TYPE *elm" "TYPE" "SLIST_ENTRY NAME" -.Fn SLIST_SWAP "SLIST_HEAD *head1" "SLIST_HEAD *head2" "SLIST_ENTRY NAME" -.\" -.Fn STAILQ_CONCAT "STAILQ_HEAD *head1" "STAILQ_HEAD *head2" -.Fn STAILQ_EMPTY "STAILQ_HEAD *head" -.Fn STAILQ_ENTRY "TYPE" -.Fn STAILQ_FIRST "STAILQ_HEAD *head" -.Fn STAILQ_FOREACH "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" -.Fn STAILQ_FOREACH_SAFE "TYPE *var" "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn STAILQ_HEAD "HEADNAME" "TYPE" -.Fn STAILQ_HEAD_INITIALIZER "STAILQ_HEAD head" -.Fn STAILQ_INIT "STAILQ_HEAD *head" -.Fn STAILQ_INSERT_AFTER "STAILQ_HEAD *head" "TYPE *listelm" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_INSERT_HEAD "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_INSERT_TAIL "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_LAST "STAILQ_HEAD *head" "TYPE" "STAILQ_ENTRY NAME" -.Fn STAILQ_NEXT "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE_AFTER "STAILQ_HEAD *head" "TYPE *elm" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE_HEAD "STAILQ_HEAD *head" "STAILQ_ENTRY NAME" -.Fn STAILQ_REMOVE "STAILQ_HEAD *head" "TYPE *elm" "TYPE" "STAILQ_ENTRY NAME" -.Fn STAILQ_SWAP "STAILQ_HEAD *head1" "STAILQ_HEAD *head2" "STAILQ_ENTRY NAME" -.\" -.Fn LIST_EMPTY "LIST_HEAD *head" -.Fn LIST_ENTRY "TYPE" -.Fn LIST_FIRST "LIST_HEAD *head" -.Fn LIST_FOREACH "TYPE *var" "LIST_HEAD *head" "LIST_ENTRY NAME" -.Fn LIST_FOREACH_SAFE "TYPE *var" "LIST_HEAD *head" "LIST_ENTRY NAME" "TYPE *temp_var" -.Fn LIST_HEAD "HEADNAME" "TYPE" -.Fn LIST_HEAD_INITIALIZER "LIST_HEAD head" -.Fn LIST_INIT "LIST_HEAD *head" -.Fn LIST_INSERT_AFTER "TYPE *listelm" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_INSERT_BEFORE "TYPE *listelm" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_INSERT_HEAD "LIST_HEAD *head" "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_NEXT "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_REMOVE "TYPE *elm" "LIST_ENTRY NAME" -.Fn LIST_SWAP "LIST_HEAD *head1" "LIST_HEAD *head2" "TYPE" "LIST_ENTRY NAME" -.\" -.Fn TAILQ_CONCAT "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "TAILQ_ENTRY NAME" -.Fn TAILQ_EMPTY "TAILQ_HEAD *head" -.Fn TAILQ_ENTRY "TYPE" -.Fn TAILQ_FIRST "TAILQ_HEAD *head" -.Fn TAILQ_FOREACH "TYPE *var" "TAILQ_HEAD *head" "TAILQ_ENTRY NAME" -.Fn TAILQ_FOREACH_SAFE "TYPE *var" "TAILQ_HEAD *head" "TAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn TAILQ_FOREACH_REVERSE "TYPE *var" "TAILQ_HEAD *head" "HEADNAME" "TAILQ_ENTRY NAME" -.Fn TAILQ_FOREACH_REVERSE_SAFE "TYPE *var" "TAILQ_HEAD *head" "HEADNAME" "TAILQ_ENTRY NAME" "TYPE *temp_var" -.Fn TAILQ_HEAD "HEADNAME" "TYPE" -.Fn TAILQ_HEAD_INITIALIZER "TAILQ_HEAD head" -.Fn TAILQ_INIT "TAILQ_HEAD *head" -.Fn TAILQ_INSERT_AFTER "TAILQ_HEAD *head" "TYPE *listelm" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_BEFORE "TYPE *listelm" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_HEAD "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_INSERT_TAIL "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_LAST "TAILQ_HEAD *head" "HEADNAME" -.Fn TAILQ_NEXT "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_PREV "TYPE *elm" "HEADNAME" "TAILQ_ENTRY NAME" -.Fn TAILQ_REMOVE "TAILQ_HEAD *head" "TYPE *elm" "TAILQ_ENTRY NAME" -.Fn TAILQ_SWAP "TAILQ_HEAD *head1" "TAILQ_HEAD *head2" "TYPE" "TAILQ_ENTRY NAME" -.\" -.Sh DESCRIPTION -These macros define and operate on four types of data structures: -singly-linked lists, singly-linked tail queues, lists, and tail queues. -All four structures support the following functionality: -.Bl -enum -compact -offset indent -.It -Insertion of a new entry at the head of the list. -.It -Insertion of a new entry after any element in the list. -.It -O(1) removal of an entry from the head of the list. -.It -Forward traversal through the list. -.It -Swawpping the contents of two lists. -.El -.Pp -Singly-linked lists are the simplest of the four data structures -and support only the above functionality. -Singly-linked lists are ideal for applications with large datasets -and few or no removals, -or for implementing a LIFO queue. -Singly-linked lists add the following functionality: -.Bl -enum -compact -offset indent -.It -O(n) removal of any entry in the list. -.El -.Pp -Singly-linked tail queues add the following functionality: -.Bl -enum -compact -offset indent -.It -Entries can be added at the end of a list. -.It -O(n) removal of any entry in the list. -.It -They may be concatenated. -.El -However: -.Bl -enum -compact -offset indent -.It -All list insertions must specify the head of the list. -.It -Each head entry requires two pointers rather than one. -.It -Code size is about 15% greater and operations run about 20% slower -than singly-linked lists. -.El -.Pp -Singly-linked tailqs are ideal for applications with large datasets and -few or no removals, -or for implementing a FIFO queue. -.Pp -All doubly linked types of data structures (lists and tail queues) -additionally allow: -.Bl -enum -compact -offset indent -.It -Insertion of a new entry before any element in the list. -.It -O(1) removal of any entry in the list. -.El -However: -.Bl -enum -compact -offset indent -.It -Each element requires two pointers rather than one. -.It -Code size and execution time of operations (except for removal) is about -twice that of the singly-linked data-structures. -.El -.Pp -Linked lists are the simplest of the doubly linked data structures and support -only the above functionality over singly-linked lists. -.Pp -Tail queues add the following functionality: -.Bl -enum -compact -offset indent -.It -Entries can be added at the end of a list. -.It -They may be traversed backwards, from tail to head. -.It -They may be concatenated. -.El -However: -.Bl -enum -compact -offset indent -.It -All list insertions and removals must specify the head of the list. -.It -Each head entry requires two pointers rather than one. -.It -Code size is about 15% greater and operations run about 20% slower -than singly-linked lists. -.El -.Pp -In the macro definitions, -.Fa TYPE -is the name of a user defined structure, -that must contain a field of type -.Li SLIST_ENTRY , -.Li STAILQ_ENTRY , -.Li LIST_ENTRY , -or -.Li TAILQ_ENTRY , -named -.Fa NAME . -The argument -.Fa HEADNAME -is the name of a user defined structure that must be declared -using the macros -.Li SLIST_HEAD , -.Li STAILQ_HEAD , -.Li LIST_HEAD , -or -.Li TAILQ_HEAD . -See the examples below for further explanation of how these -macros are used. -.Sh SINGLY-LINKED LISTS -A singly-linked list is headed by a structure defined by the -.Nm SLIST_HEAD -macro. -This structure contains a single pointer to the first element -on the list. -The elements are singly linked for minimum space and pointer manipulation -overhead at the expense of O(n) removal for arbitrary elements. -New elements can be added to the list after an existing element or -at the head of the list. -An -.Fa SLIST_HEAD -structure is declared as follows: -.Bd -literal -offset indent -SLIST_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Fa HEADNAME -is the name of the structure to be defined, and -.Fa TYPE -is the type of the elements to be linked into the list. -A pointer to the head of the list can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm SLIST_HEAD_INITIALIZER -evaluates to an initializer for the list -.Fa head . -.Pp -The macro -.Nm SLIST_EMPTY -evaluates to true if there are no elements in the list. -.Pp -The macro -.Nm SLIST_ENTRY -declares a structure that connects the elements in -the list. -.Pp -The macro -.Nm SLIST_FIRST -returns the first element in the list or NULL if the list is empty. -.Pp -The macro -.Nm SLIST_FOREACH -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in -turn to -.Fa var . -.Pp -The macro -.Nm SLIST_FOREACH_SAFE -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in -turn to -.Fa var . -However, unlike -.Fn SLIST_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm SLIST_INIT -initializes the list referenced by -.Fa head . -.Pp -The macro -.Nm SLIST_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the list. -.Pp -The macro -.Nm SLIST_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm SLIST_NEXT -returns the next element in the list. -.Pp -The macro -.Nm SLIST_REMOVE_AFTER -removes the element after -.Fa elm -from the list. Unlike -.Fa SLIST_REMOVE , -this macro does not traverse the entire list. -.Pp -The macro -.Nm SLIST_REMOVE_HEAD -removes the element -.Fa elm -from the head of the list. -For optimum efficiency, -elements being removed from the head of the list should explicitly use -this macro instead of the generic -.Fa SLIST_REMOVE -macro. -.Pp -The macro -.Nm SLIST_REMOVE -removes the element -.Fa elm -from the list. -.Pp -The macro -.Nm SLIST_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh SINGLY-LINKED LIST EXAMPLE -.Bd -literal -SLIST_HEAD(slisthead, entry) head = - SLIST_HEAD_INITIALIZER(head); -struct slisthead *headp; /* Singly-linked List head. */ -struct entry { - ... - SLIST_ENTRY(entry) entries; /* Singly-linked List. */ - ... -} *n1, *n2, *n3, *np; - -SLIST_INIT(&head); /* Initialize the list. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -SLIST_INSERT_HEAD(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -SLIST_INSERT_AFTER(n1, n2, entries); - -SLIST_REMOVE(&head, n2, entry, entries);/* Deletion. */ -free(n2); - -n3 = SLIST_FIRST(&head); -SLIST_REMOVE_HEAD(&head, entries); /* Deletion from the head. */ -free(n3); - /* Forward traversal. */ -SLIST_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -SLIST_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - SLIST_REMOVE(&head, np, entry, entries); - free(np); -} - -while (!SLIST_EMPTY(&head)) { /* List Deletion. */ - n1 = SLIST_FIRST(&head); - SLIST_REMOVE_HEAD(&head, entries); - free(n1); -} -.Ed -.Sh SINGLY-LINKED TAIL QUEUES -A singly-linked tail queue is headed by a structure defined by the -.Nm STAILQ_HEAD -macro. -This structure contains a pair of pointers, -one to the first element in the tail queue and the other to -the last element in the tail queue. -The elements are singly linked for minimum space and pointer -manipulation overhead at the expense of O(n) removal for arbitrary -elements. -New elements can be added to the tail queue after an existing element, -at the head of the tail queue, or at the end of the tail queue. -A -.Fa STAILQ_HEAD -structure is declared as follows: -.Bd -literal -offset indent -STAILQ_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Li HEADNAME -is the name of the structure to be defined, and -.Li TYPE -is the type of the elements to be linked into the tail queue. -A pointer to the head of the tail queue can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm STAILQ_HEAD_INITIALIZER -evaluates to an initializer for the tail queue -.Fa head . -.Pp -The macro -.Nm STAILQ_CONCAT -concatenates the tail queue headed by -.Fa head2 -onto the end of the one headed by -.Fa head1 -removing all entries from the former. -.Pp -The macro -.Nm STAILQ_EMPTY -evaluates to true if there are no items on the tail queue. -.Pp -The macro -.Nm STAILQ_ENTRY -declares a structure that connects the elements in -the tail queue. -.Pp -The macro -.Nm STAILQ_FIRST -returns the first item on the tail queue or NULL if the tail queue -is empty. -.Pp -The macro -.Nm STAILQ_FOREACH -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element -in turn to -.Fa var . -.Pp -The macro -.Nm STAILQ_FOREACH_SAFE -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element -in turn to -.Fa var . -However, unlike -.Fn STAILQ_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm STAILQ_INIT -initializes the tail queue referenced by -.Fa head . -.Pp -The macro -.Nm STAILQ_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the tail queue. -.Pp -The macro -.Nm STAILQ_INSERT_TAIL -inserts the new element -.Fa elm -at the end of the tail queue. -.Pp -The macro -.Nm STAILQ_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm STAILQ_LAST -returns the last item on the tail queue. -If the tail queue is empty the return value is -.Dv NULL . -.Pp -The macro -.Nm STAILQ_NEXT -returns the next item on the tail queue, or NULL this item is the last. -.Pp -The macro -.Nm STAILQ_REMOVE_AFTER -removes the element after -.Fa elm -from the tail queue. Unlike -.Fa STAILQ_REMOVE , -this macro does not traverse the entire tail queue. -.Pp -The macro -.Nm STAILQ_REMOVE_HEAD -removes the element at the head of the tail queue. -For optimum efficiency, -elements being removed from the head of the tail queue should -use this macro explicitly rather than the generic -.Fa STAILQ_REMOVE -macro. -.Pp -The macro -.Nm STAILQ_REMOVE -removes the element -.Fa elm -from the tail queue. -.Pp -The macro -.Nm STAILQ_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh SINGLY-LINKED TAIL QUEUE EXAMPLE -.Bd -literal -STAILQ_HEAD(stailhead, entry) head = - STAILQ_HEAD_INITIALIZER(head); -struct stailhead *headp; /* Singly-linked tail queue head. */ -struct entry { - ... - STAILQ_ENTRY(entry) entries; /* Tail queue. */ - ... -} *n1, *n2, *n3, *np; - -STAILQ_INIT(&head); /* Initialize the queue. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -STAILQ_INSERT_HEAD(&head, n1, entries); - -n1 = malloc(sizeof(struct entry)); /* Insert at the tail. */ -STAILQ_INSERT_TAIL(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -STAILQ_INSERT_AFTER(&head, n1, n2, entries); - /* Deletion. */ -STAILQ_REMOVE(&head, n2, entry, entries); -free(n2); - /* Deletion from the head. */ -n3 = STAILQ_FIRST(&head); -STAILQ_REMOVE_HEAD(&head, entries); -free(n3); - /* Forward traversal. */ -STAILQ_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -STAILQ_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - STAILQ_REMOVE(&head, np, entry, entries); - free(np); -} - /* TailQ Deletion. */ -while (!STAILQ_EMPTY(&head)) { - n1 = STAILQ_FIRST(&head); - STAILQ_REMOVE_HEAD(&head, entries); - free(n1); -} - /* Faster TailQ Deletion. */ -n1 = STAILQ_FIRST(&head); -while (n1 != NULL) { - n2 = STAILQ_NEXT(n1, entries); - free(n1); - n1 = n2; -} -STAILQ_INIT(&head); -.Ed -.Sh LISTS -A list is headed by a structure defined by the -.Nm LIST_HEAD -macro. -This structure contains a single pointer to the first element -on the list. -The elements are doubly linked so that an arbitrary element can be -removed without traversing the list. -New elements can be added to the list after an existing element, -before an existing element, or at the head of the list. -A -.Fa LIST_HEAD -structure is declared as follows: -.Bd -literal -offset indent -LIST_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Fa HEADNAME -is the name of the structure to be defined, and -.Fa TYPE -is the type of the elements to be linked into the list. -A pointer to the head of the list can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm LIST_HEAD_INITIALIZER -evaluates to an initializer for the list -.Fa head . -.Pp -The macro -.Nm LIST_EMPTY -evaluates to true if there are no elements in the list. -.Pp -The macro -.Nm LIST_ENTRY -declares a structure that connects the elements in -the list. -.Pp -The macro -.Nm LIST_FIRST -returns the first element in the list or NULL if the list -is empty. -.Pp -The macro -.Nm LIST_FOREACH -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -.Pp -The macro -.Nm LIST_FOREACH_SAFE -traverses the list referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -However, unlike -.Fn LIST_FOREACH -here it is permitted to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm LIST_INIT -initializes the list referenced by -.Fa head . -.Pp -The macro -.Nm LIST_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the list. -.Pp -The macro -.Nm LIST_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm LIST_INSERT_BEFORE -inserts the new element -.Fa elm -before the element -.Fa listelm . -.Pp -The macro -.Nm LIST_NEXT -returns the next element in the list, or NULL if this is the last. -.Pp -The macro -.Nm LIST_REMOVE -removes the element -.Fa elm -from the list. -.Pp -The macro -.Nm LIST_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh LIST EXAMPLE -.Bd -literal -LIST_HEAD(listhead, entry) head = - LIST_HEAD_INITIALIZER(head); -struct listhead *headp; /* List head. */ -struct entry { - ... - LIST_ENTRY(entry) entries; /* List. */ - ... -} *n1, *n2, *n3, *np, *np_temp; - -LIST_INIT(&head); /* Initialize the list. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -LIST_INSERT_HEAD(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -LIST_INSERT_AFTER(n1, n2, entries); - -n3 = malloc(sizeof(struct entry)); /* Insert before. */ -LIST_INSERT_BEFORE(n2, n3, entries); - -LIST_REMOVE(n2, entries); /* Deletion. */ -free(n2); - /* Forward traversal. */ -LIST_FOREACH(np, &head, entries) - np-> ... - - /* Safe forward traversal. */ -LIST_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - LIST_REMOVE(np, entries); - free(np); -} - -while (!LIST_EMPTY(&head)) { /* List Deletion. */ - n1 = LIST_FIRST(&head); - LIST_REMOVE(n1, entries); - free(n1); -} - -n1 = LIST_FIRST(&head); /* Faster List Deletion. */ -while (n1 != NULL) { - n2 = LIST_NEXT(n1, entries); - free(n1); - n1 = n2; -} -LIST_INIT(&head); -.Ed -.Sh TAIL QUEUES -A tail queue is headed by a structure defined by the -.Nm TAILQ_HEAD -macro. -This structure contains a pair of pointers, -one to the first element in the tail queue and the other to -the last element in the tail queue. -The elements are doubly linked so that an arbitrary element can be -removed without traversing the tail queue. -New elements can be added to the tail queue after an existing element, -before an existing element, at the head of the tail queue, -or at the end of the tail queue. -A -.Fa TAILQ_HEAD -structure is declared as follows: -.Bd -literal -offset indent -TAILQ_HEAD(HEADNAME, TYPE) head; -.Ed -.Pp -where -.Li HEADNAME -is the name of the structure to be defined, and -.Li TYPE -is the type of the elements to be linked into the tail queue. -A pointer to the head of the tail queue can later be declared as: -.Bd -literal -offset indent -struct HEADNAME *headp; -.Ed -.Pp -(The names -.Li head -and -.Li headp -are user selectable.) -.Pp -The macro -.Nm TAILQ_HEAD_INITIALIZER -evaluates to an initializer for the tail queue -.Fa head . -.Pp -The macro -.Nm TAILQ_CONCAT -concatenates the tail queue headed by -.Fa head2 -onto the end of the one headed by -.Fa head1 -removing all entries from the former. -.Pp -The macro -.Nm TAILQ_EMPTY -evaluates to true if there are no items on the tail queue. -.Pp -The macro -.Nm TAILQ_ENTRY -declares a structure that connects the elements in -the tail queue. -.Pp -The macro -.Nm TAILQ_FIRST -returns the first item on the tail queue or NULL if the tail queue -is empty. -.Pp -The macro -.Nm TAILQ_FOREACH -traverses the tail queue referenced by -.Fa head -in the forward direction, assigning each element in turn to -.Fa var . -.Fa var -is set to -.Dv NULL -if the loop completes normally, or if there were no elements. -.Pp -The macro -.Nm TAILQ_FOREACH_REVERSE -traverses the tail queue referenced by -.Fa head -in the reverse direction, assigning each element in turn to -.Fa var . -.Pp -The macros -.Nm TAILQ_FOREACH_SAFE -and -.Nm TAILQ_FOREACH_REVERSE_SAFE -traverse the list referenced by -.Fa head -in the forward or reverse direction respectively, -assigning each element in turn to -.Fa var . -However, unlike their unsafe counterparts, -.Nm TAILQ_FOREACH -and -.Nm TAILQ_FOREACH_REVERSE -permit to both remove -.Fa var -as well as free it from within the loop safely without interfering with the -traversal. -.Pp -The macro -.Nm TAILQ_INIT -initializes the tail queue referenced by -.Fa head . -.Pp -The macro -.Nm TAILQ_INSERT_HEAD -inserts the new element -.Fa elm -at the head of the tail queue. -.Pp -The macro -.Nm TAILQ_INSERT_TAIL -inserts the new element -.Fa elm -at the end of the tail queue. -.Pp -The macro -.Nm TAILQ_INSERT_AFTER -inserts the new element -.Fa elm -after the element -.Fa listelm . -.Pp -The macro -.Nm TAILQ_INSERT_BEFORE -inserts the new element -.Fa elm -before the element -.Fa listelm . -.Pp -The macro -.Nm TAILQ_LAST -returns the last item on the tail queue. -If the tail queue is empty the return value is -.Dv NULL . -.Pp -The macro -.Nm TAILQ_NEXT -returns the next item on the tail queue, or NULL if this item is the last. -.Pp -The macro -.Nm TAILQ_PREV -returns the previous item on the tail queue, or NULL if this item -is the first. -.Pp -The macro -.Nm TAILQ_REMOVE -removes the element -.Fa elm -from the tail queue. -.Pp -The macro -.Nm TAILQ_SWAP -swaps the contents of -.Fa head1 -and -.Fa head2 . -.Sh TAIL QUEUE EXAMPLE -.Bd -literal -TAILQ_HEAD(tailhead, entry) head = - TAILQ_HEAD_INITIALIZER(head); -struct tailhead *headp; /* Tail queue head. */ -struct entry { - ... - TAILQ_ENTRY(entry) entries; /* Tail queue. */ - ... -} *n1, *n2, *n3, *np; - -TAILQ_INIT(&head); /* Initialize the queue. */ - -n1 = malloc(sizeof(struct entry)); /* Insert at the head. */ -TAILQ_INSERT_HEAD(&head, n1, entries); - -n1 = malloc(sizeof(struct entry)); /* Insert at the tail. */ -TAILQ_INSERT_TAIL(&head, n1, entries); - -n2 = malloc(sizeof(struct entry)); /* Insert after. */ -TAILQ_INSERT_AFTER(&head, n1, n2, entries); - -n3 = malloc(sizeof(struct entry)); /* Insert before. */ -TAILQ_INSERT_BEFORE(n2, n3, entries); - -TAILQ_REMOVE(&head, n2, entries); /* Deletion. */ -free(n2); - /* Forward traversal. */ -TAILQ_FOREACH(np, &head, entries) - np-> ... - /* Safe forward traversal. */ -TAILQ_FOREACH_SAFE(np, &head, entries, np_temp) { - np->do_stuff(); - ... - TAILQ_REMOVE(&head, np, entries); - free(np); -} - /* Reverse traversal. */ -TAILQ_FOREACH_REVERSE(np, &head, tailhead, entries) - np-> ... - /* TailQ Deletion. */ -while (!TAILQ_EMPTY(&head)) { - n1 = TAILQ_FIRST(&head); - TAILQ_REMOVE(&head, n1, entries); - free(n1); -} - /* Faster TailQ Deletion. */ -n1 = TAILQ_FIRST(&head); -while (n1 != NULL) { - n2 = TAILQ_NEXT(n1, entries); - free(n1); - n1 = n2; -} -TAILQ_INIT(&head); -.Ed -.Sh SEE ALSO -.Xr tree 3 -.Sh HISTORY -The -.Nm queue -functions first appeared in -.Bx 4.4 . diff --git a/tools/include/xen-external/bsd-sys-queue-h-seddery b/tools/include/xen-external/bsd-sys-queue-h-seddery deleted file mode 100755 index 3f8716d9ff..0000000000 --- a/tools/include/xen-external/bsd-sys-queue-h-seddery +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -p -# -# This script is part of the Xen build system. It has a very -# permissive licence to avoid complicating the licence of the -# generated header file and to allow this seddery to be reused by -# other projects. -# -# Permission is hereby granted, free of charge, to any person -# obtaining a copy of this individual file (the "Software"), to deal -# in the Software without restriction, including without limitation -# the rights to use, copy, modify, merge, publish, distribute, -# sublicense, and/or sell copies of the Software, and to permit -# persons to whom the Software is furnished to do so, subject to the -# following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# -# Copyright (C) 2011 Citrix Ltd - -our $namespace, $ucnamespace; - -BEGIN { - die unless @ARGV; - $namespace = pop @ARGV; - $namespace =~ s/^--prefix=// or die; - $ucnamespace = uc $namespace; - - print < - -/* - * This file defines four types of data structures: singly-linked lists, - * singly-linked tail queues, lists and tail queues. - * - * A singly-linked list is headed by a single forward pointer. The elements - * are singly linked for minimum space and pointer manipulation overhead at - * the expense of O(n) removal for arbitrary elements. New elements can be - * added to the list after an existing element or at the head of the list. - * Elements being removed from the head of the list should use the explicit - * macro for this purpose for optimum efficiency. A singly-linked list may - * only be traversed in the forward direction. Singly-linked lists are ideal - * for applications with large datasets and few or no removals or for - * implementing a LIFO queue. - * - * A singly-linked tail queue is headed by a pair of pointers, one to the - * head of the list and the other to the tail of the list. The elements are - * singly linked for minimum space and pointer manipulation overhead at the - * expense of O(n) removal for arbitrary elements. New elements can be added - * to the list after an existing element, at the head of the list, or at the - * end of the list. Elements being removed from the head of the tail queue - * should use the explicit macro for this purpose for optimum efficiency. - * A singly-linked tail queue may only be traversed in the forward direction. - * Singly-linked tail queues are ideal for applications with large datasets - * and few or no removals or for implementing a FIFO queue. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before - * or after an existing element or at the head of the list. A list - * may only be traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or - * after an existing element, at the head of the list, or at the end of - * the list. A tail queue may be traversed in either direction. - * - * For details on the use of these macros, see the queue(3) manual page. - * - * - * SLIST LIST STAILQ TAILQ - * _HEAD + + + + - * _HEAD_INITIALIZER + + + + - * _ENTRY + + + + - * _INIT + + + + - * _EMPTY + + + + - * _FIRST + + + + - * _NEXT + + + + - * _PREV - - - + - * _LAST - - + + - * _FOREACH + + + + - * _FOREACH_SAFE + + + + - * _FOREACH_REVERSE - - - + - * _FOREACH_REVERSE_SAFE - - - + - * _INSERT_HEAD + + + + - * _INSERT_BEFORE - + - + - * _INSERT_AFTER + + + + - * _INSERT_TAIL - - + + - * _CONCAT - - + + - * _REMOVE_AFTER + - + - - * _REMOVE_HEAD + - + - - * _REMOVE + + + + - * _SWAP + + + + - * - */ -#ifdef QUEUE_MACRO_DEBUG -/* Store the last 2 places the queue element or head was altered */ -struct qm_trace { - char * lastfile; - int lastline; - char * prevfile; - int prevline; -}; - -#define TRACEBUF struct qm_trace trace; -#define TRASHIT(x) do {(x) = (void *)-1;} while (0) -#define QMD_SAVELINK(name, link) void **name = (void *)&(link) - -#define QMD_TRACE_HEAD(head) do { \ - (head)->trace.prevline = (head)->trace.lastline; \ - (head)->trace.prevfile = (head)->trace.lastfile; \ - (head)->trace.lastline = __LINE__; \ - (head)->trace.lastfile = __FILE__; \ -} while (0) - -#define QMD_TRACE_ELEM(elem) do { \ - (elem)->trace.prevline = (elem)->trace.lastline; \ - (elem)->trace.prevfile = (elem)->trace.lastfile; \ - (elem)->trace.lastline = __LINE__; \ - (elem)->trace.lastfile = __FILE__; \ -} while (0) - -#else -#define QMD_TRACE_ELEM(elem) -#define QMD_TRACE_HEAD(head) -#define QMD_SAVELINK(name, link) -#define TRACEBUF -#define TRASHIT(x) -#endif /* QUEUE_MACRO_DEBUG */ - -/* - * Singly-linked List declarations. - */ -#define SLIST_HEAD(name, type) \ -struct name { \ - struct type *slh_first; /* first element */ \ -} - -#define SLIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define SLIST_ENTRY(type) \ -struct { \ - struct type *sle_next; /* next element */ \ -} - -/* - * Singly-linked List functions. - */ -#define SLIST_EMPTY(head) ((head)->slh_first == NULL) - -#define SLIST_FIRST(head) ((head)->slh_first) - -#define SLIST_FOREACH(var, head, field) \ - for ((var) = SLIST_FIRST((head)); \ - (var); \ - (var) = SLIST_NEXT((var), field)) - -#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = SLIST_FIRST((head)); \ - (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \ - for ((varp) = &SLIST_FIRST((head)); \ - ((var) = *(varp)) != NULL; \ - (varp) = &SLIST_NEXT((var), field)) - -#define SLIST_INIT(head) do { \ - SLIST_FIRST((head)) = NULL; \ -} while (0) - -#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ - SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ - SLIST_NEXT((slistelm), field) = (elm); \ -} while (0) - -#define SLIST_INSERT_HEAD(head, elm, field) do { \ - SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ - SLIST_FIRST((head)) = (elm); \ -} while (0) - -#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) - -#define SLIST_REMOVE(head, elm, type, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.sle_next); \ - if (SLIST_FIRST((head)) == (elm)) { \ - SLIST_REMOVE_HEAD((head), field); \ - } \ - else { \ - struct type *curelm = SLIST_FIRST((head)); \ - while (SLIST_NEXT(curelm, field) != (elm)) \ - curelm = SLIST_NEXT(curelm, field); \ - SLIST_REMOVE_AFTER(curelm, field); \ - } \ - TRASHIT(*oldnext); \ -} while (0) - -#define SLIST_REMOVE_AFTER(elm, field) do { \ - SLIST_NEXT(elm, field) = \ - SLIST_NEXT(SLIST_NEXT(elm, field), field); \ -} while (0) - -#define SLIST_REMOVE_HEAD(head, field) do { \ - SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ -} while (0) - -#define SLIST_SWAP(head1, head2, type) do { \ - struct type *swap_first = SLIST_FIRST(head1); \ - SLIST_FIRST(head1) = SLIST_FIRST(head2); \ - SLIST_FIRST(head2) = swap_first; \ -} while (0) - -/* - * Singly-linked Tail queue declarations. - */ -#define STAILQ_HEAD(name, type) \ -struct name { \ - struct type *stqh_first;/* first element */ \ - struct type **stqh_last;/* addr of last next element */ \ -} - -#define STAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).stqh_first } - -#define STAILQ_ENTRY(type) \ -struct { \ - struct type *stqe_next; /* next element */ \ -} - -/* - * Singly-linked Tail queue functions. - */ -#define STAILQ_CONCAT(head1, head2) do { \ - if (!STAILQ_EMPTY((head2))) { \ - *(head1)->stqh_last = (head2)->stqh_first; \ - (head1)->stqh_last = (head2)->stqh_last; \ - STAILQ_INIT((head2)); \ - } \ -} while (0) - -#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) - -#define STAILQ_FIRST(head) ((head)->stqh_first) - -#define STAILQ_FOREACH(var, head, field) \ - for((var) = STAILQ_FIRST((head)); \ - (var); \ - (var) = STAILQ_NEXT((var), field)) - - -#define STAILQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = STAILQ_FIRST((head)); \ - (var) && ((tvar) = STAILQ_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define STAILQ_INIT(head) do { \ - STAILQ_FIRST((head)) = NULL; \ - (head)->stqh_last = &STAILQ_FIRST((head)); \ -} while (0) - -#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ - if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ - STAILQ_NEXT((tqelm), field) = (elm); \ -} while (0) - -#define STAILQ_INSERT_HEAD(head, elm, field) do { \ - if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ - STAILQ_FIRST((head)) = (elm); \ -} while (0) - -#define STAILQ_INSERT_TAIL(head, elm, field) do { \ - STAILQ_NEXT((elm), field) = NULL; \ - *(head)->stqh_last = (elm); \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -} while (0) - -#define STAILQ_LAST(head, type, field) \ - (STAILQ_EMPTY((head)) ? \ - NULL : \ - ((struct type *)(void *) \ - ((char *)((head)->stqh_last) - __offsetof(struct type, field)))) - -#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) - -#define STAILQ_REMOVE(head, elm, type, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.stqe_next); \ - if (STAILQ_FIRST((head)) == (elm)) { \ - STAILQ_REMOVE_HEAD((head), field); \ - } \ - else { \ - struct type *curelm = STAILQ_FIRST((head)); \ - while (STAILQ_NEXT(curelm, field) != (elm)) \ - curelm = STAILQ_NEXT(curelm, field); \ - STAILQ_REMOVE_AFTER(head, curelm, field); \ - } \ - TRASHIT(*oldnext); \ -} while (0) - -#define STAILQ_REMOVE_AFTER(head, elm, field) do { \ - if ((STAILQ_NEXT(elm, field) = \ - STAILQ_NEXT(STAILQ_NEXT(elm, field), field)) == NULL) \ - (head)->stqh_last = &STAILQ_NEXT((elm), field); \ -} while (0) - -#define STAILQ_REMOVE_HEAD(head, field) do { \ - if ((STAILQ_FIRST((head)) = \ - STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ - (head)->stqh_last = &STAILQ_FIRST((head)); \ -} while (0) - -#define STAILQ_SWAP(head1, head2, type) do { \ - struct type *swap_first = STAILQ_FIRST(head1); \ - struct type **swap_last = (head1)->stqh_last; \ - STAILQ_FIRST(head1) = STAILQ_FIRST(head2); \ - (head1)->stqh_last = (head2)->stqh_last; \ - STAILQ_FIRST(head2) = swap_first; \ - (head2)->stqh_last = swap_last; \ - if (STAILQ_EMPTY(head1)) \ - (head1)->stqh_last = &STAILQ_FIRST(head1); \ - if (STAILQ_EMPTY(head2)) \ - (head2)->stqh_last = &STAILQ_FIRST(head2); \ -} while (0) - - -/* - * List declarations. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List functions. - */ - -#if (defined(_KERNEL) && defined(INVARIANTS)) -#define QMD_LIST_CHECK_HEAD(head, field) do { \ - if (LIST_FIRST((head)) != NULL && \ - LIST_FIRST((head))->field.le_prev != \ - &LIST_FIRST((head))) \ - panic("Bad list head %p first->prev != head", (head)); \ -} while (0) - -#define QMD_LIST_CHECK_NEXT(elm, field) do { \ - if (LIST_NEXT((elm), field) != NULL && \ - LIST_NEXT((elm), field)->field.le_prev != \ - &((elm)->field.le_next)) \ - panic("Bad link elm %p next->prev != elm", (elm)); \ -} while (0) - -#define QMD_LIST_CHECK_PREV(elm, field) do { \ - if (*(elm)->field.le_prev != (elm)) \ - panic("Bad link elm %p prev->next != elm", (elm)); \ -} while (0) -#else -#define QMD_LIST_CHECK_HEAD(head, field) -#define QMD_LIST_CHECK_NEXT(elm, field) -#define QMD_LIST_CHECK_PREV(elm, field) -#endif /* (_KERNEL && INVARIANTS) */ - -#define LIST_EMPTY(head) ((head)->lh_first == NULL) - -#define LIST_FIRST(head) ((head)->lh_first) - -#define LIST_FOREACH(var, head, field) \ - for ((var) = LIST_FIRST((head)); \ - (var); \ - (var) = LIST_NEXT((var), field)) - -#define LIST_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = LIST_FIRST((head)); \ - (var) && ((tvar) = LIST_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define LIST_INIT(head) do { \ - LIST_FIRST((head)) = NULL; \ -} while (0) - -#define LIST_INSERT_AFTER(listelm, elm, field) do { \ - QMD_LIST_CHECK_NEXT(listelm, field); \ - if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ - LIST_NEXT((listelm), field)->field.le_prev = \ - &LIST_NEXT((elm), field); \ - LIST_NEXT((listelm), field) = (elm); \ - (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ -} while (0) - -#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ - QMD_LIST_CHECK_PREV(listelm, field); \ - (elm)->field.le_prev = (listelm)->field.le_prev; \ - LIST_NEXT((elm), field) = (listelm); \ - *(listelm)->field.le_prev = (elm); \ - (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ -} while (0) - -#define LIST_INSERT_HEAD(head, elm, field) do { \ - QMD_LIST_CHECK_HEAD((head), field); \ - if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ - LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ - LIST_FIRST((head)) = (elm); \ - (elm)->field.le_prev = &LIST_FIRST((head)); \ -} while (0) - -#define LIST_NEXT(elm, field) ((elm)->field.le_next) - -#define LIST_REMOVE(elm, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.le_next); \ - QMD_SAVELINK(oldprev, (elm)->field.le_prev); \ - QMD_LIST_CHECK_NEXT(elm, field); \ - QMD_LIST_CHECK_PREV(elm, field); \ - if (LIST_NEXT((elm), field) != NULL) \ - LIST_NEXT((elm), field)->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = LIST_NEXT((elm), field); \ - TRASHIT(*oldnext); \ - TRASHIT(*oldprev); \ -} while (0) - -#define LIST_SWAP(head1, head2, type, field) do { \ - struct type *swap_tmp = LIST_FIRST((head1)); \ - LIST_FIRST((head1)) = LIST_FIRST((head2)); \ - LIST_FIRST((head2)) = swap_tmp; \ - if ((swap_tmp = LIST_FIRST((head1))) != NULL) \ - swap_tmp->field.le_prev = &LIST_FIRST((head1)); \ - if ((swap_tmp = LIST_FIRST((head2))) != NULL) \ - swap_tmp->field.le_prev = &LIST_FIRST((head2)); \ -} while (0) - -/* - * Tail queue declarations. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ - TRACEBUF \ -} - -#define TAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).tqh_first } - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ - TRACEBUF \ -} - -/* - * Tail queue functions. - */ -#if (defined(_KERNEL) && defined(INVARIANTS)) -#define QMD_TAILQ_CHECK_HEAD(head, field) do { \ - if (!TAILQ_EMPTY(head) && \ - TAILQ_FIRST((head))->field.tqe_prev != \ - &TAILQ_FIRST((head))) \ - panic("Bad tailq head %p first->prev != head", (head)); \ -} while (0) - -#define QMD_TAILQ_CHECK_TAIL(head, field) do { \ - if (*(head)->tqh_last != NULL) \ - panic("Bad tailq NEXT(%p->tqh_last) != NULL", (head)); \ -} while (0) - -#define QMD_TAILQ_CHECK_NEXT(elm, field) do { \ - if (TAILQ_NEXT((elm), field) != NULL && \ - TAILQ_NEXT((elm), field)->field.tqe_prev != \ - &((elm)->field.tqe_next)) \ - panic("Bad link elm %p next->prev != elm", (elm)); \ -} while (0) - -#define QMD_TAILQ_CHECK_PREV(elm, field) do { \ - if (*(elm)->field.tqe_prev != (elm)) \ - panic("Bad link elm %p prev->next != elm", (elm)); \ -} while (0) -#else -#define QMD_TAILQ_CHECK_HEAD(head, field) -#define QMD_TAILQ_CHECK_TAIL(head, headname) -#define QMD_TAILQ_CHECK_NEXT(elm, field) -#define QMD_TAILQ_CHECK_PREV(elm, field) -#endif /* (_KERNEL && INVARIANTS) */ - -#define TAILQ_CONCAT(head1, head2, field) do { \ - if (!TAILQ_EMPTY(head2)) { \ - *(head1)->tqh_last = (head2)->tqh_first; \ - (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ - (head1)->tqh_last = (head2)->tqh_last; \ - TAILQ_INIT((head2)); \ - QMD_TRACE_HEAD(head1); \ - QMD_TRACE_HEAD(head2); \ - } \ -} while (0) - -#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) - -#define TAILQ_FIRST(head) ((head)->tqh_first) - -#define TAILQ_FOREACH(var, head, field) \ - for ((var) = TAILQ_FIRST((head)); \ - (var); \ - (var) = TAILQ_NEXT((var), field)) - -#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ - for ((var) = TAILQ_FIRST((head)); \ - (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ - (var) = (tvar)) - -#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ - for ((var) = TAILQ_LAST((head), headname); \ - (var); \ - (var) = TAILQ_PREV((var), headname, field)) - -#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ - for ((var) = TAILQ_LAST((head), headname); \ - (var) && ((tvar) = TAILQ_PREV((var), headname, field), 1); \ - (var) = (tvar)) - -#define TAILQ_INIT(head) do { \ - TAILQ_FIRST((head)) = NULL; \ - (head)->tqh_last = &TAILQ_FIRST((head)); \ - QMD_TRACE_HEAD(head); \ -} while (0) - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ - QMD_TAILQ_CHECK_NEXT(listelm, field); \ - if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ - TAILQ_NEXT((elm), field)->field.tqe_prev = \ - &TAILQ_NEXT((elm), field); \ - else { \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_HEAD(head); \ - } \ - TAILQ_NEXT((listelm), field) = (elm); \ - (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ - QMD_TRACE_ELEM(&(elm)->field); \ - QMD_TRACE_ELEM(&listelm->field); \ -} while (0) - -#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ - QMD_TAILQ_CHECK_PREV(listelm, field); \ - (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ - TAILQ_NEXT((elm), field) = (listelm); \ - *(listelm)->field.tqe_prev = (elm); \ - (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_ELEM(&(elm)->field); \ - QMD_TRACE_ELEM(&listelm->field); \ -} while (0) - -#define TAILQ_INSERT_HEAD(head, elm, field) do { \ - QMD_TAILQ_CHECK_HEAD(head, field); \ - if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ - TAILQ_FIRST((head))->field.tqe_prev = \ - &TAILQ_NEXT((elm), field); \ - else \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - TAILQ_FIRST((head)) = (elm); \ - (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ - QMD_TRACE_HEAD(head); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_INSERT_TAIL(head, elm, field) do { \ - QMD_TAILQ_CHECK_TAIL(head, field); \ - TAILQ_NEXT((elm), field) = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &TAILQ_NEXT((elm), field); \ - QMD_TRACE_HEAD(head); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_LAST(head, headname) \ - (*(((struct headname *)((head)->tqh_last))->tqh_last)) - -#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) - -#define TAILQ_PREV(elm, headname, field) \ - (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) - -#define TAILQ_REMOVE(head, elm, field) do { \ - QMD_SAVELINK(oldnext, (elm)->field.tqe_next); \ - QMD_SAVELINK(oldprev, (elm)->field.tqe_prev); \ - QMD_TAILQ_CHECK_NEXT(elm, field); \ - QMD_TAILQ_CHECK_PREV(elm, field); \ - if ((TAILQ_NEXT((elm), field)) != NULL) \ - TAILQ_NEXT((elm), field)->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else { \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - QMD_TRACE_HEAD(head); \ - } \ - *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ - TRASHIT(*oldnext); \ - TRASHIT(*oldprev); \ - QMD_TRACE_ELEM(&(elm)->field); \ -} while (0) - -#define TAILQ_SWAP(head1, head2, type, field) do { \ - struct type *swap_first = (head1)->tqh_first; \ - struct type **swap_last = (head1)->tqh_last; \ - (head1)->tqh_first = (head2)->tqh_first; \ - (head1)->tqh_last = (head2)->tqh_last; \ - (head2)->tqh_first = swap_first; \ - (head2)->tqh_last = swap_last; \ - if ((swap_first = (head1)->tqh_first) != NULL) \ - swap_first->field.tqe_prev = &(head1)->tqh_first; \ - else \ - (head1)->tqh_last = &(head1)->tqh_first; \ - if ((swap_first = (head2)->tqh_first) != NULL) \ - swap_first->field.tqe_prev = &(head2)->tqh_first; \ - else \ - (head2)->tqh_last = &(head2)->tqh_first; \ -} while (0) - -#endif /* !_SYS_QUEUE_H_ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:44:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:44:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268954.462888 (Exim 4.92) (envelope-from ) id 1nHkSy-00066X-Qn; Wed, 09 Feb 2022 10:44:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268954.462888; Wed, 09 Feb 2022 10:44:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSy-00066P-Nh; Wed, 09 Feb 2022 10:44:52 +0000 Received: by outflank-mailman (input) for mailman id 268954; Wed, 09 Feb 2022 10:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSy-00066D-1L for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkSy-0001zF-0Z for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkSx-0002b5-W6 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:44:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tePdmOLkTFbPc3MR6eIHmWZfPl21RMgBxVOTPSJEysI=; b=YLox7KnwD8vZVkXsnSdd8syM7o b5G88DtLY7hR5NZVwvRshk/tZ8Qt303dp6WOKsRfS/AZF9TtI+OxQvlp/7cVDL8rUhPw6CGUzMv8d 9PIGqYhNraHJMofZoPtZAK5l7j9d8RF2ZlABi49F5dvZK0zgsfeOQ0qHRA6E/L0TFjMI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libs: Fix build dependencies Message-Id: Date: Wed, 09 Feb 2022 10:44:51 +0000 commit e62cc29f9b6c42b67182a1362e2ea18bad75b5ff Author: Anthony PERARD AuthorDate: Tue Feb 8 10:39:59 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 11:15:53 2022 +0000 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index 5d866b8d04..ef7362327f 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -54,8 +54,6 @@ NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 8f5f3acd21..7f74ac0e7d 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -106,8 +106,6 @@ include $(XEN_ROOT)/tools/libs/libs.mk libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(filter -l%,$(zlib-options)) libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(COMPRESSION_LIBS) -lz --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index 847eb4851f..b3d784c57f 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -132,3 +132,7 @@ clean: .PHONY: distclean distclean: clean + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 5642955672..453bea0067 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -264,5 +264,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index 01417b5334..5840213376 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -121,5 +121,3 @@ clean: cleanlocal cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) rm -f libxenstat.map - --include $(DEPS_INCLUDE) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index c208dbb48a..8e33db6a66 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -29,8 +29,6 @@ ifeq ($(CONFIG_Linux),y) xs.opic: CFLAGS += -DUSE_DLSYM endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index 87425d862a..72fecb4c49 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -49,8 +49,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) @rm -f $*.[ch] $(FLEX) --header-file=$*.h --outfile=$*.c $< --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:45:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268955.462893 (Exim 4.92) (envelope-from ) id 1nHkT9-0006AG-Sk; Wed, 09 Feb 2022 10:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268955.462893; Wed, 09 Feb 2022 10:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkT9-0006A8-PH; Wed, 09 Feb 2022 10:45:03 +0000 Received: by outflank-mailman (input) for mailman id 268955; Wed, 09 Feb 2022 10:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkT8-00069v-4O for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkT8-00020A-3g for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkT8-0002cK-2r for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u+DpS1dAdk15AlIlaXbjWqvv3wgOXne5rhEwN46mh3w=; b=lTlMYB/nWcRofYDmFIF4yMcS/0 e+9tW/qBvPfxyKm4Zqg+eXMD6bkRyiHf4tOY4Pq4wSWopvF+GbIh4bOu+bTbVrnvOg1j9hHKwvp80 14bEg3S0XNOAE2jjy0qlt9kQim3aAHmlJlwa+sYJWVnzY5mE3BzWFAcCKET36DXU4EEY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/configure.ac: Replace macro AC_HELP_STRING Message-Id: Date: Wed, 09 Feb 2022 10:45:02 +0000 commit 345746045b49258547d67f456c368f23353575d4 Author: Michal Orzel AuthorDate: Tue Feb 1 18:03:21 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 13:38:33 2022 +0000 tools/configure.ac: Replace macro AC_HELP_STRING ... with AS_HELP_STRING as the former is obsolete according to GNU autoconf 2.67 documentation. Signed-off-by: Michal Orzel Acked-by: Anthony PERARD --- tools/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/configure.ac b/tools/configure.ac index 5a4fb9022d..f29c319b42 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -215,7 +215,7 @@ AC_SUBST(qemu_xen_path) AC_SUBST(qemu_xen_systemd) AC_ARG_WITH([stubdom-qmp-proxy], - AC_HELP_STRING([--stubdom-qmp-proxy@<:@=PATH@:>@], + AS_HELP_STRING([--stubdom-qmp-proxy@<:@=PATH@:>@], [Use supplied binary PATH as a QMP proxy into stubdomain]),[ stubdom_qmp_proxy="$withval" ],[ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268969.462908 (Exim 4.92) (envelope-from ) id 1nHkco-0007iZ-UU; Wed, 09 Feb 2022 10:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268969.462908; Wed, 09 Feb 2022 10:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkco-0007iR-RC; Wed, 09 Feb 2022 10:55:02 +0000 Received: by outflank-mailman (input) for mailman id 268969; Wed, 09 Feb 2022 10:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkcn-0007hz-OE for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkcn-0002CJ-KR for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkcn-00040I-JZ for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M0yYrSpkm1JnUzP2B+t0QcqFh2cC+c3kRUf1M9lvDWA=; b=vTO6BQdKZDu/M1/N/A4lpdmbYz NAs0mhw0YvIF396NW6ZtF3eJbdcqQHavEcMQMuXqlJfUwQ4pmXDJD+iloc92FfWICp8TNF6ZBImC9 GGdnthgn/qhCAuFDxMEcQ3jYIShHU2BrCJYU8AhgUV/CoSuVfMonejNbgXhFO1IN5tIQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Wed, 09 Feb 2022 10:55:01 +0000 commit 548f91b260f5cdfc3176e5f9a29af292756f0786 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:41:24 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 4a163afbfc..c6773c85fd 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -379,7 +379,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -394,7 +394,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -404,53 +404,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 517d632b50..39c8b0c774 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -427,6 +427,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268970.462911 (Exim 4.92) (envelope-from ) id 1nHkcy-0007kd-Vh; Wed, 09 Feb 2022 10:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268970.462911; Wed, 09 Feb 2022 10:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkcy-0007kW-Sl; Wed, 09 Feb 2022 10:55:12 +0000 Received: by outflank-mailman (input) for mailman id 268970; Wed, 09 Feb 2022 10:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkcx-0007kM-Om for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkcx-0002CY-O1 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkcx-000411-N0 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=o7OAtjplgha+BCuvIlP00pbbF/pR8umdWq0SRZcLvgU=; b=B92UtBS9u69lTIakr56QjM0J8y ++4mIzKKKOSJwjhIDYbYYV5AaUgHXzNTDovhIGs0huFoNDEncorT1KSOaiJiGMxSqcttHu0FxyBE9 Bd9fipthnHuWvyiRfz3982bHf4U8Sxp9wglFHwMkO9oCcxABP817onzKxF0KMFkxGL3w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Wed, 09 Feb 2022 10:55:11 +0000 commit 50183d9f7cce12cac0e089ccf765417aa5832efc Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 4 16:41:24 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 34f31326c0..fae84b4c69 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -193,6 +193,10 @@ static const char *const str_e21a[32] = [ 6] = "nscb", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c6773c85fd..d4f5028fa2 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -445,7 +445,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 228a5dc29e..a4b900d753 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -297,6 +297,8 @@ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268971.462915 (Exim 4.92) (envelope-from ) id 1nHkd9-0007ng-1P; Wed, 09 Feb 2022 10:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268971.462915; Wed, 09 Feb 2022 10:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkd8-0007nZ-UM; Wed, 09 Feb 2022 10:55:22 +0000 Received: by outflank-mailman (input) for mailman id 268971; Wed, 09 Feb 2022 10:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkd7-0007nP-SJ for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkd7-0002Ci-RT for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkd7-00041n-Qg for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7DAIpby+l3ZYLxRad0N0rP0YL1eP2Nh5mlZvl+inwNA=; b=UX/T39CHi/LP9ONpJj1Vzyl+JY ++J0mEtaiy6LWMN07ZHf5sMRvk0t+kbyQzkLKKlnr5XaULeLjnifdN063RpwXF4KAaE0kZgCOxenq m48lTmeOItT5GyBOJcJWXdgPTFf4sewliDGI3+e2HF+Kqx1WcbaKY7g/YXYuM8JqfnFo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Wed, 09 Feb 2022 10:55:21 +0000 commit 41e477b4f367269dc1b768a335cfa16f48f7f02f Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 9b011c3446..e7d4dd652f 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 54237c6c6d..2596e4374b 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -384,8 +384,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ee862089b7..3628b4b415 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1251,32 +1250,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1314,9 +1305,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index ba0fe7c0aa..0ff6d899f9 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -133,6 +133,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index bc4dc69253..3d8aacd3aa 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -630,6 +630,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a803d16f90..f760295236 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268972.462919 (Exim 4.92) (envelope-from ) id 1nHkdJ-0007rI-3s; Wed, 09 Feb 2022 10:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268972.462919; Wed, 09 Feb 2022 10:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdJ-0007rA-0y; Wed, 09 Feb 2022 10:55:33 +0000 Received: by outflank-mailman (input) for mailman id 268972; Wed, 09 Feb 2022 10:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdH-0007qw-VA for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdH-0002Cu-US for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkdH-00042O-Tb for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zq5np6C+flMM/bUso9tQ4I/MatAm+C2PpEJ7zZR/SoA=; b=F0NlK5EFslRKh5GpVdW5z8B9GQ HUkw1UEe6twjNimw+w9DvONgIqHIRzPRzzC3LY8heiqcx50YMhPrBAYBDkKIfQORqCJ9YIkqFuIA8 CEHon12kOp4HeFdo6gwBOi4gI8A9EkF5wJtFeWcYsvdFSX5iHJdi6ZJqfBpJl9OQDewE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Wed, 09 Feb 2022 10:55:31 +0000 commit 0ce302cfd6a9fa97328208f9fd02daf02cf5c3ad Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268973.462923 (Exim 4.92) (envelope-from ) id 1nHkdU-0007tl-5R; Wed, 09 Feb 2022 10:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268973.462923; Wed, 09 Feb 2022 10:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdU-0007td-2T; Wed, 09 Feb 2022 10:55:44 +0000 Received: by outflank-mailman (input) for mailman id 268973; Wed, 09 Feb 2022 10:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdS-0007tL-24 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdS-0002D4-1N for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkdS-000436-0W for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A12J36i9VYSnncE0Bn2DTRNosPE7v4roHqtiZ69Zl8I=; b=hGeL+oDz99dqXZoOum/9IJf2fT wZvVb6HyseFa1lllYFieBOQxInqVKxmBYARVfuFbyPPdv5UelEXjHe6aKonmuRQA23O+gGEivBubV vpGgy+YkJJ5Nha5Ys7iuiZOjiHAsKeexkuqTrDTJERmBJsdc61Xot2MCi0FeQPn4OKzE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Wed, 09 Feb 2022 10:55:42 +0000 commit 0c46d108b74bd38e0887cdd02cb82dd1084586cb Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index f7797ea233..995197f4b2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2371,7 +2371,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2379,19 +2381,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3628b4b415..2b93468d39 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1233,11 +1233,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index ab68ef2681..9df1959fe5 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -78,6 +78,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:55:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:55:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268974.462927 (Exim 4.92) (envelope-from ) id 1nHkde-0007wr-6y; Wed, 09 Feb 2022 10:55:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268974.462927; Wed, 09 Feb 2022 10:55:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkde-0007wj-3y; Wed, 09 Feb 2022 10:55:54 +0000 Received: by outflank-mailman (input) for mailman id 268974; Wed, 09 Feb 2022 10:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdc-0007wX-5M for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdc-0002DE-4Y for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkdc-00043i-3e for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LAbPFszrdv1DsfWv6SrniZN9IgS+jw+Zgkt3M4HQZvY=; b=T2XrrS3eGVs8jsc3ppzprYZFTD GTGqIc2h3gKnNC5fsCUbuko5GFZOzfW6HlWTfu3MUsOvSzoz7zAXeRtuNKVIbgp3NLWb9x42TW3kF 0jWNFkJyIen0gxjfRuHCzc0nU88J+PAvadhM685rjeaLnHLzGRRBEpmba+Eed7opPOVU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL Message-Id: Date: Wed, 09 Feb 2022 10:55:52 +0000 commit 60f5eb827bec993c824f426ab7d574362c0b4863 Author: Andrew Cooper AuthorDate: Thu Jun 10 12:34:45 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL This MSR needs to be identical across the system for TSX to have identical behaviour everywhere. Furthermore, its CPUID bit (SRBDS_CTRL) shouldn't be visible to guests. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 4b45c4faa8c0637eb41cb4b143ccd4e9548c4908) --- tools/tests/tsx/test-tsx.c | 9 ++++++++- xen/arch/x86/platform_hypercall.c | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index a3d987b6d2..f11e8c54e0 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -42,6 +42,7 @@ enum { #define ARCH_CAPS_TSX_CTRL (1 << 7) #define MSR_TSX_FORCE_ABORT 0x0000010f #define MSR_TSX_CTRL 0x00000122 +#define MSR_MCU_OPT_CTRL 0x00000123 static unsigned int nr_failures; #define fail(fmt, ...) \ @@ -155,6 +156,10 @@ static void test_tsx_msrs(void) printf("Testing MSR_TSX_CTRL consistency\n"); test_tsx_msr_consistency( MSR_TSX_CTRL, host.msr.arch_caps.tsx_ctrl); + + printf("Testing MSR_MCU_OPT_CTRL consistency\n"); + test_tsx_msr_consistency( + MSR_MCU_OPT_CTRL, host.cpuid.feat.srbds_ctrl); } /* @@ -313,7 +318,8 @@ static void test_guest_policies(const struct xc_cpu_policy *max, if ( ((cm->feat.raw[0].d | cd->feat.raw[0].d) & (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT))) || + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | + bitmaskof(X86_FEATURE_SRBDS_CTRL))) || ((mm->arch_caps.raw | md->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) fail(" Xen-only TSX controls offered to guest\n"); @@ -388,6 +394,7 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.cpuid.feat.hle || guest_policy.cpuid.feat.tsx_force_abort || guest_policy.cpuid.feat.rtm_always_abort || + guest_policy.cpuid.feat.srbds_ctrl || guest_policy.msr.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 284c2dfb9e..bf4090c942 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -80,6 +80,9 @@ static bool msr_read_allowed(unsigned int msr) case MSR_TSX_CTRL: return cpu_has_tsx_ctrl; + + case MSR_MCU_OPT_CTRL: + return cpu_has_srbds_ctrl; } if ( ppin_msr && msr == ppin_msr ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:56:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268975.462931 (Exim 4.92) (envelope-from ) id 1nHkdo-0007zy-97; Wed, 09 Feb 2022 10:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268975.462931; Wed, 09 Feb 2022 10:56:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdo-0007zo-5m; Wed, 09 Feb 2022 10:56:04 +0000 Received: by outflank-mailman (input) for mailman id 268975; Wed, 09 Feb 2022 10:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdm-0007zY-8A for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdm-0002Ds-7T for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkdm-00044r-6j for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y0gxn3FSYFsfR0Q5RKGhV4+8i6b85CMIM7oUd3pdTKE=; b=xjjZG33zrgHeTqVuMCIYsjR+2C gZtYMLErMvgTg1xxtMhE4ACgyeFvMZD+2Bp4Cds0jEVBqcm75jAp8ZkEubBqiiY5uDS2ifVkvXPk6 vPApAcyzn6auF/mEaI7KMu1VVfED+UoyvGyQEpDxGwNBX+MLIHa/+yfAHdkxlBv+4Hrg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Wed, 09 Feb 2022 10:56:02 +0000 commit b8fec3e3f513dccbe5e25acf325673e50614d863 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index fae84b4c69..a36aa2fae0 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -197,6 +197,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -216,6 +220,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d4f5028fa2..c4f07f2d1d 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -447,6 +447,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a4b900d753..1d01b42b61 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -299,6 +299,8 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 10:56:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 10:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.268976.462934 (Exim 4.92) (envelope-from ) id 1nHkdy-00082g-Ah; Wed, 09 Feb 2022 10:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 268976.462934; Wed, 09 Feb 2022 10:56:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdy-00082Y-7R; Wed, 09 Feb 2022 10:56:14 +0000 Received: by outflank-mailman (input) for mailman id 268976; Wed, 09 Feb 2022 10:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdw-00082D-Bj for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHkdw-0002FZ-B0 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHkdw-00045Z-A1 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 10:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y0XGDX2/BmJMik0wRo85sc2+w865fvJKklfKGwb5Q1w=; b=VubPtC5bpvsylL87Lggv1vuFsO ZLbwklrW9ufT0NjLkFRjlpu++/v2coFpXtlvkMYa86shN8oDrtsGslg12BY5J4P6cobo1E/LeybzJ 2nQ9nbTqkcBsDqbJ3KyLe5GSo+REwW1Ns5k+ayf9U1Eqlqt/tPMBGUDr2x8wd0hpv+Sw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Wed, 09 Feb 2022 10:56:12 +0000 commit 2d8eade97343e99c26b004a05868532613007c8d Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:01:32 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648d..d462f9e421 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index a36aa2fae0..bc7dcf5575 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -199,6 +199,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 119ebfa91c..aaedb2c312 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -443,7 +443,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b93468d39..cbeeb19903 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 1d01b42b61..743b857dcd 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,6 +300,7 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 39c8b0c774..e0e3f2f463 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -287,7 +287,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 11:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 11:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269053.463027 (Exim 4.92) (envelope-from ) id 1nHlYv-0001R5-W9; Wed, 09 Feb 2022 11:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269053.463027; Wed, 09 Feb 2022 11:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlYv-0001Qx-T5; Wed, 09 Feb 2022 11:55:05 +0000 Received: by outflank-mailman (input) for mailman id 269053; Wed, 09 Feb 2022 11:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlYu-0001Qr-Qm for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlYu-0003Kf-NM for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHlYu-0000Ff-Lv for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MBAVRUz9j2SjpPmgBHNezQU3QGlY+VXAJWvgS0fuSos=; b=MmWS8LtdEi6VbIJ9ogW1z8BHVj VSQXon+BvwC+KOeoWezJABv0bIdyDlB9jrsXK7vTntnCaOGcZEhdiJBN7CAWnnG3sVrK2/Y9mOcgz lmm0QdbWmb1kgnl0ytQZiHhFGmFHLNrGQeepO9x+BoHVJChTenYb1RWTt3+Gm7eOrIvM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: drop a few CONFIG_HVM Message-Id: Date: Wed, 09 Feb 2022 11:55:04 +0000 commit 26294494ff07e11c585ced7b15d085497a16af73 Author: Jan Beulich AuthorDate: Wed Feb 9 12:47:40 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:47:40 2022 +0100 x86/P2M: drop a few CONFIG_HVM This is to make it easier to see which parts of p2m.c still aren't HVM- specific: In one case the conditionals sat in an already guarded region, while in the other case P2M_AUDIT implies HVM. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3f81e99fd6..27cb91d18a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1678,11 +1678,10 @@ p2m_flush_table_locked(struct p2m_domain *p2m) * when discarding them. */ ASSERT(!p2m_is_hostp2m(p2m)); -#ifdef CONFIG_HVM - /* Nested p2m's do not do pod, hence the asserts (and no pod lock)*/ + + /* Nested p2m's do not do pod, hence the asserts (and no pod lock) */ ASSERT(page_list_empty(&p2m->pod.super)); ASSERT(page_list_empty(&p2m->pod.single)); -#endif /* No need to flush if it's already empty */ if ( p2m_is_nestedp2m(p2m) && p2m->np2m_base == P2M_BASE_EADDR ) @@ -2599,7 +2598,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, return ret; } -#endif /* CONFIG_HVM */ /*** Audit ***/ @@ -2705,8 +2703,6 @@ out_p2m_audit: } #endif /* P2M_AUDIT */ -#ifdef CONFIG_HVM - /* * Add frame from foreign domain to target domain's physmap. Similar to * XENMAPSPACE_gmfn but the frame is foreign being mapped into current, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 11:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 11:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269054.463031 (Exim 4.92) (envelope-from ) id 1nHlZ6-0001TC-1r; Wed, 09 Feb 2022 11:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269054.463031; Wed, 09 Feb 2022 11:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZ5-0001T2-Ug; Wed, 09 Feb 2022 11:55:15 +0000 Received: by outflank-mailman (input) for mailman id 269054; Wed, 09 Feb 2022 11:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZ4-0001So-Rg for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZ4-0003Kk-Qt for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHlZ4-0000HB-Pb for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5LTsab4FiJnhdZypJlq7n7WpP+hsxGS/8Q/w92Dw2eA=; b=GfjTRgvCwRGQSoO0cgQ1YT+RGO pr1nAPOi3+BpX0PoePUubIiAtJZkiFbB3ihaTG34j2hC6HngmP0d4wJc/nsX5IHbT/zDiWtoHnF0Z RoORYP+ohno3/K+hdFHbVScaKZl2A8+Q2OfzeeGfUk9c5+7ZSFX55rrlOw1DsalMJPyE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/P2M: move map_domain_gfn() (again) Message-Id: Date: Wed, 09 Feb 2022 11:55:14 +0000 commit 470f260d5315f0895915ab1433fd067e3b21540c Author: Jan Beulich AuthorDate: Wed Feb 9 12:48:59 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:48:59 2022 +0100 x86/P2M: move map_domain_gfn() (again) The main user is the guest walking code, so move it back there; commit 9a6787cc3809 ("x86/mm: build map_domain_gfn() just once") would perhaps better have kept it there in the first place. This way it'll only get built when it's actually needed (and still only once). This also eliminates one more CONFIG_HVM conditional from p2m.c. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/guest_walk.c | 50 ++++++++++++++++++++++++++++++++++++++++++ xen/arch/x86/mm/p2m.c | 52 -------------------------------------------- 2 files changed, 50 insertions(+), 52 deletions(-) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index b9f607272c..35d543ca5f 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -532,6 +532,56 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, return walk_ok; } +#if GUEST_PAGING_LEVELS == CONFIG_PAGING_LEVELS +/* + * If the map is non-NULL, we leave this function having acquired an extra ref + * on mfn_to_page(*mfn). In all cases, *pfec contains appropriate + * synthetic/structure PFEC_* bits. + */ +void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, + p2m_query_t q, uint32_t *pfec) +{ + p2m_type_t p2mt; + struct page_info *page; + + if ( !gfn_valid(p2m->domain, gfn) ) + { + *pfec = PFEC_reserved_bit | PFEC_page_present; + return NULL; + } + + /* Translate the gfn, unsharing if shared. */ + page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); + if ( p2m_is_paging(p2mt) ) + { + ASSERT(p2m_is_hostp2m(p2m)); + if ( page ) + put_page(page); + p2m_mem_paging_populate(p2m->domain, gfn); + *pfec = PFEC_page_paged; + return NULL; + } + if ( p2m_is_shared(p2mt) ) + { + if ( page ) + put_page(page); + *pfec = PFEC_page_shared; + return NULL; + } + if ( !page ) + { + *pfec = 0; + return NULL; + } + + *pfec = PFEC_page_present; + *mfn = page_to_mfn(page); + ASSERT(mfn_valid(*mfn)); + + return map_domain_page(*mfn); +} +#endif + /* * Local variables: * mode: C diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 27cb91d18a..c1cff37709 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1965,58 +1965,6 @@ unsigned long paging_gva_to_gfn(struct vcpu *v, return hostmode->gva_to_gfn(v, hostp2m, va, pfec); } -#endif /* CONFIG_HVM */ - -/* - * If the map is non-NULL, we leave this function having acquired an extra ref - * on mfn_to_page(*mfn). In all cases, *pfec contains appropriate - * synthetic/structure PFEC_* bits. - */ -void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, - p2m_query_t q, uint32_t *pfec) -{ - p2m_type_t p2mt; - struct page_info *page; - - if ( !gfn_valid(p2m->domain, gfn) ) - { - *pfec = PFEC_reserved_bit | PFEC_page_present; - return NULL; - } - - /* Translate the gfn, unsharing if shared. */ - page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); - if ( p2m_is_paging(p2mt) ) - { - ASSERT(p2m_is_hostp2m(p2m)); - if ( page ) - put_page(page); - p2m_mem_paging_populate(p2m->domain, gfn); - *pfec = PFEC_page_paged; - return NULL; - } - if ( p2m_is_shared(p2mt) ) - { - if ( page ) - put_page(page); - *pfec = PFEC_page_shared; - return NULL; - } - if ( !page ) - { - *pfec = 0; - return NULL; - } - - *pfec = PFEC_page_present; - *mfn = page_to_mfn(page); - ASSERT(mfn_valid(*mfn)); - - return map_domain_page(*mfn); -} - -#ifdef CONFIG_HVM - static unsigned int mmio_order(const struct domain *d, unsigned long start_fn, unsigned long nr) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 11:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 11:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269055.463035 (Exim 4.92) (envelope-from ) id 1nHlZG-0001Wb-2z; Wed, 09 Feb 2022 11:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269055.463035; Wed, 09 Feb 2022 11:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZF-0001WT-WE; Wed, 09 Feb 2022 11:55:26 +0000 Received: by outflank-mailman (input) for mailman id 269055; Wed, 09 Feb 2022 11:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZE-0001WD-VI for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZE-0003L0-UU for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHlZE-0000IS-TO for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FJx2Cxqzn5VT4V9wq0R/VqBSW2mk5Fm2Lmp7Javhuxs=; b=z+OOzVuTV6T2Vziq2nrSh00r3W crqYg/Pj6LDIjvyf4HQuwEWde1GU6+ApbOEoLmQp0cIRH4MNT33QsrEXikBi+3y+xu888MWE5tMAj CJGpP+/9jOV3OUN8D+KG6KrXcE9/eMkaCPhQeigdTLVB6ahX3XIZtPLJ8Lt+NZJIp/OU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: tidy XENMEM_{get,set}_pod_target handling Message-Id: Date: Wed, 09 Feb 2022 11:55:24 +0000 commit 551b0e6de57aca5006e3eff20cfacc4a4caf6a5d Author: Jan Beulich AuthorDate: Wed Feb 9 12:50:28 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:50:28 2022 +0100 x86/mm: tidy XENMEM_{get,set}_pod_target handling Do away with the "pod_target_out_unlock" label. In particular by folding if()-s, the logic can be expressed with less code (and no goto-s) this way. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 98edf5b89c..b80e4ab9c5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4810,24 +4810,18 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( cmd == XENMEM_set_pod_target ) - rc = xsm_set_pod_target(XSM_PRIV, d); - else - rc = xsm_get_pod_target(XSM_PRIV, d); - - if ( rc != 0 ) - goto pod_target_out_unlock; - if ( cmd == XENMEM_set_pod_target ) { - if ( target.target_pages > d->max_pages ) - { + rc = xsm_set_pod_target(XSM_PRIV, d); + if ( rc ) + ASSERT(rc < 0); + else if ( target.target_pages > d->max_pages ) rc = -EINVAL; - goto pod_target_out_unlock; - } - - rc = p2m_pod_set_mem_target(d, target.target_pages); + else + rc = p2m_pod_set_mem_target(d, target.target_pages); } + else + rc = xsm_get_pod_target(XSM_PRIV, d); if ( rc == -ERESTART ) { @@ -4842,13 +4836,9 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) target.pod_entries = p2m->pod.entry_count; if ( __copy_to_guest(arg, &target, 1) ) - { - rc= -EFAULT; - goto pod_target_out_unlock; - } + rc = -EFAULT; } - pod_target_out_unlock: rcu_unlock_domain(d); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 11:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 11:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269056.463039 (Exim 4.92) (envelope-from ) id 1nHlZQ-0001ZM-4o; Wed, 09 Feb 2022 11:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269056.463039; Wed, 09 Feb 2022 11:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZQ-0001ZC-1P; Wed, 09 Feb 2022 11:55:36 +0000 Received: by outflank-mailman (input) for mailman id 269056; Wed, 09 Feb 2022 11:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZP-0001Ys-2N for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZP-0003LF-1b for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHlZP-0000JG-0a for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SGne4EjsbelGuHqAnv0Hcdt2GF+aHCxcSkZ4FAp9YjY=; b=stkgttsOGV1ymB/RmOD5c0xcQq c4rVbjJVUIuP5y194XsS0DL5dysEvp7G/VnWl5oXjYsvFuUuc0889EneG7bBRZsdYXIGExzK/Gtqj Qq7qkmDCoiLfci6tQXTs1ikosyOpFJODGh7jIvTx1UwdNDEG69s5kumUJjwF4k7zovBc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: add option to disable GNTTABOP_transfer Message-Id: Date: Wed, 09 Feb 2022 11:55:35 +0000 commit 185250ec78a7555aeed11a7856f215685b068e7d Author: Juergen Gross AuthorDate: Wed Feb 9 12:51:05 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:51:05 2022 +0100 xen: add option to disable GNTTABOP_transfer The grant table operation GNTTABOP_transfer is meant to be used in PV device backends, and it hasn't been used in Linux since the old Xen-o-Linux days. Add a command line sub-option to the "gnttab" option for disabling the GNTTABOP_transfer functionality. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 8 ++++++-- xen/common/grant_table.c | 12 ++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 8e75e592e7..1ca817f5e1 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1167,9 +1167,9 @@ does not provide `VM_ENTRY_LOAD_GUEST_PAT`. Specify which console gdbstub should use. See **console**. ### gnttab -> `= List of [ max-ver:, transitive= ]` +> `= List of [ max-ver:, transitive=, transfer= ]` -> Default: `gnttab=max-ver:2,transitive` +> Default: `gnttab=max-ver:2,transitive,transfer` Control various aspects of the grant table behaviour available to guests. @@ -1178,6 +1178,10 @@ version are 1 and 2. * `transitive` Permit or disallow the use of transitive grants. Note that the use of grant table v2 without transitive grants is an ABI breakage from the guests point of view. +* `transfer` Permit or disallow the GNTTABOP_transfer operation of the +grant table hypercall. Note that disallowing GNTTABOP_transfer is an ABI +breakage from the guests point of view. This option is only available on +hypervisors configured to support PV guests. The usage of gnttab v2 is not security supported on ARM platforms. diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 233c4bfcbe..3d92fee592 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -181,6 +181,11 @@ static int parse_gnttab_max_maptrack_frames(const char *arg) unsigned int __read_mostly opt_gnttab_max_version = GNTTAB_MAX_VERSION; static bool __read_mostly opt_transitive_grants = true; +#ifdef CONFIG_PV +static bool __ro_after_init opt_grant_transfer = true; +#else +#define opt_grant_transfer false +#endif static int __init parse_gnttab(const char *s) { @@ -204,6 +209,10 @@ static int __init parse_gnttab(const char *s) } else if ( (val = parse_boolean("transitive", s, ss)) >= 0 ) opt_transitive_grants = val; +#ifndef opt_grant_transfer + else if ( (val = parse_boolean("transfer", s, ss)) >= 0 ) + opt_grant_transfer = val; +#endif else rc = -EINVAL; @@ -2233,6 +2242,9 @@ gnttab_transfer( unsigned int max_bitsize; struct active_grant_entry *act; + if ( !opt_grant_transfer ) + return -EOPNOTSUPP; + for ( i = 0; i < count; i++ ) { bool_t okay; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 11:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 11:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269057.463043 (Exim 4.92) (envelope-from ) id 1nHlZa-0001c9-5y; Wed, 09 Feb 2022 11:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269057.463043; Wed, 09 Feb 2022 11:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZa-0001c1-36; Wed, 09 Feb 2022 11:55:46 +0000 Received: by outflank-mailman (input) for mailman id 269057; Wed, 09 Feb 2022 11:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZZ-0001bs-5J for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHlZZ-0003LP-4Z for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHlZZ-0000K4-3g for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 11:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sg+Rj6y0elAHcpqQGrbX9WQxllYskDcUaHttmT5thgQ=; b=E9nQwIECSm+dMs0drBgcVoPaTc fN39QniqhqumbJuPS1QhVq3iS9mJvkcsybyj4YzIy/JpB2Yhld7IqxToThYUjBfBFylh5SDUbFqlv 6RunZ4j30cqjgSxmxm2ajh/YsnbZOdAYkOb7ZrB+WXtdMdjMGxRA1VM6Ii4wfZkIKapM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Intel: don't log bogus frequency range on Core/Core2 processors Message-Id: Date: Wed, 09 Feb 2022 11:55:45 +0000 commit da4c512b05ed94e41c91bd8ed6d45895cf97cf51 Author: Jan Beulich AuthorDate: Wed Feb 9 12:52:01 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:52:01 2022 +0100 x86/Intel: don't log bogus frequency range on Core/Core2 processors Models 0F and 17 don't have PLATFORM_INFO documented. While it exists on at least model 0F, the information there doesn't match the scheme used on newer models (I'm observing a range of 700 ... 600 MHz reported on a Xeon E5345). Sadly the Enhanced Intel Core instance of the table entry is not self- consistent: The numeric description of the low 3 bits doesn't match the subsequent more textual description in some of the cases; I'm using the former here. Include the older Core model 0E as well as the two other Core2 models, none of which have respective MSR tables in the SDM. Fixes: f6b6517cd5db ("x86: retrieve and log CPU frequency information") Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index e7d4dd652f..06b0e552cc 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -467,6 +467,26 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) if ( c->x86 == 6 ) switch ( c->x86_model ) { + static const unsigned short core_factors[] = + { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; + + case 0x0e: /* Core */ + case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ + /* + * PLATFORM_INFO, while not documented for these, appears to + * exist in at least some cases, but what it holds doesn't + * match the scheme used by newer CPUs. At a guess, the min + * and max fields look to be reversed, while the scaling + * factor is encoded in FSB_FREQ. + */ + if ( min_ratio > max_ratio ) + SWAP(min_ratio, max_ratio); + if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || + (msrval &= 7) >= ARRAY_SIZE(core_factors) ) + return; + factor = core_factors[msrval]; + break; + case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ case 0x25: case 0x2c: case 0x2f: /* Westmere */ factor = 13333; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 12:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 12:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269106.463091 (Exim 4.92) (envelope-from ) id 1nHm9i-0007pK-9P; Wed, 09 Feb 2022 12:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269106.463091; Wed, 09 Feb 2022 12:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHm9i-0007pC-5p; Wed, 09 Feb 2022 12:33:06 +0000 Received: by outflank-mailman (input) for mailman id 269106; Wed, 09 Feb 2022 12:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHm9g-0007p5-EX for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 12:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHm9g-00045C-Aa for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 12:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHm9g-0003QH-9Y for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 12:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hHO8ExGUk9zWaNuG95eoeteQKFU4Y27M2SQttVFVICo=; b=fwgN7FmqGojP+nUfAiWpIn3S+X gstDUjaNdlU0HwBvqrF4RquPsII/M+Qpm77L0KVTxvLu4pGxz4/03Z/fFXJq40bBdUOZdoIbkcciK ubqlJu4vSgshtrOPIeu7YL0ZYwTeV4BgZmBqkypnO52KY3M9DU3uqS9YyXPPoRGfoFFQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/serial: scif: add support for HSCIF Message-Id: Date: Wed, 09 Feb 2022 12:33:04 +0000 commit 87319afb96973213ec0a76270d93696f3b8d6743 Author: Volodymyr Babchuk AuthorDate: Tue Feb 8 11:23:55 2022 +0000 Commit: Julien Grall CommitDate: Wed Feb 9 12:24:49 2022 +0000 xen/serial: scif: add support for HSCIF HSCIF is a high-speed variant of Renesas SCIF serial interface. From Xen point of view, they almost the same, only difference is in FIFO size. Signed-off-by: Volodymyr Babchuk Reviewed-by: Oleksandr Tyshchenko Acked-by: Julien Grall --- xen/drivers/char/scif-uart.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/scif-uart.c b/xen/drivers/char/scif-uart.c index ee204a11a4..2fccafe340 100644 --- a/xen/drivers/char/scif-uart.c +++ b/xen/drivers/char/scif-uart.c @@ -1,8 +1,8 @@ /* * xen/drivers/char/scif-uart.c * - * Driver for SCIF(A) (Serial communication interface with FIFO (A)) - * compatible UART. + * Driver for (H)SCIF(A) ((High-speed) Serial communication interface + * with FIFO (A)) compatible UART. * * Oleksandr Tyshchenko * Copyright (C) 2014, Globallogic. @@ -47,6 +47,7 @@ enum port_types { SCIF_PORT, SCIFA_PORT, + HSCIF_PORT, NR_PORTS, }; @@ -88,6 +89,17 @@ static const struct port_params port_params[NR_PORTS] = SCASCR_BRIE, .fifo_size = 64, }, + [HSCIF_PORT] = + { + .status_reg = SCIF_SCFSR, + .tx_fifo_reg = SCIF_SCFTDR, + .rx_fifo_reg = SCIF_SCFRDR, + .overrun_reg = SCIF_SCLSR, + .overrun_mask = SCLSR_ORER, + .error_mask = SCFSR_PER | SCFSR_FER | SCFSR_BRK | SCFSR_ER, + .irq_flags = SCSCR_RIE | SCSCR_TIE | SCSCR_REIE, + .fifo_size = 128, + }, }; static void scif_uart_interrupt(int irq, void *data, struct cpu_user_regs *regs) @@ -288,6 +300,7 @@ static const struct dt_device_match scif_uart_dt_match[] __initconst = { { .compatible = "renesas,scif", .data = &port_params[SCIF_PORT] }, { .compatible = "renesas,scifa", .data = &port_params[SCIFA_PORT] }, + { .compatible = "renesas,hscif", .data = &port_params[HSCIF_PORT] }, { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269398.463461 (Exim 4.92) (envelope-from ) id 1nHqpz-0004IC-Oa; Wed, 09 Feb 2022 17:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269398.463461; Wed, 09 Feb 2022 17:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqpz-0004I4-Li; Wed, 09 Feb 2022 17:33:03 +0000 Received: by outflank-mailman (input) for mailman id 269398; Wed, 09 Feb 2022 17:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqpx-0004Hy-Q0 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqpx-0001rF-Jy for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqpx-0005pP-J1 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VQ8hrM5W8jcx75ZTfhycOZwxOm6ceC4yQAcq9/4lA4c=; b=tFQuxfTaMMlUBefS/vHm5DkzRW r68f9K5YTsw5Yq1OXumbhhLVYfFpvicA3G4Y6qQbxRDEc2t5R2ty4bxn7w/2aL93C7beDKrz9HENB AKgH0Qw9Gf1cML/RHwEzlyfWWUxO9TkeuupgbvKCvdeg3xD2fo78CaixGgSz6g9XX5Io=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Wed, 09 Feb 2022 17:33:01 +0000 commit 0facadbbf7fc9cf042451181dc3b08b8b44a3284 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 292f764d9e..d5e9f9e37c 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -366,7 +366,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -381,7 +381,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -391,53 +391,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index a45995d246..152ce1afb6 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -425,6 +425,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269399.463466 (Exim 4.92) (envelope-from ) id 1nHqq8-0004KF-QX; Wed, 09 Feb 2022 17:33:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269399.463466; Wed, 09 Feb 2022 17:33:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqq8-0004K5-ND; Wed, 09 Feb 2022 17:33:12 +0000 Received: by outflank-mailman (input) for mailman id 269399; Wed, 09 Feb 2022 17:33:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqq7-0004Ju-O2 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqq7-0001rW-ND for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqq7-0005qE-MP for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dwb35l7pfGXHtLVlt8E86ZKaKNj828gV7aFOyr4tPFY=; b=EY31qiOQhnGG/T2/RX7zI1xTT1 jTdBMTviNhwbEqYHQtbxS6+T33yuarLMgmhr1oKEYk1Kez/klf5eKkCU5TFAXYPKqU1ibOHLraTKJ 35iMgxV6zclP+tn8L0anWHh8kqA/NGk/mAZ++PHPzokIuKqy0i03IXWqvCMBLxn5buhU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Wed, 09 Feb 2022 17:33:11 +0000 commit ff1215c25fa215ffcf094347c5104c4473cba706 Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 92c40b045c..4440fd6c5e 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -188,6 +188,10 @@ static const char *const str_e21a[32] = [ 2] = "lfence+", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -206,6 +210,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d5e9f9e37c..36f55e285b 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -432,7 +432,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bafc898774..45b29542c5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -291,6 +291,8 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269400.463469 (Exim 4.92) (envelope-from ) id 1nHqqJ-0004N3-SJ; Wed, 09 Feb 2022 17:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269400.463469; Wed, 09 Feb 2022 17:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqJ-0004Mt-Om; Wed, 09 Feb 2022 17:33:23 +0000 Received: by outflank-mailman (input) for mailman id 269400; Wed, 09 Feb 2022 17:33:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqH-0004MV-Rd for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqH-0001ro-Qd for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqqH-0005qp-Pe for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g4GzmOdJgsXlQ9Pg35PoXVtOB9Fm/SohY/ksRmT1NHQ=; b=Ftgy8NU1Lo1fXALwQOnMSc8hBj RAg2yVDtHcsmkhFgu70Fq2dJbOAiRytRBUrOmEZrwzVgFZzYztX/15U1iCo9hPRP9X+E/qnxZ/Txg vaKf2lgyAFks8NeHn8ww4/YnRj7O+a7bEIdWlFOzqsmeeuTjlsRRN01D8aOEqr9ksx1A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Wed, 09 Feb 2022 17:33:21 +0000 commit fdd61d3c059f5da4c447c4c3de93202f3ff86f56 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..21419e08c3 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index d5b538e4b6..2a2e093cff 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -384,8 +384,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fc4ef370a0..e271f76386 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1203,32 +1202,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1266,9 +1257,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 3983200e67..fe04d98fa1 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -136,6 +136,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index 44752bfdf6..c8745e1f31 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -632,6 +632,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index b252bb8631..9caecddfec 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269401.463472 (Exim 4.92) (envelope-from ) id 1nHqqT-0004Qc-Tt; Wed, 09 Feb 2022 17:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269401.463472; Wed, 09 Feb 2022 17:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqT-0004QS-QT; Wed, 09 Feb 2022 17:33:33 +0000 Received: by outflank-mailman (input) for mailman id 269401; Wed, 09 Feb 2022 17:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqS-0004Q1-2w for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqR-0001s3-To for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqqR-0005rb-T4 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VxeeevRHOhRyw/ukJTnEskRuFFVxpFGywtJ+vtOvFwc=; b=rOfovb4v//CXCltPHW3H0ZpR60 SCO9n7Lloo1xI1vWUkUeKN+73CsTC5nHuHPozhxOv5GM+Eq3S1KR1/iu+VpVYUz6yGqZ3j2SzHfLY WKSPzu0O9qti5jx1RYnRpiba2VAoAH64D1Ua/u9aYePt8QrsZf0uUMc5hMiaHu75qKEk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Wed, 09 Feb 2022 17:33:31 +0000 commit 8ae80402a20e6469f6497367b313f1f3a3f4d1b6 Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269402.463477 (Exim 4.92) (envelope-from ) id 1nHqqe-0004U3-0L; Wed, 09 Feb 2022 17:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269402.463477; Wed, 09 Feb 2022 17:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqd-0004Tv-Tc; Wed, 09 Feb 2022 17:33:43 +0000 Received: by outflank-mailman (input) for mailman id 269402; Wed, 09 Feb 2022 17:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqc-0004Tl-3e for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqc-0001sF-2v for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqqc-0005sG-03 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R7TLglbOouQLWgQJsgftDXNk7+cFvX5q3tEmhrZalik=; b=Q0ynajhZo7WmTZRmmDxEXYHQvp yn2PAz5qs1Nh+xRC5Q9PAvaf/cc7IOgQkchIK+dQoigv9ziWqu8jkB2b7pNeqiShVjfHuic+YDix5 maS0UMXZlAMQmibWB9KWEC6xUX3CIEr06NWDBlGxzuyEKOj0qKAowiolveQNB+kjr8yA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Wed, 09 Feb 2022 17:33:42 +0000 commit d5d7a8f7e6a6cc459fb3d0bad1d3fe1b05debe54 Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 3ece83a427..443802b3d2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2307,7 +2307,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2315,19 +2317,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e271f76386..3edf650f01 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1185,11 +1185,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index e3d44813ff..e2d4ebead0 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -71,6 +71,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:33:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269403.463480 (Exim 4.92) (envelope-from ) id 1nHqqo-0004Wk-1p; Wed, 09 Feb 2022 17:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269403.463480; Wed, 09 Feb 2022 17:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqn-0004Wc-V8; Wed, 09 Feb 2022 17:33:53 +0000 Received: by outflank-mailman (input) for mailman id 269403; Wed, 09 Feb 2022 17:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqm-0004WC-72 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqm-0001sS-6I for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqqm-0005sv-5N for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m6gWALdrKgVlPuBv0HWk62x5+DvhS5X3E4+mM7ElxkE=; b=kpbkMDGmKidEQeh/4dwQqqp5m1 Tp4/P/sSFvDuz0V3l/EF3nKxQfqCfV1U1a3tPQ4STSsBJoIMVcv5hMIAaEgvqf1FrNKhadVyWHfjY u3wGX/3x+4NCCnqoWVpVcFqWZ3A1/MJMRy4QB24vCiSXBz7TCBy6A8dMQrgw0a5GRSvg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Wed, 09 Feb 2022 17:33:52 +0000 commit 96c17e7cafc710d5e6fd1fa0aa9aa8c3cdd3376b Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4440fd6c5e..8c2564ca5c 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -192,6 +192,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 36f55e285b..0ded3148d3 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -434,6 +434,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 45b29542c5..64a5c6d351 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -293,6 +293,8 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 17:34:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 17:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269404.463485 (Exim 4.92) (envelope-from ) id 1nHqqy-0004Zg-3y; Wed, 09 Feb 2022 17:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269404.463485; Wed, 09 Feb 2022 17:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqy-0004ZW-0W; Wed, 09 Feb 2022 17:34:04 +0000 Received: by outflank-mailman (input) for mailman id 269404; Wed, 09 Feb 2022 17:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqw-0004ZK-AE for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHqqw-0001t5-9Y for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHqqw-0005th-8m for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 17:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pcZmEBmb4Yy8lvuLNu8mZVWuGHRO67PU3A46bTSrhlA=; b=SDt83RIFNTIHTzs4RB4DIckY8z ea11+hEtliRUiEgpZKyvAdLEoU+fHlCcv01rNmnOuMXZd4js9xJ9pk/H/+xa8V0L4DDDCExAAevX+ Cfivj4PwKz6CMizQiLsjaXa9oF2YJLDTkvvdNA7WrOAPq5Ilk89iQKyMC1nx4r+aTQ8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Wed, 09 Feb 2022 17:34:02 +0000 commit 1ec097c35c4f402d7a3fbb05c2b9797afdc3f59c Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:04:52 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 9f55073f0a..9a4eb8015a 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -230,6 +230,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx-vnni", 0x00000007, 1, CPUID_REG_EAX, 4, 1}, {"avx512-bf16", 0x00000007, 1, CPUID_REG_EAX, 5, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 8c2564ca5c..12111fe12d 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -194,6 +194,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index de9953aac3..999ddf5107 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -428,7 +428,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3edf650f01..9301d95bd7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 64a5c6d351..9686c82ed7 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -294,6 +294,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 152ce1afb6..1e7020de46 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -285,7 +285,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269461.463554 (Exim 4.92) (envelope-from ) id 1nHs7L-0006vF-HA; Wed, 09 Feb 2022 18:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269461.463554; Wed, 09 Feb 2022 18:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7L-0006v7-EG; Wed, 09 Feb 2022 18:55:03 +0000 Received: by outflank-mailman (input) for mailman id 269461; Wed, 09 Feb 2022 18:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7K-0006un-4O for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7K-0003Us-3R for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs7K-0003Od-2c for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eTTn9CMbOUfv7XeuP/4H0P7WylTDt2iaMeUSIp3h11k=; b=GtBDG46xQzt8mLmd7T0+m+SVsP oAoDV0XNj0+2qHSRgeR7HMB5ILPqMBhUhkCUqszwKzqSO0BpwFv1Q/J41X0olfS8wmpakj+eVY1sI wpTxNFQYtdWrDBGSTnWJxu0agSurUkblbkDS7VNkePE/ZL1ZpKo6hWG9tcbVNQp5RmFc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Disentangle logic for new feature leaves Message-Id: Date: Wed, 09 Feb 2022 18:55:02 +0000 commit 6af894521e11ee5b94b6ffe271970fd4f7a889e9 Author: Andrew Cooper AuthorDate: Thu Jan 27 13:56:04 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Disentangle logic for new feature leaves Adding a new feature leaf is a reasonable amount of boilerplate and for the patch to build, at least one feature from the new leaf needs defining. This typically causes two non-trivial changes to be merged together. First, have gen-cpuid.py write out some extra placeholder defines: #define CPUID_BITFIELD_11 bool :1, :1, lfence_dispatch:1, ... #define CPUID_BITFIELD_12 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_13 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_14 uint32_t :32 /* placeholder */ #define CPUID_BITFIELD_15 uint32_t :32 /* placeholder */ This allows DECL_BITFIELD() to be added to struct cpuid_policy without requiring a XEN_CPUFEATURE() declared for the leaf. The choice of 4 is arbitrary, and allows us to add more than one leaf at a time if necessary. Second, rework generic_identify() to not use specific feature names. The choice of deriving the index from a feature was to avoid mismatches, but its correctness depends on bugs like c/s 249e0f1d8f20 ("x86/cpuid: Fix TSXLDTRK definition") not happening. Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read. In addition, tidy up some other bits of generic_identify() * Drop leading zeros from leaf numbers. * Don't use a locked update for X86_FEATURE_APERFMPERF. * Rework extended_cpuid_level calculation to avoid setting it twice. * Use "leaf >= $N" consistently so $N matches with the CPUID input. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e3662437eb43cc8002bd39be077ef68b131649c5) --- xen/arch/x86/cpu/common.c | 54 +++++++++++++++++++++++------------------------ xen/tools/gen-cpuid.py | 2 ++ 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 8a37d863a8..5b1f38c8bf 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -366,7 +366,7 @@ static void generic_identify(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx, tmp; /* Get vendor name */ - cpuid(0x00000000, &c->cpuid_level, &ebx, &ecx, &edx); + cpuid(0, &c->cpuid_level, &ebx, &ecx, &edx); *(u32 *)&c->x86_vendor_id[0] = ebx; *(u32 *)&c->x86_vendor_id[8] = ecx; *(u32 *)&c->x86_vendor_id[4] = edx; @@ -381,7 +381,7 @@ static void generic_identify(struct cpuinfo_x86 *c) /* Note that the vendor-specific code below might override */ /* Model and family information. */ - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); + cpuid(1, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; @@ -391,53 +391,53 @@ static void generic_identify(struct cpuinfo_x86 *c) /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); - cpuid(0x00000001, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + cpuid(1, &eax, &ebx, + &c->x86_capability[FEATURESET_1c], + &c->x86_capability[FEATURESET_1d]); if ( cpu_has(c, X86_FEATURE_CLFLUSH) ) c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8; if ( (c->cpuid_level >= CPUID_PM_LEAF) && (cpuid_ecx(CPUID_PM_LEAF) & CPUID6_ECX_APERFMPERF_CAPABILITY) ) - set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + __set_bit(X86_FEATURE_APERFMPERF, c->x86_capability); + + eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000) + c->extended_cpuid_level = eax; /* AMD-defined flags: level 0x80000001 */ - c->extended_cpuid_level = cpuid_eax(0x80000000); - if ((c->extended_cpuid_level >> 16) != 0x8000) - c->extended_cpuid_level = 0; - if (c->extended_cpuid_level > 0x80000000) + if (c->extended_cpuid_level >= 0x80000001) cpuid(0x80000001, &tmp, &tmp, - &c->x86_capability[cpufeat_word(X86_FEATURE_LAHF_LM)], - &c->x86_capability[cpufeat_word(X86_FEATURE_SYSCALL)]); + &c->x86_capability[FEATURESET_e1c], + &c->x86_capability[FEATURESET_e1d]); if (c->extended_cpuid_level >= 0x80000004) get_model_name(c); /* Default name */ if (c->extended_cpuid_level >= 0x80000007) - c->x86_capability[cpufeat_word(X86_FEATURE_ITSC)] - = cpuid_edx(0x80000007); + c->x86_capability[FEATURESET_e7d] = cpuid_edx(0x80000007); if (c->extended_cpuid_level >= 0x80000008) - c->x86_capability[cpufeat_word(X86_FEATURE_CLZERO)] - = cpuid_ebx(0x80000008); + c->x86_capability[FEATURESET_e8b] = cpuid_ebx(0x80000008); if (c->extended_cpuid_level >= 0x80000021) - c->x86_capability[cpufeat_word(X86_FEATURE_LFENCE_DISPATCH)] - = cpuid_eax(0x80000021); + c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); /* Intel-defined flags: level 0x00000007 */ - if ( c->cpuid_level >= 0x00000007 ) { - cpuid_count(0x00000007, 0, &eax, - &c->x86_capability[cpufeat_word(X86_FEATURE_FSGSBASE)], - &c->x86_capability[cpufeat_word(X86_FEATURE_PKU)], - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_4VNNIW)]); - if (eax > 0) - cpuid_count(0x00000007, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_AVX512_BF16)], + if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, + &c->x86_capability[FEATURESET_7b0], + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + if (max_subleaf >= 1) + cpuid_count(7, 1, + &c->x86_capability[FEATURESET_7a1], &tmp, &tmp, &tmp); } if (c->cpuid_level >= 0xd) cpuid_count(0xd, 1, - &c->x86_capability[cpufeat_word(X86_FEATURE_XSAVEOPT)], + &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index bd3a403182..b0b0ad10db 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -425,6 +425,8 @@ def write_results(state): """) + state.bitfields += ["uint32_t :32 /* placeholder */"] * 4 + for idx, text in enumerate(state.bitfields): state.output.write( "#define CPUID_BITFIELD_%d \\\n %s\n\n" -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269463.463558 (Exim 4.92) (envelope-from ) id 1nHs7V-0006ya-Jw; Wed, 09 Feb 2022 18:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269463.463558; Wed, 09 Feb 2022 18:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7V-0006yS-H2; Wed, 09 Feb 2022 18:55:13 +0000 Received: by outflank-mailman (input) for mailman id 269463; Wed, 09 Feb 2022 18:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7U-0006y9-7u for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7U-0003V4-75 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs7U-0003PA-64 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p38Q4HZjRbUzkYMdIqcoAww/PF7jmhQ/V01mzpTGY4g=; b=Tc/rrvm2Qp8h1oobsM5sQDZlfD KuZYd/yRY/Io+4y2F9j0HqUyKPNfyeQVqq4NY2OmKhWTEmIwJFadGvexDWHT5dzZBHt0pMCon4r09 YiE35VTzoaRDgn6uKPnmZWVilNpxKuIGZTH4/DPYW0xyuawYKpVg1wCpgAXvYRXpJrLA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Infrastructure for leaf 7:1.ebx Message-Id: Date: Wed, 09 Feb 2022 18:55:12 +0000 commit 08ec8c11d653c40f8ea9c7e9740b0718de01a3f7 Author: Jan Beulich AuthorDate: Thu Jan 27 12:54:42 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Infrastructure for leaf 7:1.ebx Signed-off-by: Jan Beulich Signed-off-by: Andrew Cooper (cherry picked from commit e1828e3032ebfe036023cd733adfd2d4ec856688) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index bfe20c0c5f..0b91dff2e3 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -188,6 +188,10 @@ static const char *const str_e21a[32] = [ 2] = "lfence+", }; +static const char *const str_7b1[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -206,6 +210,7 @@ static const struct { { "0x00000007:0.edx", "7d0", str_7d0 }, { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, + { "0x00000007:1.ebx", "7b1", str_7b1 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 5b1f38c8bf..f1d5661b8b 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -432,7 +432,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (max_subleaf >= 1) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], - &tmp, &tmp, &tmp); + &c->x86_capability[FEATURESET_7b1], + &tmp, &tmp); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index ceac28b0d1..01a30491e4 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -288,6 +288,8 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16 Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index a4d254ea96..e87036b303 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -16,6 +16,7 @@ #define FEATURESET_7d0 9 /* 0x00000007:0.edx */ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ +#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ struct cpuid_leaf { @@ -188,6 +189,10 @@ struct cpuid_policy uint32_t _7a1; struct { DECL_BITFIELD(7a1); }; }; + union { + uint32_t _7b1; + struct { DECL_BITFIELD(7b1); }; + }; }; } feat; @@ -327,6 +332,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7d0] = p->feat._7d0; fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; + fs[FEATURESET_7b1] = p->feat._7b1; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -345,6 +351,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7d0 = fs[FEATURESET_7d0]; p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; + p->feat._7b1 = fs[FEATURESET_7b1]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269464.463563 (Exim 4.92) (envelope-from ) id 1nHs7f-00072l-Le; Wed, 09 Feb 2022 18:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269464.463563; Wed, 09 Feb 2022 18:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7f-00072c-IU; Wed, 09 Feb 2022 18:55:23 +0000 Received: by outflank-mailman (input) for mailman id 269464; Wed, 09 Feb 2022 18:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7e-00072E-Ba for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7e-0003VI-Ae for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs7e-0003Pe-9d for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MA2HyZwwen7KDgkyWGY837vszY9kgojbcDBxzBCz+JI=; b=VX28uUE/L7imtJVaFbx9nn6V1A Som0vsBcIvRzC1SQKkF89mlwM6JcMYz12C8hnFnPP72TUxRBksCxy+2KqaqZIhiBTCGj+m/CNFKFr +kSgbdIcCfB+ShgvIH09/VpUCan68Xj0ZO/DbodktW4jrapYeDCjCddcrLRq5Wdnq6vM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Wed, 09 Feb 2022 18:55:22 +0000 commit 89eede61225c31efbe14a14711b57a2c01f08ca0 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7) --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 ++++++++++++++++++++++++++++++++ xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 +++++++++++++------------------------- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/processor.h | 3 +++ xen/include/asm-x86/spec_ctrl.h | 2 -- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5edb9aa965..774e0fcd35 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -299,8 +299,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index abf8e206d7..21419e08c3 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 7d535144ec..5abfae4c72 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -383,8 +383,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index fc4ef370a0..e271f76386 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1203,32 +1202,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1266,9 +1257,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index a4900ef0c3..004cbdcb10 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -133,6 +133,7 @@ /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/include/asm-x86/processor.h b/xen/include/asm-x86/processor.h index f8e1e4d523..3ff7cc5807 100644 --- a/xen/include/asm-x86/processor.h +++ b/xen/include/asm-x86/processor.h @@ -632,6 +632,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_X86_PROCESSOR_H */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index b252bb8631..9caecddfec 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269465.463567 (Exim 4.92) (envelope-from ) id 1nHs7p-00076A-NT; Wed, 09 Feb 2022 18:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269465.463567; Wed, 09 Feb 2022 18:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7p-000762-K8; Wed, 09 Feb 2022 18:55:33 +0000 Received: by outflank-mailman (input) for mailman id 269465; Wed, 09 Feb 2022 18:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7o-00075l-ES for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7o-0003VT-De for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs7o-0003QB-Co for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ap8ZNwIUngBncdkvywNqnsHjQAGOoKwHM0U++NTi0e0=; b=kKevbGWMV1WLSxgccj4XGyO94N 8oQwWVH7JLNho5Uf/e1wtX6en1DfruR9VwEpIitCxBS+7tkOYyWtE4CvFc5McjPOgpec2Gz/AYaV/ kJRzhLICRkkPb/RDLyS3RmO5rgHzaWdvDaS0N81E20wq80S610bof8s/ZAdVkAdVZex4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Wed, 09 Feb 2022 18:55:32 +0000 commit 366d4424776bd869c01bfc67b047aa1c619844c5 Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4116139131e93b4f075e5442e3c1b424280f6f1f) --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269467.463571 (Exim 4.92) (envelope-from ) id 1nHs7z-00079j-Oh; Wed, 09 Feb 2022 18:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269467.463571; Wed, 09 Feb 2022 18:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7z-00079c-Lh; Wed, 09 Feb 2022 18:55:43 +0000 Received: by outflank-mailman (input) for mailman id 269467; Wed, 09 Feb 2022 18:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7y-00079O-Hh for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs7y-0003Vo-Go for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs7y-0003Qk-Fy for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H710rf0egtORdmWy/9wRKZJiuV0+zpPRJedOXFxWfKU=; b=x+JxiJIizWQsT84sYoITS0mTZr DxoygoR2cA5oWxCjWCAyvw8mPI7Q3PpmAIkPd5bvvjDKqa6j2jT9482MoqoCp0yEwIAkSFDpw9Bm1 oM4fSDAKP771bMJuTFJ4R/Ws/b8iH6FFllxSchsE/ualUcKZcSup2Ap4ytN1X8VoJ6v4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Wed, 09 Feb 2022 18:55:42 +0000 commit 96e94760aed1e995b52d7a9e32e5159570895971 Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee) --- docs/misc/xen-command-line.pandoc | 25 ++++++++++--- xen/arch/x86/spec_ctrl.c | 7 ++-- xen/arch/x86/tsx.c | 76 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/msr-index.h | 2 ++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a889c23c64..fd8f825491 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2242,7 +2242,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2250,19 +2252,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e271f76386..3edf650f01 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1185,11 +1185,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9366386ef4..93f96e2ace 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -71,6 +71,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269469.463575 (Exim 4.92) (envelope-from ) id 1nHs89-0007Dc-SF; Wed, 09 Feb 2022 18:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269469.463575; Wed, 09 Feb 2022 18:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs89-0007DQ-Ox; Wed, 09 Feb 2022 18:55:53 +0000 Received: by outflank-mailman (input) for mailman id 269469; Wed, 09 Feb 2022 18:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs88-0007D7-LI for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs88-0003W3-K8 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs88-0003RJ-JE for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rR7VGrLmFyvtu41zcgAn7Y1Gu4+G/FWYt8tk1CQ1Sw0=; b=X2ic77VArbHXoD74X3uJ9qMFlj gUL1d5bOtoifZfBXU5Z+akMe5NI+T+8V8RHqL6z/KFchW8Vaz3erf16vUNNg9kddckBvSlWthhbfo puXxv55OzeT/Vjv/Jh09A5geF7AulzaTCAsOD3sGpgxFH0BHe2Ysnz23n/mth0bO9TzQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Wed, 09 Feb 2022 18:55:52 +0000 commit 90565c9e5da809ab21ba3c72ad14740f179efb04 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629) --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0b91dff2e3..d2b1cd21b4 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -192,6 +192,10 @@ static const char *const str_7b1[32] = { }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -211,6 +215,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index f1d5661b8b..b6672b56da 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -434,6 +434,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 01a30491e4..9f6c933151 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -290,6 +290,8 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Wed Feb 09 18:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Feb 2022 18:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269472.463579 (Exim 4.92) (envelope-from ) id 1nHs8J-0007Ga-Ti; Wed, 09 Feb 2022 18:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269472.463579; Wed, 09 Feb 2022 18:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs8J-0007GQ-QQ; Wed, 09 Feb 2022 18:56:03 +0000 Received: by outflank-mailman (input) for mailman id 269472; Wed, 09 Feb 2022 18:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs8I-0007GG-O3 for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHs8I-0003Wh-NL for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHs8I-0003SE-MT for xen-changelog@lists.xenproject.org; Wed, 09 Feb 2022 18:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GQihkBI5nkWEFM2i157GgWSzoKEzLZ45vMF76T71YAk=; b=ZQ9vwRHo0KHwCOagKDkqaU5CrR GMuJStpu0BE0580PCG20/6o4l0I7Dnery0+L7l8H+hdmP65pgzJykdPLu2KTL6nyPubEtvlbquTsP pZ7NjRopRcyHX8mS/XX2fyrq/RPriOos7IDzQrjwTz4i3Ak8QUkLzXO9bWUfEz7IlQx4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Wed, 09 Feb 2022 18:56:02 +0000 commit 496fb0be938a30971af05ffe0e58bb65643a0971 Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:06:41 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 52ce1c97844db213de01c5300eaaa8cf101a285f) --- tools/libxl/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index a06f7a6606..86c8d21555 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -227,6 +227,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-bf16", 0x00000007, 1, CPUID_REG_EAX, 5, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d2b1cd21b4..7ebf520a71 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -194,6 +194,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 02f8b554da..576235e507 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -368,7 +368,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3edf650f01..9301d95bd7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9f6c933151..c5af6f03cf 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -291,6 +291,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b0b0ad10db..e77672ddcd 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -285,7 +285,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269564.463638 (Exim 4.92) (envelope-from ) id 1nHzRC-0004OG-ER; Thu, 10 Feb 2022 02:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269564.463638; Thu, 10 Feb 2022 02:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRC-0004O7-BB; Thu, 10 Feb 2022 02:44:02 +0000 Received: by outflank-mailman (input) for mailman id 269564; Thu, 10 Feb 2022 02:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRB-0004O1-IE for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRB-0006OP-HP for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzRB-0006Nm-GG for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qNSJFpdsI8huOkzxK3ts3fUSQOk4+kKutXc2TcTzFIY=; b=ivn0aTHPU7YMdzvgfqX/whT405 qZoFclXDTUuBFQRMis8HCqMiLsc7iIUy2Q1QvW1+d0jLYZAWIDk026mUhsnHFnd2Ts6UfWlxmLPaf yVbZZXmqwP/B2YDRpBpHEc5cIKhAyhpR9Xnuf6jFgkwWN3uJKLc3cYk5dj6umxIe4Nsk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Message-Id: Date: Thu, 10 Feb 2022 02:44:01 +0000 commit 39a40f3835efcc25c1b05a25c321a01d7e11cbd7 Author: Andrew Cooper AuthorDate: Wed May 19 19:40:28 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling Introduce cpu_has_srbds_ctrl as more users are going to appear shortly. MSR_MCU_OPT_CTRL is gaining extra functionality, meaning that the current default_xen_mcu_opt_ctrl is no longer a good fit. Introduce two new helpers, update_mcu_opt_ctrl() which does a full RMW cycle on the MSR, and set_in_mcu_opt_ctrl() which lets callers configure specific bits at a time without clobbering each others settings. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 3 +-- xen/arch/x86/cpu/intel.c | 32 +++++++++++++++++++++++++++++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/processor.h | 3 +++ xen/arch/x86/include/asm/spec_ctrl.h | 2 -- xen/arch/x86/smpboot.c | 3 +-- xen/arch/x86/spec_ctrl.c | 38 ++++++++++++----------------------- 7 files changed, 51 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index d4bdc3e7df..5eaa77f66a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -301,8 +301,7 @@ static int enter_state(u32 state) ci->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); /* (re)initialise SYSCALL/SYSENTER state, amongst other things. */ percpu_traps_init(); diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 9b011c3446..e7d4dd652f 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,38 @@ #include "cpu.h" +/* + * MSR_MCU_OPT_CTRL is a collection of unrelated functionality, with separate + * enablement requirements, but which want to be consistent across the system. + */ +static uint32_t __read_mostly mcu_opt_ctrl_mask; +static uint32_t __read_mostly mcu_opt_ctrl_val; + +void update_mcu_opt_ctrl(void) +{ + uint32_t mask = mcu_opt_ctrl_mask, lo, hi; + + if ( !mask ) + return; + + rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + + lo &= ~mask; + lo |= mcu_opt_ctrl_val; + + wrmsr(MSR_MCU_OPT_CTRL, lo, hi); +} + +void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) +{ + mcu_opt_ctrl_mask |= mask; + + mcu_opt_ctrl_val &= ~mask; + mcu_opt_ctrl_val |= (val & mask); + + update_mcu_opt_ctrl(); +} + /* * Processors which have self-snooping capability can handle conflicting * memory type across CPUs by snooping its own cache. However, there exists diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 4754940e23..a0ab6d7d78 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -134,6 +134,7 @@ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) #define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS) #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT) +#define cpu_has_srbds_ctrl boot_cpu_has(X86_FEATURE_SRBDS_CTRL) #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) #define cpu_has_serialize boot_cpu_has(X86_FEATURE_SERIALIZE) diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index e2e1eaf5bd..23639d5479 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -626,6 +626,9 @@ extern int8_t opt_tsx, cpu_has_tsx_ctrl; extern bool rtm_disabled; void tsx_init(void); +void update_mcu_opt_ctrl(void); +void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); + enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index a803d16f90..f760295236 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -54,8 +54,6 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; -extern uint64_t default_xen_mcu_opt_ctrl; - static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 22ae4c1b2d..335129a010 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -385,8 +385,7 @@ void start_secondary(void *unused) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + update_mcu_opt_ctrl(); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ee862089b7..3628b4b415 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,6 @@ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ static int8_t __initdata opt_srb_lock = -1; -uint64_t __read_mostly default_xen_mcu_opt_ctrl; static int __init parse_spec_ctrl(const char *s) { @@ -376,7 +375,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", - !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + !cpu_has_srbds_ctrl ? "" : opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", @@ -1251,32 +1250,24 @@ void __init init_speculation_mitigations(void) tsx_init(); } - /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock by + * default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only known + * way to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there is + * no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( cpu_has_srbds_ctrl ) { - uint64_t val; - - rdmsrl(MSR_MCU_OPT_CTRL, val); - - /* - * On some SRBDS-affected hardware, it may be safe to relax srb-lock - * by default. - * - * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way - * to access the Fill Buffer. If TSX isn't available (inc. SKU - * reasons on some models), or TSX is explicitly disabled, then there - * is no need for the extra overhead to protect RDRAND/RDSEED. - */ if ( opt_srb_lock == -1 && (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) opt_srb_lock = 0; - val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; - if ( !opt_srb_lock ) - val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; - - default_xen_mcu_opt_ctrl = val; + set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, + opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } print_details(thunk, caps); @@ -1314,9 +1305,6 @@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, val); info->last_spec_ctrl = val; } - - if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) - wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269565.463641 (Exim 4.92) (envelope-from ) id 1nHzRM-0004QO-Fn; Thu, 10 Feb 2022 02:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269565.463641; Thu, 10 Feb 2022 02:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRM-0004QG-Ck; Thu, 10 Feb 2022 02:44:12 +0000 Received: by outflank-mailman (input) for mailman id 269565; Thu, 10 Feb 2022 02:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRL-0004QA-LR for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRL-0006P6-Kd for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzRL-0006Oo-Jl for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LYUtCJ3PVAqDr5vQ7YtDj6ux2QdgH9gE7vnlHlSa/V8=; b=n1WWBbaSi5V6rGcBEgs77b+9pT ffCEndgcU8tTdQyVAp2oUtCrsgoAmjAv5P3DUrduCZElrvcjUruJfwsAKLiOggj/Pdu/Xb5m9BuZ9 uLq651IKnB8WKUH0WYrtgWE06miihzAlu12FdhqOtJzl5gZEF3cd//9PFcfyl9pAB5lY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/tsx: Move has_rtm_always_abort to an outer scope Message-Id: Date: Thu, 10 Feb 2022 02:44:11 +0000 commit 4116139131e93b4f075e5442e3c1b424280f6f1f Author: Andrew Cooper AuthorDate: Wed Jun 23 21:53:58 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/tsx: Move has_rtm_always_abort to an outer scope We are about to introduce a second path which needs to conditionally force the presence of RTM_ALWAYS_ABORT. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/tsx.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 88adf08c49..c3b8a7ec00 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,7 @@ void tsx_init(void) if ( unlikely(cpu_has_tsx_ctrl < 0) ) { uint64_t caps = 0; + bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] @@ -51,6 +52,7 @@ void tsx_init(void) rdmsrl(MSR_ARCH_CAPABILITIES, caps); cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); + has_rtm_always_abort = cpu_has_rtm_always_abort; if ( cpu_has_tsx_force_abort ) { @@ -67,11 +69,7 @@ void tsx_init(void) * RTM_ALWAYS_ABORT enumerates the new functionality, but is also * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. - * - * Undo this behaviour in Xen's view of the world. */ - bool has_rtm_always_abort = cpu_has_rtm_always_abort; - if ( !has_rtm_always_abort ) { uint64_t val; @@ -82,15 +80,6 @@ void tsx_init(void) has_rtm_always_abort = true; } - /* - * Always force RTM_ALWAYS_ABORT, even if it currently visible. - * If the user explicitly opts to enable TSX, we'll set - * TSX_FORCE_ABORT.ENABLE_RTM and cause RTM_ALWAYS_ABORT to be - * hidden from the general CPUID scan later. - */ - if ( has_rtm_always_abort ) - setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); - /* * If no explicit tsx= option is provided, pick a default. * @@ -108,9 +97,18 @@ void tsx_init(void) * With RTM_ALWAYS_ABORT, disable TSX. */ if ( opt_tsx < 0 ) - opt_tsx = !cpu_has_rtm_always_abort; + opt_tsx = !has_rtm_always_abort; } + /* + * Always force RTM_ALWAYS_ABORT, even if it currently visible. If + * the user explicitly opts to enable TSX, we'll set the appropriate + * RTM_ENABLE bit and cause RTM_ALWAYS_ABORT to be hidden from the + * general CPUID scan later. + */ + if ( has_rtm_always_abort ) + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + /* * The TSX features (HLE/RTM) are handled specially. They both * enumerate features but, on certain parts, have mechanisms to be -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269566.463646 (Exim 4.92) (envelope-from ) id 1nHzRW-0004U9-Hj; Thu, 10 Feb 2022 02:44:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269566.463646; Thu, 10 Feb 2022 02:44:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRW-0004U0-EG; Thu, 10 Feb 2022 02:44:22 +0000 Received: by outflank-mailman (input) for mailman id 269566; Thu, 10 Feb 2022 02:44:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRV-0004Tq-P4 for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRV-0006PM-OK for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzRV-0006Pw-NN for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f4iayPDkVZ5k74Q7JzTVNf1XqHjeTwwRHt2vfPsHygc=; b=tIOg8/0mGx7eTDdkG/k3pEXVBK CMGqo1yTuY+jf9kFqnxXLSVPnBfui1ByDSn0xvHbqO7HSZjQLNgaTwwaLALSzH1bypvfxhIOe53Pa 2b/9Mv7/yqiaqkA95ak5+kh6SBmIoOzN6PDIkpnwzr4nCQVLcH30BU5JX4CP1LbG2ghs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R Message-Id: Date: Thu, 10 Feb 2022 02:44:21 +0000 commit ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee Author: Andrew Cooper AuthorDate: Wed Sep 16 16:15:52 2020 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R The February 2022 microcode is formally de-featuring TSX on the TAA-impacted client CPUs. The backup TAA mitigation (VERW regaining its flushing side effect) is being dropped, meaning that `smt=0 spec-ctrl=md-clear` no longer protects against TAA on these parts. The new functionality enumerates itself via the RTM_ALWAYS_ABORT CPUID bit (the same as June 2021), but has its control in MSR_MCU_OPT_CTRL as opposed to MSR_TSX_FORCE_ABORT. TSX now defaults to being disabled on ucode load. Furthermore, if SGX is enabled in the BIOS, TSX is locked and cannot be re-enabled. In this case, override opt_tsx to 0, so the RTM/HLE CPUID bits get hidden by default. While updating the command line documentation, take the opportunity to add a paragraph explaining what TSX being disabled actually means, and how migration compatibility works. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 25 +++++++++--- xen/arch/x86/include/asm/msr-index.h | 2 + xen/arch/x86/spec_ctrl.c | 7 +++- xen/arch/x86/tsx.c | 76 ++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 6b3da6ddc1..8e75e592e7 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2387,7 +2387,9 @@ Several microcode updates are relevant: Introduced MSR_TSX_CTRL on all TSX-enabled MDS_NO parts to date, CLX/WHL-R/CFL-R, with the controls becoming architectural moving forward and formally retiring HLE from the architecture. The user can disable TSX - to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. + to mitigate TAA, and elect to hide the HLE/RTM CPUID bits. Also causes + VERW to once-again flush the microarchiectural buffers in case a TAA + mitigation is wanted along with TSX being enabled. * June 2021, removing the workaround for March 2019 on client CPUs and formally de-featured TSX on SKL/KBL/WHL/CFL (Note: SKX still retains the @@ -2395,19 +2397,32 @@ Several microcode updates are relevant: PCR3 works fine, and TSX is disabled by default, but the user can re-enable TSX at their own risk, accepting that the memory order erratum is unfixed. + * February 2022, removing the VERW flushing workaround from November 2019 on + client CPUs and formally de-featuring TSX on WHL-R/CFL-R (Note: CLX still + retains the VERW flushing workaround). TSX defaults to disabled, and is + locked off when SGX is enabled in the BIOS. When SGX is not enabled, TSX + can be re-enabled at the users own risk, as it reintroduces the TSX Async + Abort speculative vulnerability. + On systems with the ability to configure TSX, this boolean offers system wide control of whether TSX is enabled or disabled. +When TSX is disabled, transactions unconditionally abort. This is compatible +with the TSX spec, which requires software to have a non-transactional path as +a fallback. The RTM and HLE CPUID bits are hidden from VMs by default, but +can be re-enabled if required. This allows VMs which previously saw RTM/HLE +to be migrated in, although any TSX-enabled software will run with reduced +performance. + + * When TSX is locked off by firmware, `tsx=` is ignored and treated as + `false`. + * An explicit `tsx=` choice is honoured, even if it is `true` and would result in a vulnerable system. * When no explicit `tsx=` choice is given, parts vulnerable to TAA will be mitigated by disabling TSX, as this is the lowest overhead option. - If the use of TSX is important, the more expensive TAA mitigations can be - opted in to with `smt=0 spec-ctrl=md-clear`, at which point TSX will remain - active by default. - * When no explicit `tsx=` option is given, parts susceptible to the memory ordering errata default to `true` to enable working TSX. Alternatively, selecting `tsx=0` will disable TSX and restore PCR3 to a working state. diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index ab68ef2681..9df1959fe5 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -78,6 +78,8 @@ #define MSR_MCU_OPT_CTRL 0x00000123 #define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) +#define MCU_OPT_CTRL_RTM_ALLOW (_AC(1, ULL) << 1) +#define MCU_OPT_CTRL_RTM_LOCKED (_AC(1, ULL) << 2) #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 3628b4b415..2b93468d39 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1233,11 +1233,14 @@ void __init init_speculation_mitigations(void) * the MDS mitigation of disabling HT and using VERW flushing. * * On CPUs which advertise MDS_NO, VERW has no flushing side effect until - * the TSX_CTRL microcode is loaded, despite the MD_CLEAR CPUID bit being + * the TSX_CTRL microcode (Nov 2019), despite the MD_CLEAR CPUID bit being * advertised, and there isn't a MD_CLEAR_2 flag to use... * + * Furthermore, the VERW flushing side effect is removed again on client + * parts with the Feb 2022 microcode. + * * If we're on affected hardware, able to do something about it (which - * implies that VERW now works), no explicit TSX choice and traditional + * implies that VERW might work), no explicit TSX choice and traditional * MDS mitigations (no-SMT, VERW) not obviosuly in use (someone might * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index c3b8a7ec00..be89741a2f 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -14,6 +14,9 @@ * This is arranged such that the bottom bit encodes whether TSX is actually * disabled, while identifying various explicit (>=0) and implicit (<0) * conditions. + * + * This option only has any effect on systems presenting a mechanism of + * controlling TSX behaviour, and where TSX isn't force-disabled by firmware. */ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; @@ -54,6 +57,66 @@ void tsx_init(void) cpu_has_tsx_ctrl = !!(caps & ARCH_CAPS_TSX_CTRL); has_rtm_always_abort = cpu_has_rtm_always_abort; + if ( cpu_has_tsx_ctrl && cpu_has_srbds_ctrl ) + { + /* + * On a TAA-vulnerable or later part with at least the May 2020 + * microcode mitigating SRBDS. + */ + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * Probe for the February 2022 microcode which de-features TSX on + * TAA-vulnerable client parts - WHL-R/CFL-R. + * + * RTM_ALWAYS_ABORT (read above) enumerates the new functionality, + * but is read as zero if MCU_OPT_CTRL.RTM_ALLOW has been set + * before we run. Undo this. + */ + if ( val & MCU_OPT_CTRL_RTM_ALLOW ) + has_rtm_always_abort = true; + + if ( has_rtm_always_abort ) + { + if ( val & MCU_OPT_CTRL_RTM_LOCKED ) + { + /* + * If RTM_LOCKED is set, TSX is disabled because SGX is + * enabled, and there is nothing we can do. Override with + * tsx=0 so all other logic takes sensible actions. + */ + printk(XENLOG_WARNING "TSX locked by firmware - disabling\n"); + opt_tsx = 0; + } + else + { + /* + * Otherwise, set RTM_ALLOW. Not because we necessarily + * intend to enable RTM, but it prevents + * MSR_TSX_CTRL.RTM_DISABLE from being ignored, thus + * allowing the rest of the TSX selection logic to work as + * before. + */ + val |= MCU_OPT_CTRL_RTM_ALLOW; + } + + set_in_mcu_opt_ctrl( + MCU_OPT_CTRL_RTM_LOCKED | MCU_OPT_CTRL_RTM_ALLOW, val); + + /* + * If no explicit tsx= option is provided, pick a default. + * + * With RTM_ALWAYS_ABORT, the default ucode behaviour is to + * disable, so match that. This does not override explicit user + * choices, or implicit choices as a side effect of spec-ctrl=0. + */ + if ( opt_tsx == -1 ) + opt_tsx = 0; + } + } + if ( cpu_has_tsx_force_abort ) { /* @@ -142,6 +205,19 @@ void tsx_init(void) */ if ( cpu_has_tsx_ctrl ) { + /* + * On a TAA-vulnerable part with at least the November 2019 microcode, + * or newer part with TAA fixed. + * + * Notes: + * - With the February 2022 microcode, if SGX has caused TSX to be + * locked off, opt_tsx is overridden to 0. TSX_CTRL.RTM_DISABLE is + * an ignored bit, but we write it such that it matches the + * behaviour enforced by microcode. + * - Otherwise, if SGX isn't enabled and TSX is available to be + * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to + * let TSX_CTRL.RTM_DISABLE be usable. + */ uint32_t hi, lo; rdmsr(MSR_TSX_CTRL, lo, hi); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269567.463650 (Exim 4.92) (envelope-from ) id 1nHzRg-0004Xm-Kl; Thu, 10 Feb 2022 02:44:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269567.463650; Thu, 10 Feb 2022 02:44:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRg-0004Xe-Hc; Thu, 10 Feb 2022 02:44:32 +0000 Received: by outflank-mailman (input) for mailman id 269567; Thu, 10 Feb 2022 02:44:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRf-0004XT-SF for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRf-0006PV-RQ for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzRf-0006R7-QW for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VGfigUph6eH8s0SQm7sMnLCTYrUWmVd0t/gpSzTp8dI=; b=BeFiCWAI679pdTVor+pTEpsfTR /5fF7wI8wQmTN174IxpFmtvKyb74yBu/wTPVPOS8mGojBCbF2mz0ZY1OW5U/yl3dOBGKB8ZBG0dmQ j2zPF9LWAq7e2XMO2x6Lm4WmEVZXGJRBGKFmvEi1+IB+Rjxre1JFH3s0ygSDZuUdw5hU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL Message-Id: Date: Thu, 10 Feb 2022 02:44:31 +0000 commit 4b45c4faa8c0637eb41cb4b143ccd4e9548c4908 Author: Andrew Cooper AuthorDate: Thu Jun 10 12:34:45 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 tests/tsx: Extend test-tsx to check MSR_MCU_OPT_CTRL This MSR needs to be identical across the system for TSX to have identical behaviour everywhere. Furthermore, its CPUID bit (SRBDS_CTRL) shouldn't be visible to guests. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- tools/tests/tsx/test-tsx.c | 9 ++++++++- xen/arch/x86/platform_hypercall.c | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index a3d987b6d2..f11e8c54e0 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -42,6 +42,7 @@ enum { #define ARCH_CAPS_TSX_CTRL (1 << 7) #define MSR_TSX_FORCE_ABORT 0x0000010f #define MSR_TSX_CTRL 0x00000122 +#define MSR_MCU_OPT_CTRL 0x00000123 static unsigned int nr_failures; #define fail(fmt, ...) \ @@ -155,6 +156,10 @@ static void test_tsx_msrs(void) printf("Testing MSR_TSX_CTRL consistency\n"); test_tsx_msr_consistency( MSR_TSX_CTRL, host.msr.arch_caps.tsx_ctrl); + + printf("Testing MSR_MCU_OPT_CTRL consistency\n"); + test_tsx_msr_consistency( + MSR_MCU_OPT_CTRL, host.cpuid.feat.srbds_ctrl); } /* @@ -313,7 +318,8 @@ static void test_guest_policies(const struct xc_cpu_policy *max, if ( ((cm->feat.raw[0].d | cd->feat.raw[0].d) & (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT))) || + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | + bitmaskof(X86_FEATURE_SRBDS_CTRL))) || ((mm->arch_caps.raw | md->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) fail(" Xen-only TSX controls offered to guest\n"); @@ -388,6 +394,7 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.cpuid.feat.hle || guest_policy.cpuid.feat.tsx_force_abort || guest_policy.cpuid.feat.rtm_always_abort || + guest_policy.cpuid.feat.srbds_ctrl || guest_policy.msr.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 284c2dfb9e..bf4090c942 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -80,6 +80,9 @@ static bool msr_read_allowed(unsigned int msr) case MSR_TSX_CTRL: return cpu_has_tsx_ctrl; + + case MSR_MCU_OPT_CTRL: + return cpu_has_srbds_ctrl; } if ( ppin_msr && msr == ppin_msr ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269568.463654 (Exim 4.92) (envelope-from ) id 1nHzRq-0004aW-MC; Thu, 10 Feb 2022 02:44:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269568.463654; Thu, 10 Feb 2022 02:44:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRq-0004aO-JB; Thu, 10 Feb 2022 02:44:42 +0000 Received: by outflank-mailman (input) for mailman id 269568; Thu, 10 Feb 2022 02:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRp-0004a9-VQ for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzRp-0006Pm-Ug for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzRp-0006SF-Tr for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7NFWS2iKHPzPMXavHXhTko7QPnxHhyvamN9WpU0PO+o=; b=nCF7tvghIxBsxkaIdNCuqwuVrV +gPydF5e4H8uY+8/JnCVu2znBGnU9Z7oVXMDT3GUl39vV7/3AtHQjGLe+h21uNPWAAaIr48VdLiqB vUps9RF0FowY8zujqlRVuHG7gdfvYx9xG3N1KkJQZOeexFUseHP9olJKZ7I0slq9zoRU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Infrastructure for cpuid word 7:2.edx Message-Id: Date: Thu, 10 Feb 2022 02:44:41 +0000 commit f3709b15fc86c6c6a0959cec8d97f21d0e9f9629 Author: Andrew Cooper AuthorDate: Thu Jan 27 21:07:40 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/cpuid: Infrastructure for cpuid word 7:2.edx While in principle it would be nice to keep leaf 7 in order, that would involve having an extra 5 words of zeros in a featureset. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/misc/xen-cpuid.c | 5 +++++ xen/arch/x86/cpu/common.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ xen/include/xen/lib/x86/cpuid.h | 13 ++++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 3c8f3ed1ba..4062629698 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -200,6 +200,10 @@ static const char *const str_7b1[32] = [ 0] = "ppin", }; +static const char *const str_7d2[32] = +{ +}; + static const struct { const char *name; const char *abbr; @@ -219,6 +223,7 @@ static const struct { { "0x00000007:1.eax", "7a1", str_7a1 }, { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, + { "0x00000007:2.edx", "7d2", str_7d2 }, }; #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index d4f5028fa2..c4f07f2d1d 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -447,6 +447,10 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], &tmp, &tmp); + if (max_subleaf >= 2) + cpuid_count(7, 2, + &tmp, &tmp, &tmp, + &c->x86_capability[FEATURESET_7d2]); } if (c->cpuid_level >= 0xd) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 957df23b65..81b0f5e0aa 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -302,6 +302,8 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory Number */ +/* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ + #endif /* XEN_CPUFEATURE */ /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index e87036b303..50be07c0eb 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,6 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ +#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ struct cpuid_leaf { @@ -82,7 +83,7 @@ const char *x86_cpuid_vendor_to_str(unsigned int vendor); #define CPUID_GUEST_NR_BASIC (0xdu + 1) #define CPUID_GUEST_NR_CACHE (5u + 1) -#define CPUID_GUEST_NR_FEAT (1u + 1) +#define CPUID_GUEST_NR_FEAT (2u + 1) #define CPUID_GUEST_NR_TOPO (1u + 1) #define CPUID_GUEST_NR_XSTATE (62u + 1) #define CPUID_GUEST_NR_EXTD_INTEL (0x8u + 1) @@ -193,6 +194,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; + uint32_t /* c */:32, /* d */:32; + + /* Subleaf 2. */ + uint32_t /* a */:32, /* b */:32, /* c */:32; + union { + uint32_t _7d2; + struct { DECL_BITFIELD(7d2); }; + }; }; } feat; @@ -333,6 +342,7 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_7a1] = p->feat._7a1; fs[FEATURESET_e21a] = p->extd.e21a; fs[FEATURESET_7b1] = p->feat._7b1; + fs[FEATURESET_7d2] = p->feat._7d2; } /* Fill in a CPUID policy from a featureset bitmap. */ @@ -352,6 +362,7 @@ static inline void cpuid_featureset_to_policy( p->feat._7a1 = fs[FEATURESET_7a1]; p->extd.e21a = fs[FEATURESET_e21a]; p->feat._7b1 = fs[FEATURESET_7b1]; + p->feat._7d2 = fs[FEATURESET_7d2]; } static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 02:44:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 02:44:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269569.463658 (Exim 4.92) (envelope-from ) id 1nHzS0-0004de-Nm; Thu, 10 Feb 2022 02:44:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269569.463658; Thu, 10 Feb 2022 02:44:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzS0-0004dW-Kh; Thu, 10 Feb 2022 02:44:52 +0000 Received: by outflank-mailman (input) for mailman id 269569; Thu, 10 Feb 2022 02:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzS0-0004dO-2S for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nHzS0-0006Py-1j for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nHzS0-0006TM-0s for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 02:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4ezee4+eZXAFMfwRv5Fd/FB9auD7hFtNzLFH/V2S+o4=; b=cHrSf1NqQisp19lWdkRk7mpp7+ w3F1GgEiEIFY80bw4O78KoPtsWdTDVx96xbwNFtwhUo8g8I8cl1LZG86gsq0alsy1N11ZQ0kc4QTX erOSFD3wbUIurlQj5L94Sup2j74kRL3Y5DYNH/peFGkPDI2L7oQTLRNz+x9L7h9cJqbA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Support Intel PSFD for guests Message-Id: Date: Thu, 10 Feb 2022 02:44:52 +0000 commit 52ce1c97844db213de01c5300eaaa8cf101a285f Author: Andrew Cooper AuthorDate: Tue Oct 19 21:22:27 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 8 18:00:08 2022 +0000 x86/spec-ctrl: Support Intel PSFD for guests The Feb 2022 microcode from Intel retrofits AMD's MSR_SPEC_CTRL.PSFD interface to Sunny Cove (IceLake) and later cores. Update the MSR_SPEC_CTRL emulation, and expose it to guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 +- xen/arch/x86/spec_ctrl.c | 7 +++++-- xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index e1acf6648d..d462f9e421 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, {"cmplegacy", 0x80000001, NA, CPUID_REG_ECX, 1, 1}, {"svm", 0x80000001, NA, CPUID_REG_ECX, 2, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4062629698..0b1b3333fe 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -202,6 +202,7 @@ static const char *const str_7b1[32] = static const char *const str_7d2[32] = { + [ 0] = "intel-psfd", }; static const struct { diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 4ac5b5a048..01a15857b7 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -443,7 +443,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; - bool psfd = cp->extd.psfd; + bool psfd = cp->feat.intel_psfd || cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b93468d39..cbeeb19903 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -307,11 +307,13 @@ custom_param("pv-l1tf", parse_pv_l1tf); static void __init print_details(enum ind_thunk thunk, uint64_t caps) { - unsigned int _7d0 = 0, e8b = 0, tmp; + unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) - cpuid_count(7, 0, &tmp, &tmp, &tmp, &_7d0); + cpuid_count(7, 0, &max, &tmp, &tmp, &_7d0); + if ( max >= 2 ) + cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); @@ -345,6 +347,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d2 & cpufeat_mask(X86_FEATURE_INTEL_PSFD)) || (e8b & cpufeat_mask(X86_FEATURE_PSFD)) ? " PSFD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 81b0f5e0aa..9cee4b439e 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,6 +303,7 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory Number */ /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ +XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 39c8b0c774..e0e3f2f463 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -287,7 +287,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD], + IBRSB: [STIBP, SSBD, INTEL_PSFD], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269785.463884 (Exim 4.92) (envelope-from ) id 1nI6vj-0001JX-1g; Thu, 10 Feb 2022 10:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269785.463884; Thu, 10 Feb 2022 10:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vi-0001JO-TH; Thu, 10 Feb 2022 10:44:02 +0000 Received: by outflank-mailman (input) for mailman id 269785; Thu, 10 Feb 2022 10:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vi-0001JI-AG for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vi-0008Au-9P for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6vi-0002NF-82 for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u8xwU3vy056ac7iMllVWhpNJsh3BY25FOnJ4AME7uWU=; b=cPgofl43T1x3IeCe7K8t6db7ZJ fW+Wr0p3guglnt2xsv0gpggLrpLoUWbL2SN2r0PlgQbL8vr1twrwtJR+6Z/2xVZPZPYwmlzsAcDRZ R51O+HX3nZfxC8vE1hfrRT5qw9YJivOmVSleKyU3eRYyaHflPV6Hd0s8FLAZ4KbUFo9o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: drop a few CONFIG_HVM Message-Id: Date: Thu, 10 Feb 2022 10:44:02 +0000 commit 26294494ff07e11c585ced7b15d085497a16af73 Author: Jan Beulich AuthorDate: Wed Feb 9 12:47:40 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:47:40 2022 +0100 x86/P2M: drop a few CONFIG_HVM This is to make it easier to see which parts of p2m.c still aren't HVM- specific: In one case the conditionals sat in an already guarded region, while in the other case P2M_AUDIT implies HVM. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/p2m.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 3f81e99fd6..27cb91d18a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1678,11 +1678,10 @@ p2m_flush_table_locked(struct p2m_domain *p2m) * when discarding them. */ ASSERT(!p2m_is_hostp2m(p2m)); -#ifdef CONFIG_HVM - /* Nested p2m's do not do pod, hence the asserts (and no pod lock)*/ + + /* Nested p2m's do not do pod, hence the asserts (and no pod lock) */ ASSERT(page_list_empty(&p2m->pod.super)); ASSERT(page_list_empty(&p2m->pod.single)); -#endif /* No need to flush if it's already empty */ if ( p2m_is_nestedp2m(p2m) && p2m->np2m_base == P2M_BASE_EADDR ) @@ -2599,7 +2598,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, return ret; } -#endif /* CONFIG_HVM */ /*** Audit ***/ @@ -2705,8 +2703,6 @@ out_p2m_audit: } #endif /* P2M_AUDIT */ -#ifdef CONFIG_HVM - /* * Add frame from foreign domain to target domain's physmap. Similar to * XENMAPSPACE_gmfn but the frame is foreign being mapped into current, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269786.463886 (Exim 4.92) (envelope-from ) id 1nI6vt-0001OH-2H; Thu, 10 Feb 2022 10:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269786.463886; Thu, 10 Feb 2022 10:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vs-0001O9-Ul; Thu, 10 Feb 2022 10:44:12 +0000 Received: by outflank-mailman (input) for mailman id 269786; Thu, 10 Feb 2022 10:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vs-0001Nn-Dw for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6vs-0008BE-DB for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6vs-0002Oc-Bn for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZWHExHSXEun9mCjoLCi+cIj5JQl/KEEjeomTH4C4WTw=; b=asjP7zTYM4PNcrqFtSN1CX6swB XBr0oMlmOWcaNYXKShAmge9TZSd0H4nD2fRCHDnNCI6jysF/eduVKmlh2Jd9O6xj7JsjtpWmw6S2G Z6PClVPHBnS6GWlZWwBlQcgZGx0uN112Dv2PXjKlzwznGSHWDirPy/4uJGkWEAo7CYMM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/P2M: move map_domain_gfn() (again) Message-Id: Date: Thu, 10 Feb 2022 10:44:12 +0000 commit 470f260d5315f0895915ab1433fd067e3b21540c Author: Jan Beulich AuthorDate: Wed Feb 9 12:48:59 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:48:59 2022 +0100 x86/P2M: move map_domain_gfn() (again) The main user is the guest walking code, so move it back there; commit 9a6787cc3809 ("x86/mm: build map_domain_gfn() just once") would perhaps better have kept it there in the first place. This way it'll only get built when it's actually needed (and still only once). This also eliminates one more CONFIG_HVM conditional from p2m.c. Signed-off-by: Jan Beulich Reviewed-by: George Dunlap --- xen/arch/x86/mm/guest_walk.c | 50 ++++++++++++++++++++++++++++++++++++++++++ xen/arch/x86/mm/p2m.c | 52 -------------------------------------------- 2 files changed, 50 insertions(+), 52 deletions(-) diff --git a/xen/arch/x86/mm/guest_walk.c b/xen/arch/x86/mm/guest_walk.c index b9f607272c..35d543ca5f 100644 --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -532,6 +532,56 @@ guest_walk_tables(const struct vcpu *v, struct p2m_domain *p2m, return walk_ok; } +#if GUEST_PAGING_LEVELS == CONFIG_PAGING_LEVELS +/* + * If the map is non-NULL, we leave this function having acquired an extra ref + * on mfn_to_page(*mfn). In all cases, *pfec contains appropriate + * synthetic/structure PFEC_* bits. + */ +void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, + p2m_query_t q, uint32_t *pfec) +{ + p2m_type_t p2mt; + struct page_info *page; + + if ( !gfn_valid(p2m->domain, gfn) ) + { + *pfec = PFEC_reserved_bit | PFEC_page_present; + return NULL; + } + + /* Translate the gfn, unsharing if shared. */ + page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); + if ( p2m_is_paging(p2mt) ) + { + ASSERT(p2m_is_hostp2m(p2m)); + if ( page ) + put_page(page); + p2m_mem_paging_populate(p2m->domain, gfn); + *pfec = PFEC_page_paged; + return NULL; + } + if ( p2m_is_shared(p2mt) ) + { + if ( page ) + put_page(page); + *pfec = PFEC_page_shared; + return NULL; + } + if ( !page ) + { + *pfec = 0; + return NULL; + } + + *pfec = PFEC_page_present; + *mfn = page_to_mfn(page); + ASSERT(mfn_valid(*mfn)); + + return map_domain_page(*mfn); +} +#endif + /* * Local variables: * mode: C diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 27cb91d18a..c1cff37709 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1965,58 +1965,6 @@ unsigned long paging_gva_to_gfn(struct vcpu *v, return hostmode->gva_to_gfn(v, hostp2m, va, pfec); } -#endif /* CONFIG_HVM */ - -/* - * If the map is non-NULL, we leave this function having acquired an extra ref - * on mfn_to_page(*mfn). In all cases, *pfec contains appropriate - * synthetic/structure PFEC_* bits. - */ -void *map_domain_gfn(struct p2m_domain *p2m, gfn_t gfn, mfn_t *mfn, - p2m_query_t q, uint32_t *pfec) -{ - p2m_type_t p2mt; - struct page_info *page; - - if ( !gfn_valid(p2m->domain, gfn) ) - { - *pfec = PFEC_reserved_bit | PFEC_page_present; - return NULL; - } - - /* Translate the gfn, unsharing if shared. */ - page = p2m_get_page_from_gfn(p2m, gfn, &p2mt, NULL, q); - if ( p2m_is_paging(p2mt) ) - { - ASSERT(p2m_is_hostp2m(p2m)); - if ( page ) - put_page(page); - p2m_mem_paging_populate(p2m->domain, gfn); - *pfec = PFEC_page_paged; - return NULL; - } - if ( p2m_is_shared(p2mt) ) - { - if ( page ) - put_page(page); - *pfec = PFEC_page_shared; - return NULL; - } - if ( !page ) - { - *pfec = 0; - return NULL; - } - - *pfec = PFEC_page_present; - *mfn = page_to_mfn(page); - ASSERT(mfn_valid(*mfn)); - - return map_domain_page(*mfn); -} - -#ifdef CONFIG_HVM - static unsigned int mmio_order(const struct domain *d, unsigned long start_fn, unsigned long nr) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269790.463890 (Exim 4.92) (envelope-from ) id 1nI6w3-0001XY-3s; Thu, 10 Feb 2022 10:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269790.463890; Thu, 10 Feb 2022 10:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6w3-0001XP-0a; Thu, 10 Feb 2022 10:44:23 +0000 Received: by outflank-mailman (input) for mailman id 269790; Thu, 10 Feb 2022 10:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6w2-0001X3-Hd for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6w2-0008BW-Gv for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6w2-0002Pv-Fc for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WM0EvdVrqjq7+9AQLg5o4MpYZmZEmoFOzaB3Bs7sTEU=; b=eJgd2yHoTUmaUgk6CQPftyP87G shks+a2oo8vXqoJ/8MBYdJY2QuXvhEd/s7HOVc0KyeGjOTOaX1f1bGDUlOujyKTEqDzWqWzbymDQA fBRGi35pEl+fHUTti6+9k5lHVHwEUtMbf/TQZUFmwmIiIo8Dey8Hg1q2U8xv6V5BF3HU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: tidy XENMEM_{get,set}_pod_target handling Message-Id: Date: Thu, 10 Feb 2022 10:44:22 +0000 commit 551b0e6de57aca5006e3eff20cfacc4a4caf6a5d Author: Jan Beulich AuthorDate: Wed Feb 9 12:50:28 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:50:28 2022 +0100 x86/mm: tidy XENMEM_{get,set}_pod_target handling Do away with the "pod_target_out_unlock" label. In particular by folding if()-s, the logic can be expressed with less code (and no goto-s) this way. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 98edf5b89c..b80e4ab9c5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4810,24 +4810,18 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) if ( d == NULL ) return -ESRCH; - if ( cmd == XENMEM_set_pod_target ) - rc = xsm_set_pod_target(XSM_PRIV, d); - else - rc = xsm_get_pod_target(XSM_PRIV, d); - - if ( rc != 0 ) - goto pod_target_out_unlock; - if ( cmd == XENMEM_set_pod_target ) { - if ( target.target_pages > d->max_pages ) - { + rc = xsm_set_pod_target(XSM_PRIV, d); + if ( rc ) + ASSERT(rc < 0); + else if ( target.target_pages > d->max_pages ) rc = -EINVAL; - goto pod_target_out_unlock; - } - - rc = p2m_pod_set_mem_target(d, target.target_pages); + else + rc = p2m_pod_set_mem_target(d, target.target_pages); } + else + rc = xsm_get_pod_target(XSM_PRIV, d); if ( rc == -ERESTART ) { @@ -4842,13 +4836,9 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) target.pod_entries = p2m->pod.entry_count; if ( __copy_to_guest(arg, &target, 1) ) - { - rc= -EFAULT; - goto pod_target_out_unlock; - } + rc = -EFAULT; } - pod_target_out_unlock: rcu_unlock_domain(d); return rc; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269793.463893 (Exim 4.92) (envelope-from ) id 1nI6wD-0001hJ-75; Thu, 10 Feb 2022 10:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269793.463893; Thu, 10 Feb 2022 10:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wD-0001h9-3o; Thu, 10 Feb 2022 10:44:33 +0000 Received: by outflank-mailman (input) for mailman id 269793; Thu, 10 Feb 2022 10:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wC-0001fo-LD for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wC-0008Bm-KJ for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6wC-0002Qs-JJ for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w3xgYFDzG2YDrDcpIFB19Oxspo8uAwb6flAZ8guqLF8=; b=sTVvsJx624p0/zLzmMuDKtskCV sZHA/o9YNrQboRRKjfWjjqAVXtCEuFuTMKVTO5Fn6YpGPb20M/0lrR5N16389NliNoQoC6B8hTuR1 Iq4dUJtbH9A9Aei+mxguYwMJXm+kX9a/Z3yiOa5Qm0M61YChbbt/P/MtkpNSEeG5fVI4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: add option to disable GNTTABOP_transfer Message-Id: Date: Thu, 10 Feb 2022 10:44:32 +0000 commit 185250ec78a7555aeed11a7856f215685b068e7d Author: Juergen Gross AuthorDate: Wed Feb 9 12:51:05 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:51:05 2022 +0100 xen: add option to disable GNTTABOP_transfer The grant table operation GNTTABOP_transfer is meant to be used in PV device backends, and it hasn't been used in Linux since the old Xen-o-Linux days. Add a command line sub-option to the "gnttab" option for disabling the GNTTABOP_transfer functionality. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 8 ++++++-- xen/common/grant_table.c | 12 ++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 8e75e592e7..1ca817f5e1 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1167,9 +1167,9 @@ does not provide `VM_ENTRY_LOAD_GUEST_PAT`. Specify which console gdbstub should use. See **console**. ### gnttab -> `= List of [ max-ver:, transitive= ]` +> `= List of [ max-ver:, transitive=, transfer= ]` -> Default: `gnttab=max-ver:2,transitive` +> Default: `gnttab=max-ver:2,transitive,transfer` Control various aspects of the grant table behaviour available to guests. @@ -1178,6 +1178,10 @@ version are 1 and 2. * `transitive` Permit or disallow the use of transitive grants. Note that the use of grant table v2 without transitive grants is an ABI breakage from the guests point of view. +* `transfer` Permit or disallow the GNTTABOP_transfer operation of the +grant table hypercall. Note that disallowing GNTTABOP_transfer is an ABI +breakage from the guests point of view. This option is only available on +hypervisors configured to support PV guests. The usage of gnttab v2 is not security supported on ARM platforms. diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 233c4bfcbe..3d92fee592 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -181,6 +181,11 @@ static int parse_gnttab_max_maptrack_frames(const char *arg) unsigned int __read_mostly opt_gnttab_max_version = GNTTAB_MAX_VERSION; static bool __read_mostly opt_transitive_grants = true; +#ifdef CONFIG_PV +static bool __ro_after_init opt_grant_transfer = true; +#else +#define opt_grant_transfer false +#endif static int __init parse_gnttab(const char *s) { @@ -204,6 +209,10 @@ static int __init parse_gnttab(const char *s) } else if ( (val = parse_boolean("transitive", s, ss)) >= 0 ) opt_transitive_grants = val; +#ifndef opt_grant_transfer + else if ( (val = parse_boolean("transfer", s, ss)) >= 0 ) + opt_grant_transfer = val; +#endif else rc = -EINVAL; @@ -2233,6 +2242,9 @@ gnttab_transfer( unsigned int max_bitsize; struct active_grant_entry *act; + if ( !opt_grant_transfer ) + return -EOPNOTSUPP; + for ( i = 0; i < count; i++ ) { bool_t okay; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269795.463898 (Exim 4.92) (envelope-from ) id 1nI6wN-0001lT-8E; Thu, 10 Feb 2022 10:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269795.463898; Thu, 10 Feb 2022 10:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wN-0001lI-5I; Thu, 10 Feb 2022 10:44:43 +0000 Received: by outflank-mailman (input) for mailman id 269795; Thu, 10 Feb 2022 10:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wM-0001lC-O0 for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wM-0008Bz-NE for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6wM-0002S5-MT for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lFXyihc/asrV0w/UptWmHFiQwCmbGdAXUnFNrscOHV8=; b=bNnDn0Sf2MLTKmtA270A9ugtIo ulm7zytM8CamOogE8g1jX0KtaMh65bmXJsVLGXY9ZCuc3j8/yROiESn7D30ZqkRf+YzTvXDWE00Bo 7Fu1aFxN2uQIDxG1bAdpA3rqKSXBovjgfIaVrQxjJ/VOumJ0SKPL544RbEedE1WKEErg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Intel: don't log bogus frequency range on Core/Core2 processors Message-Id: Date: Thu, 10 Feb 2022 10:44:42 +0000 commit da4c512b05ed94e41c91bd8ed6d45895cf97cf51 Author: Jan Beulich AuthorDate: Wed Feb 9 12:52:01 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 9 12:52:01 2022 +0100 x86/Intel: don't log bogus frequency range on Core/Core2 processors Models 0F and 17 don't have PLATFORM_INFO documented. While it exists on at least model 0F, the information there doesn't match the scheme used on newer models (I'm observing a range of 700 ... 600 MHz reported on a Xeon E5345). Sadly the Enhanced Intel Core instance of the table entry is not self- consistent: The numeric description of the low 3 bits doesn't match the subsequent more textual description in some of the cases; I'm using the former here. Include the older Core model 0E as well as the two other Core2 models, none of which have respective MSR tables in the SDM. Fixes: f6b6517cd5db ("x86: retrieve and log CPU frequency information") Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index e7d4dd652f..06b0e552cc 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -467,6 +467,26 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) if ( c->x86 == 6 ) switch ( c->x86_model ) { + static const unsigned short core_factors[] = + { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; + + case 0x0e: /* Core */ + case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ + /* + * PLATFORM_INFO, while not documented for these, appears to + * exist in at least some cases, but what it holds doesn't + * match the scheme used by newer CPUs. At a guess, the min + * and max fields look to be reversed, while the scaling + * factor is encoded in FSB_FREQ. + */ + if ( min_ratio > max_ratio ) + SWAP(min_ratio, max_ratio); + if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || + (msrval &= 7) >= ARRAY_SIZE(core_factors) ) + return; + factor = core_factors[msrval]; + break; + case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ case 0x25: case 0x2c: case 0x2f: /* Westmere */ factor = 13333; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 10 10:44:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Feb 2022 10:44:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.269796.463903 (Exim 4.92) (envelope-from ) id 1nI6wY-0001pG-B4; Thu, 10 Feb 2022 10:44:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 269796.463903; Thu, 10 Feb 2022 10:44:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wY-0001p5-6m; Thu, 10 Feb 2022 10:44:54 +0000 Received: by outflank-mailman (input) for mailman id 269796; Thu, 10 Feb 2022 10:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wW-0001ot-R1 for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nI6wW-0008CB-QA for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nI6wW-0002TE-PG for xen-changelog@lists.xenproject.org; Thu, 10 Feb 2022 10:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+09C/qF4o/IU85xB3TFGDtRBPw1oG5YWVbBpL7AmgEY=; b=cwsSwImviHPcb9uVzh7/1mJm4H SnaWYMaXoYOgXYO0M6+/4RFIAhPQDGw/RnhHJ7soCeeUseaLaPIWWlREXwpLJ83bx2XbGVIK1oJmC BbMb51j2QNqgeeMn143/xPVd4kjoPC+CxjmuKYQume8OcIVYWBtLpaGvqm6xU79zXh7M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/serial: scif: add support for HSCIF Message-Id: Date: Thu, 10 Feb 2022 10:44:52 +0000 commit 87319afb96973213ec0a76270d93696f3b8d6743 Author: Volodymyr Babchuk AuthorDate: Tue Feb 8 11:23:55 2022 +0000 Commit: Julien Grall CommitDate: Wed Feb 9 12:24:49 2022 +0000 xen/serial: scif: add support for HSCIF HSCIF is a high-speed variant of Renesas SCIF serial interface. From Xen point of view, they almost the same, only difference is in FIFO size. Signed-off-by: Volodymyr Babchuk Reviewed-by: Oleksandr Tyshchenko Acked-by: Julien Grall --- xen/drivers/char/scif-uart.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/xen/drivers/char/scif-uart.c b/xen/drivers/char/scif-uart.c index ee204a11a4..2fccafe340 100644 --- a/xen/drivers/char/scif-uart.c +++ b/xen/drivers/char/scif-uart.c @@ -1,8 +1,8 @@ /* * xen/drivers/char/scif-uart.c * - * Driver for SCIF(A) (Serial communication interface with FIFO (A)) - * compatible UART. + * Driver for (H)SCIF(A) ((High-speed) Serial communication interface + * with FIFO (A)) compatible UART. * * Oleksandr Tyshchenko * Copyright (C) 2014, Globallogic. @@ -47,6 +47,7 @@ enum port_types { SCIF_PORT, SCIFA_PORT, + HSCIF_PORT, NR_PORTS, }; @@ -88,6 +89,17 @@ static const struct port_params port_params[NR_PORTS] = SCASCR_BRIE, .fifo_size = 64, }, + [HSCIF_PORT] = + { + .status_reg = SCIF_SCFSR, + .tx_fifo_reg = SCIF_SCFTDR, + .rx_fifo_reg = SCIF_SCFRDR, + .overrun_reg = SCIF_SCLSR, + .overrun_mask = SCLSR_ORER, + .error_mask = SCFSR_PER | SCFSR_FER | SCFSR_BRK | SCFSR_ER, + .irq_flags = SCSCR_RIE | SCSCR_TIE | SCSCR_REIE, + .fifo_size = 128, + }, }; static void scif_uart_interrupt(int irq, void *data, struct cpu_user_regs *regs) @@ -288,6 +300,7 @@ static const struct dt_device_match scif_uart_dt_match[] __initconst = { { .compatible = "renesas,scif", .data = &port_params[SCIF_PORT] }, { .compatible = "renesas,scifa", .data = &port_params[SCIFA_PORT] }, + { .compatible = "renesas,hscif", .data = &port_params[HSCIF_PORT] }, { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271245.465602 (Exim 4.92) (envelope-from ) id 1nJXNx-0000Im-TW; Mon, 14 Feb 2022 09:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271245.465602; Mon, 14 Feb 2022 09:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXNx-0000Ie-Qe; Mon, 14 Feb 2022 09:11:05 +0000 Received: by outflank-mailman (input) for mailman id 271245; Mon, 14 Feb 2022 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXNw-0000IY-Bu for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXNw-0001Uw-9e for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXNw-0006p8-8I for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KP6rickfr1mTXRpyIQXIglzego3hnu/fVVj03tzfUsE=; b=cdM3L3IBbbotBB+8S8uUbdgtIX Qa1SYBzoM7ZYmxNClqpOBb43psVAXEDUn97t7BS8kn6mV/j4cbVwlzTI+FtbNWyrhI04KNOK8+ejp 5oZKagqHy+tKr5meCnd+E6QmlaOTX92TDTg7c3yITvkohOFvxpGLw2RN3VbK40uT6iA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Intel: skip PLATFORM_INFO reads on family 0xf Message-Id: Date: Mon, 14 Feb 2022 09:11:04 +0000 commit a8b31239ae2f8d7bba10603ad8a4ba544a067b3c Author: Jan Beulich AuthorDate: Mon Feb 14 10:04:35 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:04:35 2022 +0100 x86/Intel: skip PLATFORM_INFO reads on family 0xf This avoids unnecessary (and always somewhat scary) log messages for the recovered from #GP(0). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/common.c | 7 +++++-- xen/arch/x86/cpu/intel.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c4f07f2d1d..3d61d95386 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -127,9 +127,12 @@ bool __init probe_cpuid_faulting(void) /* * Don't bother looking for CPUID faulting if we aren't virtualised on - * AMD or Hygon hardware - it won't be present. + * AMD or Hygon hardware - it won't be present. Likewise for Fam0F + * Intel hardware. */ - if ((boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) && + if (((boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) || + ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) && + boot_cpu_data.x86 == 0xf)) && !cpu_has_hypervisor) return false; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 06b0e552cc..5ec67cf9e0 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -455,7 +455,7 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) } } - if ( rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) + if ( c->x86 == 0xf || rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) return; max_ratio = msrval >> 8; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271246.465607 (Exim 4.92) (envelope-from ) id 1nJXO7-0000Kg-V8; Mon, 14 Feb 2022 09:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271246.465607; Mon, 14 Feb 2022 09:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXO7-0000KY-S9; Mon, 14 Feb 2022 09:11:15 +0000 Received: by outflank-mailman (input) for mailman id 271246; Mon, 14 Feb 2022 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXO6-0000KK-Em for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXO6-0001Wn-Dr for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXO6-0006py-C4 for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0M08JR7uPDVHuckoNbr1IxGHJGfUDZo4XvQzhAxcQMY=; b=MLzQkLbKmnhNPicwaDJS/wnGdP 3OB2ejaEoLfpRLfTMNtUEX/5Ez3UADE+UMKq1z5flGiV8cD9dro4pcbi0e2+cA2Vaz1uTBkv/Pwni wZqmjYE4ICwiG+NNX/wtYQrXNDuFOxOxiq9uNKORQfQEgqToRMI4ENlgdYXmSHkcxqqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Intel: skip CORE_THREAD_COUNT read on family 0xf Message-Id: Date: Mon, 14 Feb 2022 09:11:14 +0000 commit 9112d19853bc509b9c9997757393688657d5a087 Author: Jan Beulich AuthorDate: Mon Feb 14 10:05:38 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:05:38 2022 +0100 x86/Intel: skip CORE_THREAD_COUNT read on family 0xf This avoids an unnecessary (and always somewhat scary) log message for the recovered from #GP(0). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/spec_ctrl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cbeeb19903..db27bc3f64 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -453,7 +453,8 @@ static bool __init check_smt_enabled(void) * At the time of writing, it is almost completely undocumented, so isn't * virtualised reliably. */ - if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && !cpu_has_hypervisor && + if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 != 0xf && !cpu_has_hypervisor && !rdmsr_safe(MSR_INTEL_CORE_THREAD_COUNT, val) ) return (MASK_EXTR(val, MSR_CTC_CORE_MASK) != MASK_EXTR(val, MSR_CTC_THREAD_MASK)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271247.465611 (Exim 4.92) (envelope-from ) id 1nJXOI-0000Nq-0Z; Mon, 14 Feb 2022 09:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271247.465611; Mon, 14 Feb 2022 09:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOH-0000Ni-Ta; Mon, 14 Feb 2022 09:11:25 +0000 Received: by outflank-mailman (input) for mailman id 271247; Mon, 14 Feb 2022 09:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOG-0000NO-Jz for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOG-0001X8-JC for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXOG-0006qp-GW for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/Rbc4JQ/IutEVlEXtuHMMMn7MOfcsodcs20cRjcC72o=; b=HYn2HVGFtpXdIQxZgrl93GCanh vOo6R6mpgfuwZZmfxWa5WfbRd4bH59DnZEb2ChZPj0xI67vN8jjhLXgEsVCX1YbR00C9Fhse6Uyyv /ASifwVhbOlOWl/5qADvQybkJzTeHWXfZFL+9ucAy+MtVl9UY9mR6bSoYd7HqQKmvna0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Intel: also display CPU freq for family 0xf Message-Id: Date: Mon, 14 Feb 2022 09:11:24 +0000 commit e6e3cf191d3751a124b108b628183cadbafaa2cb Author: Jan Beulich AuthorDate: Mon Feb 14 10:06:11 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:06:11 2022 +0100 x86/Intel: also display CPU freq for family 0xf Actually we can do better than simply bailing for there not being any PLATFORM_INFO MSR on these. The "max" part of the information is available in another MSR, alongside the scaling factor (which is encoded in similar ways to Core/Core2, and hence the decoding table can be shared). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 57 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 5ec67cf9e0..699add6a4a 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -412,9 +412,9 @@ static int num_cpu_cores(struct cpuinfo_x86 *c) static void intel_log_freq(const struct cpuinfo_x86 *c) { - unsigned int eax, ebx, ecx, edx; + unsigned int eax, ebx, ecx, edx, factor; uint64_t msrval; - uint8_t max_ratio; + uint8_t max_ratio, min_ratio; if ( c->cpuid_level >= 0x15 ) { @@ -455,21 +455,22 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) } } - if ( c->x86 == 0xf || rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) - return; - max_ratio = msrval >> 8; - - if ( max_ratio ) + switch ( c->x86 ) { - unsigned int factor = 10000; - uint8_t min_ratio = msrval >> 40; + static const unsigned short core_factors[] = + { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; + + case 6: + if ( rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) + return; + max_ratio = msrval >> 8; + min_ratio = msrval >> 40; + if ( !max_ratio ) + return; - if ( c->x86 == 6 ) + { switch ( c->x86_model ) { - static const unsigned short core_factors[] = - { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; - case 0x0e: /* Core */ case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ /* @@ -491,13 +492,33 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) case 0x25: case 0x2c: case 0x2f: /* Westmere */ factor = 13333; break; - } - printk("CPU%u: ", smp_processor_id()); - if ( min_ratio ) - printk("%u ... ", (factor * min_ratio + 50) / 100); - printk("%u MHz\n", (factor * max_ratio + 50) / 100); + default: + factor = 10000; + break; + } + } + break; + + case 0xf: + if ( rdmsr_safe(MSR_IA32_EBC_FREQUENCY_ID, msrval) ) + return; + max_ratio = msrval >> 24; + min_ratio = 0; + msrval >>= 16; + if ( (msrval &= 7) > 4 ) + return; + factor = core_factors[msrval]; + break; + + default: + return; } + + printk("CPU%u: ", smp_processor_id()); + if ( min_ratio ) + printk("%u ... ", (factor * min_ratio + 50) / 100); + printk("%u MHz\n", (factor * max_ratio + 50) / 100); } static void init_intel(struct cpuinfo_x86 *c) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271248.465615 (Exim 4.92) (envelope-from ) id 1nJXOS-0000Qk-1v; Mon, 14 Feb 2022 09:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271248.465615; Mon, 14 Feb 2022 09:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOR-0000Qb-V4; Mon, 14 Feb 2022 09:11:35 +0000 Received: by outflank-mailman (input) for mailman id 271248; Mon, 14 Feb 2022 09:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOQ-0000QR-Mv for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOQ-0001XL-MB for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXOQ-0006sE-LH for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KwRjBN6Ryf3G6D0l5n2Y02Vi9WO2y4JR3G+6lKCwW+0=; b=Nqusv+5VI0wut8Y7+yKH8YjLle o6G5zxfZPgL9EWJryNiuhkiKLIN/a4OtRUD1TGwdcmqWCD83aF8p0ZoYkiQkiYEg4o/Hiqn2mo5qM jM4b5uxSnbpBiudJltBcG5FO+4Q6/ZZB9b4UUS84jh++ziOLghmRPbod6KT2PojHfGIM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] cpuid: initialize cpuinfo with boot_cpu_data Message-Id: Date: Mon, 14 Feb 2022 09:11:34 +0000 commit 793456d7aa9893d09df55ad2c0986b2a06ea4a98 Author: Norbert Manthey AuthorDate: Mon Feb 14 10:07:36 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:07:36 2022 +0100 cpuid: initialize cpuinfo with boot_cpu_data When re-identifying CPU data, we might use uninitialized data when checking for the cache line property to adapt the cache alignment. The data that depends on this uninitialized read is currently not forwarded. To avoid problems in the future, initialize the data cpuinfo structure before re-identifying the CPU again. The trace to hit the uninitialized read reported by Coverity is: bool recheck_cpu_features(unsigned int cpu) ... struct cpuinfo_x86 c; ... identify_cpu(&c); void identify_cpu(struct cpuinfo_x86 *c) ... generic_identify(c) static void generic_identify(struct cpuinfo_x86 *c) ... if (this_cpu->c_early_init) this_cpu->c_early_init(c); // which is early_init_intel static void early_init_intel(struct cpuinfo_x86 *c) ... if (c->x86 == 15 && c->x86_cache_alignment == 64) c->x86_cache_alignment = 128; This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Norbert Manthey Acked-by: Jan Beulich --- xen/arch/x86/cpuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index e24dd283e7..7c638eff2b 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -609,7 +609,7 @@ void __init init_guest_cpuid(void) bool recheck_cpu_features(unsigned int cpu) { bool okay = true; - struct cpuinfo_x86 c; + struct cpuinfo_x86 c = {0}; const struct cpuinfo_x86 *bsp = &boot_cpu_data; unsigned int i; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271249.465619 (Exim 4.92) (envelope-from ) id 1nJXOc-0000TY-37; Mon, 14 Feb 2022 09:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271249.465619; Mon, 14 Feb 2022 09:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOc-0000TQ-0H; Mon, 14 Feb 2022 09:11:46 +0000 Received: by outflank-mailman (input) for mailman id 271249; Mon, 14 Feb 2022 09:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOa-0000TG-QJ for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOa-0001XZ-PW for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXOa-0006so-OQ for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SshW1dwY9bP1bMW3MGxfExblCwcJskIhDJP0q+nCPkw=; b=u4B6GZrgTaucKilPECYMgZvo+w 2rlOKTtCbCOuGqpmHty4myAHkMfTv7VwOMmgrl0x79zVScRSYzHyMv9JCEnMkzh5qOg3cOiXRD/0G M5S1fOOSUWOUYE47vd3LOyU80bGu7P0dHqwnkuwD9Ri2+aJ1xGNOd8bKYPGK6a3IhPIA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul: work around gcc11 bug in SIMD tests Message-Id: Date: Mon, 14 Feb 2022 09:11:44 +0000 commit 71760cf0fe477adeaa5d41fa63ca7db8ea51f756 Author: Jan Beulich AuthorDate: Mon Feb 14 10:08:17 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:08:17 2022 +0100 x86emul: work around gcc11 bug in SIMD tests Gcc11 looks to have trouble with conditional expressions used with vector operands: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104497. Replace two instances causing SEGV there in certain cases. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/simd-sg.c | 2 +- tools/tests/x86_emulator/simd.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/simd-sg.c b/tools/tests/x86_emulator/simd-sg.c index 09228a4639..36f2d63d49 100644 --- a/tools/tests/x86_emulator/simd-sg.c +++ b/tools/tests/x86_emulator/simd-sg.c @@ -282,7 +282,7 @@ int sg_test(void) # if ELEM_SIZE == IDX_SIZE y = gather(x, array, idx, (idx & inv) != 0, ELEM_SIZE); for ( i = 0; i < ITEM_COUNT; ++i ) - if ( y[i] != ((i + 1) & (ITEM_COUNT - i) ? idx : inv)[i] + 1 ) + if ( y[i] != ((i + 1) & (ITEM_COUNT - i) ? idx[i] : inv[i]) + 1 ) return __LINE__; for ( ; i < ELEM_COUNT; ++i ) if ( y[i] ) diff --git a/tools/tests/x86_emulator/simd.c b/tools/tests/x86_emulator/simd.c index 995f4e3683..198f7b933e 100644 --- a/tools/tests/x86_emulator/simd.c +++ b/tools/tests/x86_emulator/simd.c @@ -1727,8 +1727,8 @@ int simd_test(void) if ( !eq(x - src, (alt + 1) / 2) ) return __LINE__; #endif - for ( i = 0; i < ELEM_COUNT; ++i ) - y[i] = (i & 1 ? inv : src)[i]; + for ( y = src, i = 1; i < ELEM_COUNT; i += 2 ) + y[i] = inv[i]; #ifdef select # ifdef UINT_SIZE -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:11:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271250.465624 (Exim 4.92) (envelope-from ) id 1nJXOm-0000YB-5S; Mon, 14 Feb 2022 09:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271250.465624; Mon, 14 Feb 2022 09:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOm-0000Xz-1k; Mon, 14 Feb 2022 09:11:56 +0000 Received: by outflank-mailman (input) for mailman id 271250; Mon, 14 Feb 2022 09:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOk-0000XZ-Te for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOk-0001Xk-Sq for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXOk-0006tS-S0 for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9p2/VUS85sv0TSpAeIe1jSIfmmCg3SV/vo3ecIdHeVE=; b=FIboVa4i5zjnDXrujhf3J/z9lT IKuD0co5beHmJEAKLsu2eniQUQEOZ5wKrNnha8W2Pl5O0wGTbrIRx27sbtwfa9fmR/GrZzK6NwxPG SQZn7l6oZDPPg3SHL1212aM7vFGOpXjCHePRquUBLn6iN32lPGZY2jMRTeQLFLkFcZX8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Mon, 14 Feb 2022 09:11:54 +0000 commit eddf13b5e9401f6871dcce1ce61c80cff62079ed Author: Jan Beulich AuthorDate: Mon Feb 14 10:08:38 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:08:38 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 824af9d899..2ba54c6151 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7401,7 +7401,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9558,6 +9557,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 14 09:12:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Feb 2022 09:12:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.271251.465627 (Exim 4.92) (envelope-from ) id 1nJXOx-0000b6-6M; Mon, 14 Feb 2022 09:12:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271251.465627; Mon, 14 Feb 2022 09:12:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOx-0000ay-3M; Mon, 14 Feb 2022 09:12:07 +0000 Received: by outflank-mailman (input) for mailman id 271251; Mon, 14 Feb 2022 09:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOv-0000ag-1t for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJXOv-0001Y7-18 for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJXOu-0006uK-Uy for xen-changelog@lists.xenproject.org; Mon, 14 Feb 2022 09:12:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k7lgpKKU6mRsai3f/0kFQIJtkw15r7trFOObOy7ezc8=; b=0b7385lLEAEZNJ17Y+FwkZw5bz HailaU7Xx4oxiP6nJtRQwcKLv2cRK5dQ/dOnUgBYK+7HR5eNhz92rve4KVNxJZZ2qM0pH8UIR2V9w UsPaDFjlQVo1cyAyF3YUBLNfBAa+v96m824Uoh5oOYz03i73Bu7T64DdEKCzv8jYzruI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul: fix SIMD test overriding of VBROADCASTS{S,D} Message-Id: Date: Mon, 14 Feb 2022 09:12:04 +0000 commit 94334d854bd358bd1d9c61d5e3306e4d903b120b Author: Jan Beulich AuthorDate: Mon Feb 14 10:09:15 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:09:15 2022 +0100 x86emul: fix SIMD test overriding of VBROADCASTS{S,D} Despite their suffixes these aren't scalar instructions, and hence the 128- and 256-bit EVEX forms may not be used without AVX512VL. Gcc11 ends up generating such instances for simd-sg.c. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/simd.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/tests/x86_emulator/simd.h b/tools/tests/x86_emulator/simd.h index 5b3b852a07..685d78d84b 100644 --- a/tools/tests/x86_emulator/simd.h +++ b/tools/tests/x86_emulator/simd.h @@ -250,7 +250,9 @@ asm ( ".macro override insn \n\t" # define OVR_INT(n) OVR_BW(n); OVR_DQ(n) OVR_INT(broadcast); +# ifdef __AVX512VL__ OVR_SFP(broadcast); +# endif OVR_SFP(comi); OVR_VFP(cvtdq2); OVR_INT(abs); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272788.467732 (Exim 4.92) (envelope-from ) id 1nJq7D-0000S6-C3; Tue, 15 Feb 2022 05:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272788.467732; Tue, 15 Feb 2022 05:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7D-0000Rx-8i; Tue, 15 Feb 2022 05:11:03 +0000 Received: by outflank-mailman (input) for mailman id 272788; Tue, 15 Feb 2022 05:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7B-0000Rp-Qj for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7B-0000aD-Pq for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq7B-0000hp-Or for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YAVmNQgotnVN7snJ0eGn37ij+eqkQBClEMg28CqMooE=; b=xo6kzkXD71ealMp3YYxv6x097Q ISd3ffYJIuRZdiUw6mdzat7bbu0QIFGQDdm5PoInLubompaL0eneOi9aJTfmh28UHe8D8GisC8cFM LcIfKUjCpEucUE1SYgG1jF8/NNNYedi7VFzRfrG/GkDVbkaK5q9trHRfpRJuBwYleDbw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Intel: skip PLATFORM_INFO reads on family 0xf Message-Id: Date: Tue, 15 Feb 2022 05:11:01 +0000 commit a8b31239ae2f8d7bba10603ad8a4ba544a067b3c Author: Jan Beulich AuthorDate: Mon Feb 14 10:04:35 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:04:35 2022 +0100 x86/Intel: skip PLATFORM_INFO reads on family 0xf This avoids unnecessary (and always somewhat scary) log messages for the recovered from #GP(0). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/common.c | 7 +++++-- xen/arch/x86/cpu/intel.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c4f07f2d1d..3d61d95386 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -127,9 +127,12 @@ bool __init probe_cpuid_faulting(void) /* * Don't bother looking for CPUID faulting if we aren't virtualised on - * AMD or Hygon hardware - it won't be present. + * AMD or Hygon hardware - it won't be present. Likewise for Fam0F + * Intel hardware. */ - if ((boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) && + if (((boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) || + ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) && + boot_cpu_data.x86 == 0xf)) && !cpu_has_hypervisor) return false; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 06b0e552cc..5ec67cf9e0 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -455,7 +455,7 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) } } - if ( rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) + if ( c->x86 == 0xf || rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) return; max_ratio = msrval >> 8; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272789.467737 (Exim 4.92) (envelope-from ) id 1nJq7N-0000UI-Da; Tue, 15 Feb 2022 05:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272789.467737; Tue, 15 Feb 2022 05:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7N-0000U9-AE; Tue, 15 Feb 2022 05:11:13 +0000 Received: by outflank-mailman (input) for mailman id 272789; Tue, 15 Feb 2022 05:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7L-0000U0-TX for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7L-0000aX-Sm for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq7L-0000is-Ru for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3Wsk8wArW9VXPqawaqKcP8hF2KxQIURqxoS3dmNOt6U=; b=tkh4dBN+QC30h5Fg7b8exbTmf7 5DSymNgzQwyhmTslfTDCMz4djwhZRwY3yazemHvH+d6PSkLzUWh27nHxjoSxO0NUQD7SAmfEMYRIM rexYE+3jYbUcJWEXBAq9l3plKrvvM3EIqW+OM6WDMEOQUwqJEbRHNKJBRYn2S1+mqs1M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Intel: skip CORE_THREAD_COUNT read on family 0xf Message-Id: Date: Tue, 15 Feb 2022 05:11:11 +0000 commit 9112d19853bc509b9c9997757393688657d5a087 Author: Jan Beulich AuthorDate: Mon Feb 14 10:05:38 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:05:38 2022 +0100 x86/Intel: skip CORE_THREAD_COUNT read on family 0xf This avoids an unnecessary (and always somewhat scary) log message for the recovered from #GP(0). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/spec_ctrl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cbeeb19903..db27bc3f64 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -453,7 +453,8 @@ static bool __init check_smt_enabled(void) * At the time of writing, it is almost completely undocumented, so isn't * virtualised reliably. */ - if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && !cpu_has_hypervisor && + if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 != 0xf && !cpu_has_hypervisor && !rdmsr_safe(MSR_INTEL_CORE_THREAD_COUNT, val) ) return (MASK_EXTR(val, MSR_CTC_CORE_MASK) != MASK_EXTR(val, MSR_CTC_THREAD_MASK)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272790.467739 (Exim 4.92) (envelope-from ) id 1nJq7X-0000Xy-Eb; Tue, 15 Feb 2022 05:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272790.467739; Tue, 15 Feb 2022 05:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7X-0000Xq-Bc; Tue, 15 Feb 2022 05:11:23 +0000 Received: by outflank-mailman (input) for mailman id 272790; Tue, 15 Feb 2022 05:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7W-0000XQ-0A for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7V-0000an-Vi for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq7V-0000k6-Ut for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6NrTc2+/9AmDmb3U8Q0TcdRZi4EGaA0L9ZSbeQkUFMw=; b=PdWCNOr8R6FHD78OTwOp2oal0a v119FOONnIymZCJ3G9oqo36sNOXzDiXinWzppKOnJkWjk9rp0KMoEhY/tzetD8jWVFCssoDwt9cyX pY/ykPWBEJokSO2jYq2pvRkRk8/ynu+l0SoAWWElR16A/ysYKCZpwghgT5iwBTeCHZpE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Intel: also display CPU freq for family 0xf Message-Id: Date: Tue, 15 Feb 2022 05:11:21 +0000 commit e6e3cf191d3751a124b108b628183cadbafaa2cb Author: Jan Beulich AuthorDate: Mon Feb 14 10:06:11 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:06:11 2022 +0100 x86/Intel: also display CPU freq for family 0xf Actually we can do better than simply bailing for there not being any PLATFORM_INFO MSR on these. The "max" part of the information is available in another MSR, alongside the scaling factor (which is encoded in similar ways to Core/Core2, and hence the decoding table can be shared). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 57 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 5ec67cf9e0..699add6a4a 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -412,9 +412,9 @@ static int num_cpu_cores(struct cpuinfo_x86 *c) static void intel_log_freq(const struct cpuinfo_x86 *c) { - unsigned int eax, ebx, ecx, edx; + unsigned int eax, ebx, ecx, edx, factor; uint64_t msrval; - uint8_t max_ratio; + uint8_t max_ratio, min_ratio; if ( c->cpuid_level >= 0x15 ) { @@ -455,21 +455,22 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) } } - if ( c->x86 == 0xf || rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) - return; - max_ratio = msrval >> 8; - - if ( max_ratio ) + switch ( c->x86 ) { - unsigned int factor = 10000; - uint8_t min_ratio = msrval >> 40; + static const unsigned short core_factors[] = + { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; + + case 6: + if ( rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msrval) ) + return; + max_ratio = msrval >> 8; + min_ratio = msrval >> 40; + if ( !max_ratio ) + return; - if ( c->x86 == 6 ) + { switch ( c->x86_model ) { - static const unsigned short core_factors[] = - { 26667, 13333, 20000, 16667, 33333, 10000, 40000 }; - case 0x0e: /* Core */ case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ /* @@ -491,13 +492,33 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) case 0x25: case 0x2c: case 0x2f: /* Westmere */ factor = 13333; break; - } - printk("CPU%u: ", smp_processor_id()); - if ( min_ratio ) - printk("%u ... ", (factor * min_ratio + 50) / 100); - printk("%u MHz\n", (factor * max_ratio + 50) / 100); + default: + factor = 10000; + break; + } + } + break; + + case 0xf: + if ( rdmsr_safe(MSR_IA32_EBC_FREQUENCY_ID, msrval) ) + return; + max_ratio = msrval >> 24; + min_ratio = 0; + msrval >>= 16; + if ( (msrval &= 7) > 4 ) + return; + factor = core_factors[msrval]; + break; + + default: + return; } + + printk("CPU%u: ", smp_processor_id()); + if ( min_ratio ) + printk("%u ... ", (factor * min_ratio + 50) / 100); + printk("%u MHz\n", (factor * max_ratio + 50) / 100); } static void init_intel(struct cpuinfo_x86 *c) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272791.467745 (Exim 4.92) (envelope-from ) id 1nJq7h-0000b1-Gf; Tue, 15 Feb 2022 05:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272791.467745; Tue, 15 Feb 2022 05:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7h-0000as-D3; Tue, 15 Feb 2022 05:11:33 +0000 Received: by outflank-mailman (input) for mailman id 272791; Tue, 15 Feb 2022 05:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7g-0000ad-3O for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7g-0000az-2S for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq7g-0000l6-1W for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wY8Gz3xS+WM5eqxBw2VEDiGQl8vzeV/iNfQjCJzOMvA=; b=RYcvuYYa5VYXVLjMLvWVc+SkNs aYAaiCS5VS3kJNlOdYjgOa4XiaEb1cl8VHq7rUzMou/BYOJG/EL97cLHQt1jCkb7IwJfWRUSyRG3d hlgCVTBoQK0sGRw09r6c8m48SA9oCQCl6ncRAQQfNB8XsvBtE6jzBwAuSWtmUytYhntA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] cpuid: initialize cpuinfo with boot_cpu_data Message-Id: Date: Tue, 15 Feb 2022 05:11:32 +0000 commit 793456d7aa9893d09df55ad2c0986b2a06ea4a98 Author: Norbert Manthey AuthorDate: Mon Feb 14 10:07:36 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:07:36 2022 +0100 cpuid: initialize cpuinfo with boot_cpu_data When re-identifying CPU data, we might use uninitialized data when checking for the cache line property to adapt the cache alignment. The data that depends on this uninitialized read is currently not forwarded. To avoid problems in the future, initialize the data cpuinfo structure before re-identifying the CPU again. The trace to hit the uninitialized read reported by Coverity is: bool recheck_cpu_features(unsigned int cpu) ... struct cpuinfo_x86 c; ... identify_cpu(&c); void identify_cpu(struct cpuinfo_x86 *c) ... generic_identify(c) static void generic_identify(struct cpuinfo_x86 *c) ... if (this_cpu->c_early_init) this_cpu->c_early_init(c); // which is early_init_intel static void early_init_intel(struct cpuinfo_x86 *c) ... if (c->x86 == 15 && c->x86_cache_alignment == 64) c->x86_cache_alignment = 128; This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Norbert Manthey Acked-by: Jan Beulich --- xen/arch/x86/cpuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index e24dd283e7..7c638eff2b 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -609,7 +609,7 @@ void __init init_guest_cpuid(void) bool recheck_cpu_features(unsigned int cpu) { bool okay = true; - struct cpuinfo_x86 c; + struct cpuinfo_x86 c = {0}; const struct cpuinfo_x86 *bsp = &boot_cpu_data; unsigned int i; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272792.467748 (Exim 4.92) (envelope-from ) id 1nJq7q-0000dx-HU; Tue, 15 Feb 2022 05:11:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272792.467748; Tue, 15 Feb 2022 05:11:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7q-0000dp-EW; Tue, 15 Feb 2022 05:11:42 +0000 Received: by outflank-mailman (input) for mailman id 272792; Tue, 15 Feb 2022 05:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7q-0000dh-6E for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq7q-0000bS-5W for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq7q-0000ln-4p for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=utESuXVnSiLKDCP8HK2SFEaJszrzlF5qFulqzKCLAMg=; b=NeEerABm7/E5z0NjJ0mbGf7+Kc tBm7m8Q5COGR3EuReuFhYXtd71AjZoiplOBC4nRlmTJOB8i5+Lf0eqebn+BApqaiXk2JZGDvPrDZc 0F4s0AvbKO5I2iPly6e+o2M9awXwPxZ6N06RrO/YuOMKGrNdcnhDeBfHJPhbp7zmxGK8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul: work around gcc11 bug in SIMD tests Message-Id: Date: Tue, 15 Feb 2022 05:11:42 +0000 commit 71760cf0fe477adeaa5d41fa63ca7db8ea51f756 Author: Jan Beulich AuthorDate: Mon Feb 14 10:08:17 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:08:17 2022 +0100 x86emul: work around gcc11 bug in SIMD tests Gcc11 looks to have trouble with conditional expressions used with vector operands: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104497. Replace two instances causing SEGV there in certain cases. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/simd-sg.c | 2 +- tools/tests/x86_emulator/simd.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/tests/x86_emulator/simd-sg.c b/tools/tests/x86_emulator/simd-sg.c index 09228a4639..36f2d63d49 100644 --- a/tools/tests/x86_emulator/simd-sg.c +++ b/tools/tests/x86_emulator/simd-sg.c @@ -282,7 +282,7 @@ int sg_test(void) # if ELEM_SIZE == IDX_SIZE y = gather(x, array, idx, (idx & inv) != 0, ELEM_SIZE); for ( i = 0; i < ITEM_COUNT; ++i ) - if ( y[i] != ((i + 1) & (ITEM_COUNT - i) ? idx : inv)[i] + 1 ) + if ( y[i] != ((i + 1) & (ITEM_COUNT - i) ? idx[i] : inv[i]) + 1 ) return __LINE__; for ( ; i < ELEM_COUNT; ++i ) if ( y[i] ) diff --git a/tools/tests/x86_emulator/simd.c b/tools/tests/x86_emulator/simd.c index 995f4e3683..198f7b933e 100644 --- a/tools/tests/x86_emulator/simd.c +++ b/tools/tests/x86_emulator/simd.c @@ -1727,8 +1727,8 @@ int simd_test(void) if ( !eq(x - src, (alt + 1) / 2) ) return __LINE__; #endif - for ( i = 0; i < ELEM_COUNT; ++i ) - y[i] = (i & 1 ? inv : src)[i]; + for ( y = src, i = 1; i < ELEM_COUNT; i += 2 ) + y[i] = inv[i]; #ifdef select # ifdef UINT_SIZE -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272793.467752 (Exim 4.92) (envelope-from ) id 1nJq81-0000hA-J0; Tue, 15 Feb 2022 05:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272793.467752; Tue, 15 Feb 2022 05:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq81-0000h0-Fx; Tue, 15 Feb 2022 05:11:53 +0000 Received: by outflank-mailman (input) for mailman id 272793; Tue, 15 Feb 2022 05:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq80-0000gl-9y for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq80-0000bi-98 for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq80-0000mc-8C for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kWe5a/NbNx6GybSiba66zgqXEw6R1wAvHOHHqJ4dWV4=; b=262ENzPcs1xUlDQRRqu8I+Gj1W HaVF9Wm1qRWDZ/0hT/IE7f4oFvjFNDe2leNwO0EiHNZjSrY0dCWQ5gJEl36nO4ubv4or0brOrgIj9 gvm0DW4nRgv3CS3uqvl6m6DR0ShDXgfgWJww07aknlxcf8JHRIYGM2jMu4M/uSj/VLwI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Tue, 15 Feb 2022 05:11:52 +0000 commit eddf13b5e9401f6871dcce1ce61c80cff62079ed Author: Jan Beulich AuthorDate: Mon Feb 14 10:08:38 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:08:38 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 824af9d899..2ba54c6151 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7401,7 +7401,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9558,6 +9557,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 05:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 05:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.272794.467756 (Exim 4.92) (envelope-from ) id 1nJq8B-0000jj-KU; Tue, 15 Feb 2022 05:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 272794.467756; Tue, 15 Feb 2022 05:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq8B-0000jb-HR; Tue, 15 Feb 2022 05:12:03 +0000 Received: by outflank-mailman (input) for mailman id 272794; Tue, 15 Feb 2022 05:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq8A-0000jN-D4 for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJq8A-0000c5-CD for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nJq8A-0000nS-BK for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 05:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eqPhDhwZLoVg9HbuKf/lC8Ecd1McHM7oVopB0gdbadE=; b=5fYjq+V3usivR3JL/JQ1sghOF+ srloYh66XuzoS+PVPC9c7pSbbYfmSkX5lJ97G+SJRXCfDl7rOIfFMEzN6/50cMy+DBV0KBoAiF/IO YntBA+o3wx+ix/V8d5k66BqiV/lQOlVtXh1WV3DDsdv9kWh2SCypnYCU/sHf1MhDGPE0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul: fix SIMD test overriding of VBROADCASTS{S,D} Message-Id: Date: Tue, 15 Feb 2022 05:12:02 +0000 commit 94334d854bd358bd1d9c61d5e3306e4d903b120b Author: Jan Beulich AuthorDate: Mon Feb 14 10:09:15 2022 +0100 Commit: Jan Beulich CommitDate: Mon Feb 14 10:09:15 2022 +0100 x86emul: fix SIMD test overriding of VBROADCASTS{S,D} Despite their suffixes these aren't scalar instructions, and hence the 128- and 256-bit EVEX forms may not be used without AVX512VL. Gcc11 ends up generating such instances for simd-sg.c. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/simd.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/tests/x86_emulator/simd.h b/tools/tests/x86_emulator/simd.h index 5b3b852a07..685d78d84b 100644 --- a/tools/tests/x86_emulator/simd.h +++ b/tools/tests/x86_emulator/simd.h @@ -250,7 +250,9 @@ asm ( ".macro override insn \n\t" # define OVR_INT(n) OVR_BW(n); OVR_DQ(n) OVR_INT(broadcast); +# ifdef __AVX512VL__ OVR_SFP(broadcast); +# endif OVR_SFP(comi); OVR_VFP(cvtdq2); OVR_INT(abs); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 15 20:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Feb 2022 20:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.273533.468750 (Exim 4.92) (envelope-from ) id 1nK4Kr-0002VH-HY; Tue, 15 Feb 2022 20:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 273533.468750; Tue, 15 Feb 2022 20:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nK4Kr-0002V9-ER; Tue, 15 Feb 2022 20:22:05 +0000 Received: by outflank-mailman (input) for mailman id 273533; Tue, 15 Feb 2022 20:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nK4Kq-0002V3-M2 for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 20:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nK4Kq-0001Kf-LG for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 20:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nK4Kq-0002Ls-KF for xen-changelog@lists.xenproject.org; Tue, 15 Feb 2022 20:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oUbfUMArUfJA8KRiSDzfqU5ynAX/IMz7UluZ/gjzdC0=; b=YTX9RVQk59Iu27E3Z3hboZ7gTB PAJG/x4e8EDqTRTPbGH4ekzymbEba9UY/grxGOEGPcq5qA4WGOYakpoIy/Qh+/TBC+4KFGfe7qlSG dvyDxOaT+XKx7k3DRs/pAogCt/ht9W3xvzbFqkkyobXDwFZgbYueUVc+w3ItLSMYCS+c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: make Bertrand ARM maintainer Message-Id: Date: Tue, 15 Feb 2022 20:22:04 +0000 commit e7c2017cf4a91ab6a0fea6adca2d9dd2ab1603b0 Author: Stefano Stabellini AuthorDate: Thu Feb 10 11:08:47 2022 -0800 Commit: Julien Grall CommitDate: Tue Feb 15 20:18:23 2022 +0000 MAINTAINERS: make Bertrand ARM maintainer Signed-off-by: Stefano Stabellini Asked-by: Bertrand Marquis --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 64934cc070..d41572128b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -230,8 +230,8 @@ F: tools/libs/ctrl/xc_arinc653.c ARM (W/ VIRTUALISATION EXTENSIONS) ARCHITECTURE M: Stefano Stabellini M: Julien Grall +M: Bertrand Marquis R: Volodymyr Babchuk -R: Bertrand Marquis S: Supported L: xen-devel@lists.xenproject.org F: docs/misc/arm/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 14:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 14:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274194.469556 (Exim 4.92) (envelope-from ) id 1nKLhx-0006Fe-HD; Wed, 16 Feb 2022 14:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274194.469556; Wed, 16 Feb 2022 14:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLhx-0006FW-EH; Wed, 16 Feb 2022 14:55:05 +0000 Received: by outflank-mailman (input) for mailman id 274194; Wed, 16 Feb 2022 14:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLhw-0006FQ-Dv for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLhw-0001rL-Bi for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLhw-000426-Ab for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bb92MFRqdkortPWN4sWGvK0vuCddXYVlRrAd9vAGmaw=; b=28+UnDhzZ1CIUdEDccS6P6Am+0 4gqqF3/zLLeEBBBOtjTJD5FIJwxlJHCFZptQV6dMbLZENZa/lqIZIXNSfYaikdPkK228CZbVWAPB5 gTuYnBAQR/zJ3C3fV7Nlkb/7VXSoHFS6cJZa4FdPNeae5lx0ErW9u2e0vHje+e2Mb1jQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL Message-Id: Date: Wed, 16 Feb 2022 14:55:04 +0000 commit cd6250eaf0ab9d36fb12885916db4ee7d0a93448 Author: Dario Faggioli AuthorDate: Wed Feb 16 15:51:43 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:51:43 2022 +0100 tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 , cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli Tested-by: James Fehlig Reviewed-by: Anthony PERARD master commit: d9d3496e817ace919092d70d4730257b37c2e743 master date: 2022-01-31 10:58:07 +0100 --- tools/libs/light/libxl_domain.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 544a9bf59d..d438232117 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1661,6 +1661,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, libxl_vcpuinfo *ptr, *ret; xc_domaininfo_t domaininfo; xc_vcpuinfo_t vcpuinfo; + unsigned int nr_vcpus; if (xc_domain_getinfolist(ctx->xch, domid, 1, &domaininfo) != 1) { LOGED(ERROR, domid, "Getting infolist"); @@ -1677,33 +1678,34 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1, sizeof(libxl_vcpuinfo)); - for (*nr_vcpus_out = 0; - *nr_vcpus_out <= domaininfo.max_vcpu_id; - ++*nr_vcpus_out, ++ptr) { + for (nr_vcpus = 0; + nr_vcpus <= domaininfo.max_vcpu_id; + ++nr_vcpus, ++ptr) { libxl_bitmap_init(&ptr->cpumap); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap, 0)) goto err; libxl_bitmap_init(&ptr->cpumap_soft); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap_soft, 0)) goto err; - if (xc_vcpu_getinfo(ctx->xch, domid, *nr_vcpus_out, &vcpuinfo) == -1) { + if (xc_vcpu_getinfo(ctx->xch, domid, nr_vcpus, &vcpuinfo) == -1) { LOGED(ERROR, domid, "Getting vcpu info"); goto err; } - if (xc_vcpu_getaffinity(ctx->xch, domid, *nr_vcpus_out, + if (xc_vcpu_getaffinity(ctx->xch, domid, nr_vcpus, ptr->cpumap.map, ptr->cpumap_soft.map, XEN_VCPUAFFINITY_SOFT|XEN_VCPUAFFINITY_HARD) == -1) { LOGED(ERROR, domid, "Getting vcpu affinity"); goto err; } - ptr->vcpuid = *nr_vcpus_out; + ptr->vcpuid = nr_vcpus; ptr->cpu = vcpuinfo.cpu; ptr->online = !!vcpuinfo.online; ptr->blocked = !!vcpuinfo.blocked; ptr->running = !!vcpuinfo.running; ptr->vcpu_time = vcpuinfo.cpu_time; } + *nr_vcpus_out = nr_vcpus; GC_FREE; return ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 14:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 14:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274195.469562 (Exim 4.92) (envelope-from ) id 1nKLi7-0006Hl-Jh; Wed, 16 Feb 2022 14:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274195.469562; Wed, 16 Feb 2022 14:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLi7-0006HZ-Fs; Wed, 16 Feb 2022 14:55:15 +0000 Received: by outflank-mailman (input) for mailman id 274195; Wed, 16 Feb 2022 14:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLi6-0006HN-FZ for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLi6-0001t1-En for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLi6-00042v-Dp for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WzQRL7+kHk47oD9txvxw/A2XykGu1Bnm43GPx7GGcSI=; b=Qi91TAp0SjMndHiRhdHM8JJUlJ XqX0w6M3Vvkh0OcSFVcWKL1S6VhpPuFF6HCppF4+bpjkGlS6+hnlMDfSoWv6ZOiwEUF1d1jE+q3ox zcASNXH/FAhPWpY0J56U0gpC767MiuJggd57Nlr0eBTVuTXpR8fXGiboDCUD6wdRh8I8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] libxl: force netback to wait for hotplug execution before connecting Message-Id: Date: Wed, 16 Feb 2022 14:55:14 +0000 commit 58d289c90690841def25b451d3855a187781b3ab Author: Roger Pau Monné AuthorDate: Wed Feb 16 15:52:22 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:52:22 2022 +0100 libxl: force netback to wait for hotplug execution before connecting By writing an empty "hotplug-status" xenstore node in the backend path libxl can force Linux netback to wait for hotplug script execution before proceeding to the 'connected' state. This is required so that netback doesn't skip state 2 (InitWait) and thus blocks libxl waiting for such state in order to launch the hotplug script (see libxl__wait_device_connection). Reported-by: James Dingwall Signed-off-by: Roger Pau Monné Tested-by: James Dingwall Reviewed-by: Paul Durrant Tested-by: Julien Grall Reviewed-by: Wei Liu master commit: 0bdc43c8dec993258e930b34855853c22b917519 master date: 2022-01-27 13:51:19 +0100 --- tools/libs/light/libxl_nic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b45469dca..0b9e70c9d1 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -248,6 +248,13 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(ro_front, "mtu"); flexarray_append(ro_front, GCSPRINTF("%u", nic->mtu)); + /* + * Force backend to wait for hotplug script execution before switching to + * connected state. + */ + flexarray_append(back, "hotplug-status"); + flexarray_append(back, ""); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 14:55:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 14:55:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274196.469565 (Exim 4.92) (envelope-from ) id 1nKLiH-0006KM-KA; Wed, 16 Feb 2022 14:55:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274196.469565; Wed, 16 Feb 2022 14:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiH-0006KE-HL; Wed, 16 Feb 2022 14:55:25 +0000 Received: by outflank-mailman (input) for mailman id 274196; Wed, 16 Feb 2022 14:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiG-0006K3-Ij for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiG-0001tF-Hu for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLiG-00043h-Gz for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v4mTHiVvjj8hiu+Pkip4jYM2zWuFdKPN8guHa+p+D9s=; b=VTLoBMpGj/49mB2MvUUfBworuW 5+cT7oFiKfbzZ92zAXMGjKtjD9GeOSsveBh5SRmKTgrDALiro1Jj6pzh+Gi5jt/HA+iN/TXC36w4Q lxT/01kmd+Vap6fTF1pqQ5VO5pt2ZyGt/25dM9Dc0uF8AgUS+iumC4KxZ66GI3u7SY7o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Wed, 16 Feb 2022 14:55:24 +0000 commit 17093dbac91d187607ceb30b9e2b177fd7b38559 Author: Anthony PERARD AuthorDate: Wed Feb 16 15:53:04 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:53:04 2022 +0100 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index ce0c1a0e7f..1109595fbc 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -48,8 +48,8 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index 87b927ed86..abae493bf3 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -12,7 +12,7 @@ EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o EFIOBJ-$(CONFIG_COMPAT) += compat.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ-y): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ-y): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ-y)) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 14:55:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 14:55:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274197.469568 (Exim 4.92) (envelope-from ) id 1nKLiR-0006NG-Lc; Wed, 16 Feb 2022 14:55:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274197.469568; Wed, 16 Feb 2022 14:55:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiR-0006N8-Io; Wed, 16 Feb 2022 14:55:35 +0000 Received: by outflank-mailman (input) for mailman id 274197; Wed, 16 Feb 2022 14:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiQ-0006Mx-Lr for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLiQ-0001tT-L2 for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLiQ-00044K-K4 for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fbuARS0O7PYLkMNL3mGWuV37nMTPjfE+rcfuLD57gzI=; b=ffr/+FgxSewpIf0pfU2nYR+UQd rFDrjxFG4/Sj6bLJ3WRavVZ5B9vPBx10IXSYNNRFA/R9kf/jDEU3HR4xsNV6v+tGcEIz147oLqKVS JQHwsWJ2kUQ9nIN2f8jGl1lE0y/UJQrnbinWilikKEqRmk0Jp7XHBasw0cmH0Vaw+h1k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/libs: Fix build dependencies Message-Id: Date: Wed, 16 Feb 2022 14:55:34 +0000 commit f8c720be53944eb0f43ed89eeb94e6d04e28fc17 Author: Anthony PERARD AuthorDate: Wed Feb 16 15:53:49 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:53:49 2022 +0100 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross master commit: e62cc29f9b6c42b67182a1362e2ea18bad75b5ff master date: 2022-02-08 11:15:53 +0000 --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index 519246b0d6..6ff5918798 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -59,8 +59,6 @@ $(eval $(genpath-target)) $(LIB_OBJS) $(PIC_OBJS): _paths.h --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 2ce92d247e..35f39e74cd 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -113,8 +113,6 @@ $(eval $(genpath-target)) xc_private.h: _paths.h --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index ebdb2a4782..f1554462fb 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -142,3 +142,7 @@ distclean: clean .PHONY: FORCE FORCE: + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 194bc5f268..dd43f37b4c 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -273,5 +273,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index c99508ae6b..89b5412132 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -124,7 +124,5 @@ cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) _paths.h rm -f libxenstat.map --include $(DEPS_INCLUDE) - genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index 43b018aa8c..2b435220ac 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -31,8 +31,6 @@ else PKG_CONFIG_REMOVE += -ldl endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index f5f9e89fee..b739360be7 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -52,8 +52,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) _paths.h genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 14:55:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 14:55:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274198.469573 (Exim 4.92) (envelope-from ) id 1nKLib-0006QE-Nb; Wed, 16 Feb 2022 14:55:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274198.469573; Wed, 16 Feb 2022 14:55:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLib-0006Q6-KK; Wed, 16 Feb 2022 14:55:45 +0000 Received: by outflank-mailman (input) for mailman id 274198; Wed, 16 Feb 2022 14:55:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLia-0006Pr-Pb for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLia-0001td-Or for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLia-000456-Nr for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 14:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rVxMbNBtE//tdHxOX4yaVpiAkvtvMgIjVsbwyWOXdi8=; b=nxrw9dAKnjNYca1EtjbAfDdg1Y XDydYT7l2eJ1E8cv5sLYoKGcn4cLL9ghUrVfuEqLqukaFUKKOQw1NMt4a5K7lAmodK9XIi/HYERKt L41d1pFlnXVfKfZMMuN2n651G9vDS+hynU9Cq52SOyi9jsjLai6wwYkG1SspG1IUr0Tk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Wed, 16 Feb 2022 14:55:44 +0000 commit 0941d6cb2383c4e87d7f53f1df74e8850e1649bc Author: Jan Beulich AuthorDate: Wed Feb 16 15:54:12 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:54:12 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index f71015ffa1..e3667cb1a3 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7401,7 +7401,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9558,6 +9557,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274210.469588 (Exim 4.92) (envelope-from ) id 1nKLxS-0000L6-4T; Wed, 16 Feb 2022 15:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274210.469588; Wed, 16 Feb 2022 15:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxS-0000Ky-1X; Wed, 16 Feb 2022 15:11:06 +0000 Received: by outflank-mailman (input) for mailman id 274210; Wed, 16 Feb 2022 15:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxQ-0000Ks-Rv for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxQ-0002Bi-Qd for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLxQ-0005T1-PW for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S3uqyY+WgP5s3bya0LvgsGOYz6ikKkym0ciJCrGDZBU=; b=mf1fWvb4IfkobZ2kV6fAvhHI8/ 4LR8vCFB4pLkxtGk3v5IfkpuRA8RCUpqwk/6nRlEcu1Bhi45aPAq+xAvLwno3nUiKomR3Bjd2oy8S KTfFL1gOoP31KRHLmTnZZH7u3ystBqTV+EpCM29u9drVA0+/LujqkBXlvbktyuiFkafs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] update Xen version to 4.15.3-pre Message-Id: Date: Wed, 16 Feb 2022 15:11:04 +0000 commit 124b8013335b01fc874dff359ac93c1336b291b1 Author: Jan Beulich AuthorDate: Wed Feb 16 16:00:19 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:00:19 2022 +0100 update Xen version to 4.15.3-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index e446b232df..212c819498 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .2$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .3-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274211.469592 (Exim 4.92) (envelope-from ) id 1nKLxc-0000NT-6P; Wed, 16 Feb 2022 15:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274211.469592; Wed, 16 Feb 2022 15:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxc-0000NL-2z; Wed, 16 Feb 2022 15:11:16 +0000 Received: by outflank-mailman (input) for mailman id 274211; Wed, 16 Feb 2022 15:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxa-0000N9-UY for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxa-0002Bv-To for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLxa-0005Te-Sl for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rbgsngsq3Cj3umTJw1zURo5AXfvJJ5EW6B2iKopBcZM=; b=Jcdbru4vAYjBLsGG0WIJi0P0Fz HwCRNXj1ZTacyzxSZ2GxklDBlJaiuvlwrF3jfzx1cYB56zJGHKakbeuvmFICM1kSudpoIPWSlGzrD huYhfY01IF/M8yZNtFgTpSACXHIDP8S1mgjxlYis1jcrGCTDVbw29OKwbsGt9CE0AR5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libxl: Correctly align the ACPI tables Message-Id: Date: Wed, 16 Feb 2022 15:11:14 +0000 commit 11eedbb0bb1d33c7ad7e8d5e887d1ebf882bcb00 Author: Kevin Stefanov AuthorDate: Wed Feb 16 16:02:12 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:12 2022 +0100 tools/libxl: Correctly align the ACPI tables The memory allocator currently calculates alignment in libxl's virtual address space, rather than guest physical address space. This results in the FACS being commonly misaligned. Furthermore, the allocator has several other bugs. The opencoded align-up calculation is currently susceptible to a bug that occurs in the corner case that the buffer is already aligned to begin with. In that case, an align-sized memory hole is introduced. The while loop is dead logic because its effects are entirely and unconditionally overwritten immediately after it. Rework the memory allocator to align in guest physical address space instead of libxl's virtual memory and improve the calculation, drop errant extra page in allocated buffer for ACPI tables, and give some of the variables better names/types. Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich Acked-by: Ian Jackson master commit: dd6c062a7a4abdb662c18af03d1396325969d155 master date: 2021-09-24 11:07:50 +0100 --- tools/libs/light/libxl_x86_acpi.c | 49 +++++++++++++++------------------------ 1 file changed, 19 insertions(+), 30 deletions(-) diff --git a/tools/libs/light/libxl_x86_acpi.c b/tools/libs/light/libxl_x86_acpi.c index 3eca1c7a9f..57a6b63790 100644 --- a/tools/libs/light/libxl_x86_acpi.c +++ b/tools/libs/light/libxl_x86_acpi.c @@ -20,6 +20,7 @@ /* Number of pages holding ACPI tables */ #define NUM_ACPI_PAGES 16 +#define ALIGN(p, a) (((p) + ((a) - 1)) & ~((a) - 1)) struct libxl_acpi_ctxt { struct acpi_ctxt c; @@ -28,10 +29,10 @@ struct libxl_acpi_ctxt { unsigned int page_shift; /* Memory allocator */ - unsigned long alloc_base_paddr; - unsigned long alloc_base_vaddr; - unsigned long alloc_currp; - unsigned long alloc_end; + unsigned long guest_start; + unsigned long guest_curr; + unsigned long guest_end; + void *buf; }; extern const unsigned char dsdt_pvh[]; @@ -43,8 +44,7 @@ static unsigned long virt_to_phys(struct acpi_ctxt *ctxt, void *v) struct libxl_acpi_ctxt *libxl_ctxt = CONTAINER_OF(ctxt, struct libxl_acpi_ctxt, c); - return (((unsigned long)v - libxl_ctxt->alloc_base_vaddr) + - libxl_ctxt->alloc_base_paddr); + return libxl_ctxt->guest_start + (v - libxl_ctxt->buf); } static void *mem_alloc(struct acpi_ctxt *ctxt, @@ -58,20 +58,16 @@ static void *mem_alloc(struct acpi_ctxt *ctxt, if (align < 16) align = 16; - s = (libxl_ctxt->alloc_currp + align) & ~((unsigned long)align - 1); + s = ALIGN(libxl_ctxt->guest_curr, align); e = s + size - 1; /* TODO: Reallocate memory */ - if ((e < s) || (e >= libxl_ctxt->alloc_end)) + if ((e < s) || (e >= libxl_ctxt->guest_end)) return NULL; - while (libxl_ctxt->alloc_currp >> libxl_ctxt->page_shift != - e >> libxl_ctxt->page_shift) - libxl_ctxt->alloc_currp += libxl_ctxt->page_size; + libxl_ctxt->guest_curr = e; - libxl_ctxt->alloc_currp = e; - - return (void *)s; + return libxl_ctxt->buf + (s - libxl_ctxt->guest_start); } static void acpi_mem_free(struct acpi_ctxt *ctxt, @@ -163,15 +159,12 @@ int libxl__dom_load_acpi(libxl__gc *gc, struct acpi_config config = {0}; struct libxl_acpi_ctxt libxl_ctxt; int rc = 0, acpi_pages_num; - void *acpi_pages; - unsigned long page_mask; if (b_info->type != LIBXL_DOMAIN_TYPE_PVH) goto out; libxl_ctxt.page_size = XC_DOM_PAGE_SIZE(dom); libxl_ctxt.page_shift = XC_DOM_PAGE_SHIFT(dom); - page_mask = (1UL << libxl_ctxt.page_shift) - 1; libxl_ctxt.c.mem_ops.alloc = mem_alloc; libxl_ctxt.c.mem_ops.v2p = virt_to_phys; @@ -186,19 +179,17 @@ int libxl__dom_load_acpi(libxl__gc *gc, config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - acpi_pages = libxl__malloc(gc, (NUM_ACPI_PAGES + 1) * - libxl_ctxt.page_size); + libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.page_size); /* * Set up allocator memory. * Start next to acpi_info page to avoid fracturing e820. */ - libxl_ctxt.alloc_base_paddr = ACPI_INFO_PHYSICAL_ADDRESS + - libxl_ctxt.page_size; - libxl_ctxt.alloc_base_vaddr = libxl_ctxt.alloc_currp = - (unsigned long)acpi_pages; - libxl_ctxt.alloc_end = (unsigned long)acpi_pages + - (NUM_ACPI_PAGES * libxl_ctxt.page_size); + libxl_ctxt.guest_start = libxl_ctxt.guest_curr = libxl_ctxt.guest_end = + ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; + + libxl_ctxt.guest_end += NUM_ACPI_PAGES * libxl_ctxt.page_size; /* Build the tables. */ rc = acpi_build_tables(&libxl_ctxt.c, &config); @@ -208,10 +199,8 @@ int libxl__dom_load_acpi(libxl__gc *gc, } /* Calculate how many pages are needed for the tables. */ - acpi_pages_num = - ((libxl_ctxt.alloc_currp - (unsigned long)acpi_pages) - >> libxl_ctxt.page_shift) + - ((libxl_ctxt.alloc_currp & page_mask) ? 1 : 0); + acpi_pages_num = (ALIGN(libxl_ctxt.guest_curr, libxl_ctxt.page_size) - + libxl_ctxt.guest_start) >> libxl_ctxt.page_shift; dom->acpi_modules[0].data = (void *)config.rsdp; dom->acpi_modules[0].length = 64; @@ -231,7 +220,7 @@ int libxl__dom_load_acpi(libxl__gc *gc, dom->acpi_modules[1].length = 4096; dom->acpi_modules[1].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS; - dom->acpi_modules[2].data = acpi_pages; + dom->acpi_modules[2].data = libxl_ctxt.buf; dom->acpi_modules[2].length = acpi_pages_num << libxl_ctxt.page_shift; dom->acpi_modules[2].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274212.469596 (Exim 4.92) (envelope-from ) id 1nKLxm-0000RT-99; Wed, 16 Feb 2022 15:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274212.469596; Wed, 16 Feb 2022 15:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxm-0000RK-6L; Wed, 16 Feb 2022 15:11:26 +0000 Received: by outflank-mailman (input) for mailman id 274212; Wed, 16 Feb 2022 15:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxl-0000R0-1V for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxl-0002C6-0n for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLxk-0005UJ-Vv for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LgxH/YAPbQ1/clDLxIYwxcG+0fvH1BgWj+K/8kFy7Ok=; b=1mL3M4CPWDFut/8BTQGJyC/Mts 3iBfqPEnasuAlW9Z9i7HwJqYWPOFIIvWtxkDKTnY73qqUXlBaFTkDlpYkAQOlLeLY2xXN/ZsA1am3 Sn35lHnog3MU+gD+nrejMfZMLrhof9G5m6iMM9FUhRSVTOslNUz2QTJysg1YjLetIrjM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] libxl: force netback to wait for hotplug execution before connecting Message-Id: Date: Wed, 16 Feb 2022 15:11:24 +0000 commit 59a5fbd6fe7a23f95e5c9bef064f9548e32feea6 Author: Roger Pau Monné AuthorDate: Wed Feb 16 16:02:34 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:34 2022 +0100 libxl: force netback to wait for hotplug execution before connecting By writing an empty "hotplug-status" xenstore node in the backend path libxl can force Linux netback to wait for hotplug script execution before proceeding to the 'connected' state. This is required so that netback doesn't skip state 2 (InitWait) and thus blocks libxl waiting for such state in order to launch the hotplug script (see libxl__wait_device_connection). Reported-by: James Dingwall Signed-off-by: Roger Pau Monné Tested-by: James Dingwall Reviewed-by: Paul Durrant Tested-by: Julien Grall Reviewed-by: Wei Liu master commit: 0bdc43c8dec993258e930b34855853c22b917519 master date: 2022-01-27 13:51:19 +0100 --- tools/libs/light/libxl_nic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b45469dca..0b9e70c9d1 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -248,6 +248,13 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(ro_front, "mtu"); flexarray_append(ro_front, GCSPRINTF("%u", nic->mtu)); + /* + * Force backend to wait for hotplug script execution before switching to + * connected state. + */ + flexarray_append(back, "hotplug-status"); + flexarray_append(back, ""); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274213.469600 (Exim 4.92) (envelope-from ) id 1nKLxw-0000UO-Ag; Wed, 16 Feb 2022 15:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274213.469600; Wed, 16 Feb 2022 15:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxw-0000UG-7n; Wed, 16 Feb 2022 15:11:36 +0000 Received: by outflank-mailman (input) for mailman id 274213; Wed, 16 Feb 2022 15:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxv-0000U5-4O for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLxv-0002CG-3f for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLxv-0005V3-2z for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E2zFZ/1BBVjaCByfBEXZgcR4N3jVacXgw6hLoH+Neuk=; b=RH9TqRmppAf/dAFl5/c5tFGZYN k4t9zokTwgHLIHABDMobYpA7SEk2rPz4z6tN0dK+KCHfj5yeZYVJd6pRqJzieVGEj7/Z5gEsYzqED eJveQahpWZnpbV77lOvUEn/Ie3nbaWapoSUxLUs5DVwaxGGaDtuqvmRHFuYOAPClmgjk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL Message-Id: Date: Wed, 16 Feb 2022 15:11:35 +0000 commit ef47070bbb918e8786011242e8d94e071c35ed0f Author: Dario Faggioli AuthorDate: Wed Feb 16 16:02:58 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:58 2022 +0100 tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 , cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli Tested-by: James Fehlig Reviewed-by: Anthony PERARD master commit: d9d3496e817ace919092d70d4730257b37c2e743 master date: 2022-01-31 10:58:07 +0100 --- tools/libs/light/libxl_domain.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index c00c36c928..8176d77d06 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1660,6 +1660,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, libxl_vcpuinfo *ptr, *ret; xc_domaininfo_t domaininfo; xc_vcpuinfo_t vcpuinfo; + unsigned int nr_vcpus; if (xc_domain_getinfolist(ctx->xch, domid, 1, &domaininfo) != 1) { LOGED(ERROR, domid, "Getting infolist"); @@ -1676,33 +1677,34 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1, sizeof(libxl_vcpuinfo)); - for (*nr_vcpus_out = 0; - *nr_vcpus_out <= domaininfo.max_vcpu_id; - ++*nr_vcpus_out, ++ptr) { + for (nr_vcpus = 0; + nr_vcpus <= domaininfo.max_vcpu_id; + ++nr_vcpus, ++ptr) { libxl_bitmap_init(&ptr->cpumap); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap, 0)) goto err; libxl_bitmap_init(&ptr->cpumap_soft); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap_soft, 0)) goto err; - if (xc_vcpu_getinfo(ctx->xch, domid, *nr_vcpus_out, &vcpuinfo) == -1) { + if (xc_vcpu_getinfo(ctx->xch, domid, nr_vcpus, &vcpuinfo) == -1) { LOGED(ERROR, domid, "Getting vcpu info"); goto err; } - if (xc_vcpu_getaffinity(ctx->xch, domid, *nr_vcpus_out, + if (xc_vcpu_getaffinity(ctx->xch, domid, nr_vcpus, ptr->cpumap.map, ptr->cpumap_soft.map, XEN_VCPUAFFINITY_SOFT|XEN_VCPUAFFINITY_HARD) == -1) { LOGED(ERROR, domid, "Getting vcpu affinity"); goto err; } - ptr->vcpuid = *nr_vcpus_out; + ptr->vcpuid = nr_vcpus; ptr->cpu = vcpuinfo.cpu; ptr->online = !!vcpuinfo.online; ptr->blocked = !!vcpuinfo.blocked; ptr->running = !!vcpuinfo.running; ptr->vcpu_time = vcpuinfo.cpu_time; } + *nr_vcpus_out = nr_vcpus; GC_FREE; return ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274215.469604 (Exim 4.92) (envelope-from ) id 1nKLy6-0000Xd-Cf; Wed, 16 Feb 2022 15:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274215.469604; Wed, 16 Feb 2022 15:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLy6-0000XT-9E; Wed, 16 Feb 2022 15:11:46 +0000 Received: by outflank-mailman (input) for mailman id 274215; Wed, 16 Feb 2022 15:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLy5-0000XE-7e for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLy5-0002CW-6o for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLy5-0005Vg-5r for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S4DV9vvSNsOLHakyX0jvrm1fm5M5og2C1IKjSjbxZ/4=; b=o2csLebhpM3byVIP/99nCQ6rxf VCEm6vIHXu3yhNDlmxUkwJ11bnkCU6eE6rDfdFLzncBEatqmVgQ8SR4EI9R/MQKO96gN60TjucgWU RirfAI8EtMHfW8Ey1wkuQaMzzSUEHDUqO2DjTBhCZL6VG7O3B2PYUlu1Y46dn6W9fa3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libs: Fix build dependencies Message-Id: Date: Wed, 16 Feb 2022 15:11:45 +0000 commit 3bf48e5325b6eb4d01e1707e6b2c79f08afb16a0 Author: Anthony PERARD AuthorDate: Wed Feb 16 16:03:56 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:03:56 2022 +0100 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross master commit: e62cc29f9b6c42b67182a1362e2ea18bad75b5ff master date: 2022-02-08 11:15:53 +0000 --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index ce9ecae710..449c89f440 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -63,8 +63,6 @@ $(eval $(genpath-target)) $(LIB_OBJS) $(PIC_OBJS): _paths.h --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 604e1695d6..58c50250df 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -109,8 +109,6 @@ $(eval $(genpath-target)) xc_private.h: _paths.h --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index 2d973ccb95..c453a46858 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -140,3 +140,7 @@ distclean: clean .PHONY: FORCE FORCE: + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 7d8c51d492..273fab6608 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -271,5 +271,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index c99508ae6b..89b5412132 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -124,7 +124,5 @@ cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) _paths.h rm -f libxenstat.map --include $(DEPS_INCLUDE) - genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index bee57b5629..bc89b9cd70 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -31,8 +31,6 @@ else PKG_CONFIG_REMOVE += -ldl endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index f5f9e89fee..b739360be7 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -52,8 +52,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) _paths.h genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 15:11:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 15:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274216.469607 (Exim 4.92) (envelope-from ) id 1nKLyG-0000ad-DU; Wed, 16 Feb 2022 15:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274216.469607; Wed, 16 Feb 2022 15:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLyG-0000aV-Ad; Wed, 16 Feb 2022 15:11:56 +0000 Received: by outflank-mailman (input) for mailman id 274216; Wed, 16 Feb 2022 15:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLyF-0000aH-BC for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKLyF-0002Cg-AL for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKLyF-0005WL-9R for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 15:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TRol4dZlWeIXGjfrNxHjtfESSLt7Qrg2De3EqscEhX8=; b=wkR+yAt9S3FgYofQoRXpKaEVa+ cmzn9qMDnUa1MjL9QWlu5Kg0FvPsb2NDx/TQQKKxqPZ17bn2GYm39T9TeGSh/tIiVcnveiTQRFa7Q wreM/yf6FcvGtKJZc1OUO8oelR21kSiWh4monm6YCv0xRHVNJSJ8qzj80uadG4k8Aw7U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Wed, 16 Feb 2022 15:11:55 +0000 commit 084bf6b19a7645e05878afcba88373534b06bb18 Author: Jan Beulich AuthorDate: Wed Feb 16 16:04:14 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:04:14 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 0f7f97cd1c..5e297f7971 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7367,7 +7367,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9523,6 +9522,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Feb 16 19:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Feb 2022 19:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274374.469821 (Exim 4.92) (envelope-from ) id 1nKQDc-0002oP-0N; Wed, 16 Feb 2022 19:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274374.469821; Wed, 16 Feb 2022 19:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKQDb-0002oH-Ta; Wed, 16 Feb 2022 19:44:03 +0000 Received: by outflank-mailman (input) for mailman id 274374; Wed, 16 Feb 2022 19:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKQDa-0002o7-D9 for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 19:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKQDa-0007cl-8x for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 19:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKQDa-0000Pl-7l for xen-changelog@lists.xenproject.org; Wed, 16 Feb 2022 19:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UTc8R777efkxh2BqDW3FtzZoZTHIKe+mC8lBIgdi0/k=; b=4Hr+dpNWRKTUpiv8gRi9oACaT2 ufhaxMOytnxszIqIzBEfC8zU1pdFPsZD2Sv8adBjKNUZwZkAN9ffDWD3mzY3SNqR5z0xJMgZ37tdW HUScn+Aa661lh0lvrlIqaYlJR6kQqkjrrzHSVfL4ygBtPVSXEgf46j8v0k4MI5Hty9So=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: make Bertrand ARM maintainer Message-Id: Date: Wed, 16 Feb 2022 19:44:02 +0000 commit e7c2017cf4a91ab6a0fea6adca2d9dd2ab1603b0 Author: Stefano Stabellini AuthorDate: Thu Feb 10 11:08:47 2022 -0800 Commit: Julien Grall CommitDate: Tue Feb 15 20:18:23 2022 +0000 MAINTAINERS: make Bertrand ARM maintainer Signed-off-by: Stefano Stabellini Asked-by: Bertrand Marquis --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 64934cc070..d41572128b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -230,8 +230,8 @@ F: tools/libs/ctrl/xc_arinc653.c ARM (W/ VIRTUALISATION EXTENSIONS) ARCHITECTURE M: Stefano Stabellini M: Julien Grall +M: Bertrand Marquis R: Volodymyr Babchuk -R: Bertrand Marquis S: Supported L: xen-devel@lists.xenproject.org F: docs/misc/arm/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 06:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 06:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274467.469934 (Exim 4.92) (envelope-from ) id 1nKaB1-0001fU-6g; Thu, 17 Feb 2022 06:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274467.469934; Thu, 17 Feb 2022 06:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaB1-0001fL-3D; Thu, 17 Feb 2022 06:22:03 +0000 Received: by outflank-mailman (input) for mailman id 274467; Thu, 17 Feb 2022 06:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaAz-0001f1-T7 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaAz-0005JF-SE for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKaAz-0007I4-R7 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0p9XSYq7TYuunjrFN0yvrjI5ixihKkagGLigucJ1AWw=; b=2vrteDgynVovHxXQD1GUeqG8ac iwc2lb2NLESZ0WQbwC3A/A9/+Q85XZqBpnsMHqrD7xXftz4GDr3NWfmGtLERMWd3jBFiBgtWKiClE g8WZrmbjWrDu2+59J3aEdnKYRARmGUFOgRUGPd5AJUr+Zj6feIrK6Ye0cAA/zyvu3ttY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL Message-Id: Date: Thu, 17 Feb 2022 06:22:01 +0000 commit cd6250eaf0ab9d36fb12885916db4ee7d0a93448 Author: Dario Faggioli AuthorDate: Wed Feb 16 15:51:43 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:51:43 2022 +0100 tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 , cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli Tested-by: James Fehlig Reviewed-by: Anthony PERARD master commit: d9d3496e817ace919092d70d4730257b37c2e743 master date: 2022-01-31 10:58:07 +0100 --- tools/libs/light/libxl_domain.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index 544a9bf59d..d438232117 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1661,6 +1661,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, libxl_vcpuinfo *ptr, *ret; xc_domaininfo_t domaininfo; xc_vcpuinfo_t vcpuinfo; + unsigned int nr_vcpus; if (xc_domain_getinfolist(ctx->xch, domid, 1, &domaininfo) != 1) { LOGED(ERROR, domid, "Getting infolist"); @@ -1677,33 +1678,34 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1, sizeof(libxl_vcpuinfo)); - for (*nr_vcpus_out = 0; - *nr_vcpus_out <= domaininfo.max_vcpu_id; - ++*nr_vcpus_out, ++ptr) { + for (nr_vcpus = 0; + nr_vcpus <= domaininfo.max_vcpu_id; + ++nr_vcpus, ++ptr) { libxl_bitmap_init(&ptr->cpumap); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap, 0)) goto err; libxl_bitmap_init(&ptr->cpumap_soft); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap_soft, 0)) goto err; - if (xc_vcpu_getinfo(ctx->xch, domid, *nr_vcpus_out, &vcpuinfo) == -1) { + if (xc_vcpu_getinfo(ctx->xch, domid, nr_vcpus, &vcpuinfo) == -1) { LOGED(ERROR, domid, "Getting vcpu info"); goto err; } - if (xc_vcpu_getaffinity(ctx->xch, domid, *nr_vcpus_out, + if (xc_vcpu_getaffinity(ctx->xch, domid, nr_vcpus, ptr->cpumap.map, ptr->cpumap_soft.map, XEN_VCPUAFFINITY_SOFT|XEN_VCPUAFFINITY_HARD) == -1) { LOGED(ERROR, domid, "Getting vcpu affinity"); goto err; } - ptr->vcpuid = *nr_vcpus_out; + ptr->vcpuid = nr_vcpus; ptr->cpu = vcpuinfo.cpu; ptr->online = !!vcpuinfo.online; ptr->blocked = !!vcpuinfo.blocked; ptr->running = !!vcpuinfo.running; ptr->vcpu_time = vcpuinfo.cpu_time; } + *nr_vcpus_out = nr_vcpus; GC_FREE; return ret; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 06:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 06:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274468.469939 (Exim 4.92) (envelope-from ) id 1nKaBB-0001k6-9J; Thu, 17 Feb 2022 06:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274468.469939; Thu, 17 Feb 2022 06:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBB-0001js-60; Thu, 17 Feb 2022 06:22:13 +0000 Received: by outflank-mailman (input) for mailman id 274468; Thu, 17 Feb 2022 06:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBA-0001jU-00 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaB9-0005JK-VV for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKaB9-0007J5-UX for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hQ7mzxu9CgAvvTIFSjtsKdvgdCycghhA9pJuGBIzvnY=; b=IT6dm3NwB2DrElzb6/YDbuKb+c D24JQkWSwUwG+XHOB4qx6LlIV5W3KzRx/RBKZ48K42k9jDh9ltkFw72gr8pTaSbX5ALXmYXT5Ujiq Ve0s1+vHiWEgUCOXL+LC4kvn0mm1c9GtAZskTxWpqBaK3rACIMMO/35iUUq7/ZZMWgU4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] libxl: force netback to wait for hotplug execution before connecting Message-Id: Date: Thu, 17 Feb 2022 06:22:11 +0000 commit 58d289c90690841def25b451d3855a187781b3ab Author: Roger Pau Monné AuthorDate: Wed Feb 16 15:52:22 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:52:22 2022 +0100 libxl: force netback to wait for hotplug execution before connecting By writing an empty "hotplug-status" xenstore node in the backend path libxl can force Linux netback to wait for hotplug script execution before proceeding to the 'connected' state. This is required so that netback doesn't skip state 2 (InitWait) and thus blocks libxl waiting for such state in order to launch the hotplug script (see libxl__wait_device_connection). Reported-by: James Dingwall Signed-off-by: Roger Pau Monné Tested-by: James Dingwall Reviewed-by: Paul Durrant Tested-by: Julien Grall Reviewed-by: Wei Liu master commit: 0bdc43c8dec993258e930b34855853c22b917519 master date: 2022-01-27 13:51:19 +0100 --- tools/libs/light/libxl_nic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b45469dca..0b9e70c9d1 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -248,6 +248,13 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(ro_front, "mtu"); flexarray_append(ro_front, GCSPRINTF("%u", nic->mtu)); + /* + * Force backend to wait for hotplug script execution before switching to + * connected state. + */ + flexarray_append(back, "hotplug-status"); + flexarray_append(back, ""); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 06:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 06:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274471.469943 (Exim 4.92) (envelope-from ) id 1nKaBL-0001qH-BO; Thu, 17 Feb 2022 06:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274471.469943; Thu, 17 Feb 2022 06:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBL-0001q9-8C; Thu, 17 Feb 2022 06:22:23 +0000 Received: by outflank-mailman (input) for mailman id 274471; Thu, 17 Feb 2022 06:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBK-0001pX-34 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBK-0005Js-2I for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKaBK-0007Ji-1M for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mKE7+XHSNL5XBeEiT3+I3SlFKNd3OY3q7xHEmc5WCBg=; b=bZw96NVF07WLBw1Mufo9iHbDt/ zINoZLF34szplO9bLgyasMsx9eVQq5DzcXNIFq5LrG9L/MqeGBSGst11H27n4RK6CcNTT0wI7v0xv la0ecbciasYecKxjMjvOUrAZMsGIKM3MMULE8J3wZERmjctCZ6wUBpGMcRis1NeNC7HE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] build: fix exported variable name CFLAGS_stack_boundary Message-Id: Date: Thu, 17 Feb 2022 06:22:22 +0000 commit 17093dbac91d187607ceb30b9e2b177fd7b38559 Author: Anthony PERARD AuthorDate: Wed Feb 16 15:53:04 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:53:04 2022 +0100 build: fix exported variable name CFLAGS_stack_boundary Exporting a variable with a dash doesn't work reliably, they may be striped from the environment when calling a sub-make or sub-shell. CFLAGS-stack-boundary start to be removed from env in patch "build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile" when running `make "ALL_OBJS=.."` due to the addition of the quote. At least in my empirical tests. Fixes: 2740d96efd ("xen/build: have the root Makefile generates the CFLAGS") Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Rules.mk | 4 ++-- xen/arch/x86/arch.mk | 4 ++-- xen/arch/x86/efi/Makefile | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 56fe22c979..7aef93f5f3 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -6,5 +6,5 @@ object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' else object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' endif -c_flags += $(object_label_flags) $(CFLAGS-stack-boundary) -a_flags += $(object_label_flags) $(CFLAGS-stack-boundary) +c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) +a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index ce0c1a0e7f..1109595fbc 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -48,8 +48,8 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -$(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) -export CFLAGS-stack-boundary +$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) +export CFLAGS_stack_boundary ifeq ($(CONFIG_UBSAN),y) # Don't enable alignment sanitisation. x86 has efficient unaligned accesses, diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index 87b927ed86..abae493bf3 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -12,7 +12,7 @@ EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o EFIOBJ-$(CONFIG_COMPAT) += compat.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ-y): CFLAGS-stack-boundary := $(cflags-stack-boundary) +$(EFIOBJ-y): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ-y)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 06:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 06:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274472.469947 (Exim 4.92) (envelope-from ) id 1nKaBV-0001x3-Ct; Thu, 17 Feb 2022 06:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274472.469947; Thu, 17 Feb 2022 06:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBV-0001wv-A0; Thu, 17 Feb 2022 06:22:33 +0000 Received: by outflank-mailman (input) for mailman id 274472; Thu, 17 Feb 2022 06:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBU-0001wf-6M for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBU-0005K1-5W for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKaBU-0007KS-4d for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=44YIUyWiIga7wIv9hB3HnUFNHuqGKJBq/0NqsHmgZN0=; b=osOrEruZqrI789WS2H64GF7cXu 3ETP0xnPp0ERLh4UFbOSYij5jWCj3RTfNnUZ+f9Gu8Jj7IxIilVWIIlUbhGpfNpCT+T4XzDxx4KW1 1h97loDknjo2FxHU8KdwQpE9lK+Oc3AqGxgnYkR65cBIhneQZ5eJ4J1etiHW8zwho6Co=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/libs: Fix build dependencies Message-Id: Date: Thu, 17 Feb 2022 06:22:32 +0000 commit f8c720be53944eb0f43ed89eeb94e6d04e28fc17 Author: Anthony PERARD AuthorDate: Wed Feb 16 15:53:49 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:53:49 2022 +0100 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross master commit: e62cc29f9b6c42b67182a1362e2ea18bad75b5ff master date: 2022-02-08 11:15:53 +0000 --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index 519246b0d6..6ff5918798 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -59,8 +59,6 @@ $(eval $(genpath-target)) $(LIB_OBJS) $(PIC_OBJS): _paths.h --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 2ce92d247e..35f39e74cd 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -113,8 +113,6 @@ $(eval $(genpath-target)) xc_private.h: _paths.h --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index ebdb2a4782..f1554462fb 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -142,3 +142,7 @@ distclean: clean .PHONY: FORCE FORCE: + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 194bc5f268..dd43f37b4c 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -273,5 +273,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index c99508ae6b..89b5412132 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -124,7 +124,5 @@ cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) _paths.h rm -f libxenstat.map --include $(DEPS_INCLUDE) - genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index 43b018aa8c..2b435220ac 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -31,8 +31,6 @@ else PKG_CONFIG_REMOVE += -ldl endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index f5f9e89fee..b739360be7 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -52,8 +52,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) _paths.h genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 06:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 06:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274474.469952 (Exim 4.92) (envelope-from ) id 1nKaBf-00022n-F3; Thu, 17 Feb 2022 06:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274474.469952; Thu, 17 Feb 2022 06:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBf-00022f-BX; Thu, 17 Feb 2022 06:22:43 +0000 Received: by outflank-mailman (input) for mailman id 274474; Thu, 17 Feb 2022 06:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBe-00022M-A8 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKaBe-0005KC-9H for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKaBe-0007L9-8M for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 06:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Niv0JCDuas6BYOp+tx0H1gaaKsJN/ydOyDx+/G4NiPM=; b=PXw0gAyGuzn0Nwz6e138A/bGqs hQyOvVBWdWrBdvHPDCBbhYCXTD908E/pxavKPirxlguZkKRtOG38hLt0uKR0BaL3E2bNOg34nSSe0 LMV4rred1gUB1cG2ZN6JUxdDL+UXhBujGMbI/MXtqUnafWn5d1LP7PYIv+mOdxSTZfQM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Thu, 17 Feb 2022 06:22:42 +0000 commit 0941d6cb2383c4e87d7f53f1df74e8850e1649bc Author: Jan Beulich AuthorDate: Wed Feb 16 15:54:12 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 15:54:12 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index f71015ffa1..e3667cb1a3 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7401,7 +7401,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9558,6 +9557,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274508.469991 (Exim 4.92) (envelope-from ) id 1nKcdv-000188-Fw; Thu, 17 Feb 2022 09:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274508.469991; Thu, 17 Feb 2022 09:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcdv-00017h-Ca; Thu, 17 Feb 2022 09:00:03 +0000 Received: by outflank-mailman (input) for mailman id 274508; Thu, 17 Feb 2022 09:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcdt-0000lT-Od for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcdt-0000A9-KI for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKcdt-0004Lx-JG for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zBvEOWPhM2VUfxGe4z5JdKejTjA5jaS8ZmpM9IsxgnY=; b=yYvqBdgXDRnVuPlYHBxN2WQV8i 9vC28jtLy4UYC2wr7tTzOiN8MALgx7cpXcL6Fe/ZVDaw6ACyiW8YqR7QnlQfBZsirJi4ZG55D36qy IHiVbxHkgQYwVy60PL2A/zd2X9rTEB35u2G+S5ozJEb3SnDluFSIxsBfYtnEKn6FCRcw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] update Xen version to 4.15.3-pre Message-Id: Date: Thu, 17 Feb 2022 09:00:01 +0000 commit 124b8013335b01fc874dff359ac93c1336b291b1 Author: Jan Beulich AuthorDate: Wed Feb 16 16:00:19 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:00:19 2022 +0100 update Xen version to 4.15.3-pre --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index e446b232df..212c819498 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .2$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .3-pre$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274509.469995 (Exim 4.92) (envelope-from ) id 1nKce5-0001gr-HQ; Thu, 17 Feb 2022 09:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274509.469995; Thu, 17 Feb 2022 09:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKce5-0001gj-ED; Thu, 17 Feb 2022 09:00:13 +0000 Received: by outflank-mailman (input) for mailman id 274509; Thu, 17 Feb 2022 09:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKce3-0001gH-OG for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKce3-0000EN-NQ for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKce3-0004O0-MX for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fFiLf8qW0lGUFZ9GgCOROPOITJ/4Jk+C+UTNBDAuRZA=; b=nfUb53B8k4znafGBKsPpYX8tft JsbqNfDc+NBbk2VJevROguEYZrSHUAtVSNbPWp6DXKdp7zvzr5TdQaIFPRr996BF+XydUfBdDIXUD TWXDGhsa4my402BTt97Aeaqcnq98IbOQ7ohEIEDhpod8yLp7N8qT5yTJwvjHuxl8BPoc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libxl: Correctly align the ACPI tables Message-Id: Date: Thu, 17 Feb 2022 09:00:11 +0000 commit 11eedbb0bb1d33c7ad7e8d5e887d1ebf882bcb00 Author: Kevin Stefanov AuthorDate: Wed Feb 16 16:02:12 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:12 2022 +0100 tools/libxl: Correctly align the ACPI tables The memory allocator currently calculates alignment in libxl's virtual address space, rather than guest physical address space. This results in the FACS being commonly misaligned. Furthermore, the allocator has several other bugs. The opencoded align-up calculation is currently susceptible to a bug that occurs in the corner case that the buffer is already aligned to begin with. In that case, an align-sized memory hole is introduced. The while loop is dead logic because its effects are entirely and unconditionally overwritten immediately after it. Rework the memory allocator to align in guest physical address space instead of libxl's virtual memory and improve the calculation, drop errant extra page in allocated buffer for ACPI tables, and give some of the variables better names/types. Fixes: 14c0d328da2b ("libxl/acpi: Build ACPI tables for HVMlite guests") Signed-off-by: Kevin Stefanov Reviewed-by: Jan Beulich Acked-by: Ian Jackson master commit: dd6c062a7a4abdb662c18af03d1396325969d155 master date: 2021-09-24 11:07:50 +0100 --- tools/libs/light/libxl_x86_acpi.c | 49 +++++++++++++++------------------------ 1 file changed, 19 insertions(+), 30 deletions(-) diff --git a/tools/libs/light/libxl_x86_acpi.c b/tools/libs/light/libxl_x86_acpi.c index 3eca1c7a9f..57a6b63790 100644 --- a/tools/libs/light/libxl_x86_acpi.c +++ b/tools/libs/light/libxl_x86_acpi.c @@ -20,6 +20,7 @@ /* Number of pages holding ACPI tables */ #define NUM_ACPI_PAGES 16 +#define ALIGN(p, a) (((p) + ((a) - 1)) & ~((a) - 1)) struct libxl_acpi_ctxt { struct acpi_ctxt c; @@ -28,10 +29,10 @@ struct libxl_acpi_ctxt { unsigned int page_shift; /* Memory allocator */ - unsigned long alloc_base_paddr; - unsigned long alloc_base_vaddr; - unsigned long alloc_currp; - unsigned long alloc_end; + unsigned long guest_start; + unsigned long guest_curr; + unsigned long guest_end; + void *buf; }; extern const unsigned char dsdt_pvh[]; @@ -43,8 +44,7 @@ static unsigned long virt_to_phys(struct acpi_ctxt *ctxt, void *v) struct libxl_acpi_ctxt *libxl_ctxt = CONTAINER_OF(ctxt, struct libxl_acpi_ctxt, c); - return (((unsigned long)v - libxl_ctxt->alloc_base_vaddr) + - libxl_ctxt->alloc_base_paddr); + return libxl_ctxt->guest_start + (v - libxl_ctxt->buf); } static void *mem_alloc(struct acpi_ctxt *ctxt, @@ -58,20 +58,16 @@ static void *mem_alloc(struct acpi_ctxt *ctxt, if (align < 16) align = 16; - s = (libxl_ctxt->alloc_currp + align) & ~((unsigned long)align - 1); + s = ALIGN(libxl_ctxt->guest_curr, align); e = s + size - 1; /* TODO: Reallocate memory */ - if ((e < s) || (e >= libxl_ctxt->alloc_end)) + if ((e < s) || (e >= libxl_ctxt->guest_end)) return NULL; - while (libxl_ctxt->alloc_currp >> libxl_ctxt->page_shift != - e >> libxl_ctxt->page_shift) - libxl_ctxt->alloc_currp += libxl_ctxt->page_size; + libxl_ctxt->guest_curr = e; - libxl_ctxt->alloc_currp = e; - - return (void *)s; + return libxl_ctxt->buf + (s - libxl_ctxt->guest_start); } static void acpi_mem_free(struct acpi_ctxt *ctxt, @@ -163,15 +159,12 @@ int libxl__dom_load_acpi(libxl__gc *gc, struct acpi_config config = {0}; struct libxl_acpi_ctxt libxl_ctxt; int rc = 0, acpi_pages_num; - void *acpi_pages; - unsigned long page_mask; if (b_info->type != LIBXL_DOMAIN_TYPE_PVH) goto out; libxl_ctxt.page_size = XC_DOM_PAGE_SIZE(dom); libxl_ctxt.page_shift = XC_DOM_PAGE_SHIFT(dom); - page_mask = (1UL << libxl_ctxt.page_shift) - 1; libxl_ctxt.c.mem_ops.alloc = mem_alloc; libxl_ctxt.c.mem_ops.v2p = virt_to_phys; @@ -186,19 +179,17 @@ int libxl__dom_load_acpi(libxl__gc *gc, config.rsdp = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); config.infop = (unsigned long)libxl__malloc(gc, libxl_ctxt.page_size); /* Pages to hold ACPI tables */ - acpi_pages = libxl__malloc(gc, (NUM_ACPI_PAGES + 1) * - libxl_ctxt.page_size); + libxl_ctxt.buf = libxl__malloc(gc, NUM_ACPI_PAGES * + libxl_ctxt.page_size); /* * Set up allocator memory. * Start next to acpi_info page to avoid fracturing e820. */ - libxl_ctxt.alloc_base_paddr = ACPI_INFO_PHYSICAL_ADDRESS + - libxl_ctxt.page_size; - libxl_ctxt.alloc_base_vaddr = libxl_ctxt.alloc_currp = - (unsigned long)acpi_pages; - libxl_ctxt.alloc_end = (unsigned long)acpi_pages + - (NUM_ACPI_PAGES * libxl_ctxt.page_size); + libxl_ctxt.guest_start = libxl_ctxt.guest_curr = libxl_ctxt.guest_end = + ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; + + libxl_ctxt.guest_end += NUM_ACPI_PAGES * libxl_ctxt.page_size; /* Build the tables. */ rc = acpi_build_tables(&libxl_ctxt.c, &config); @@ -208,10 +199,8 @@ int libxl__dom_load_acpi(libxl__gc *gc, } /* Calculate how many pages are needed for the tables. */ - acpi_pages_num = - ((libxl_ctxt.alloc_currp - (unsigned long)acpi_pages) - >> libxl_ctxt.page_shift) + - ((libxl_ctxt.alloc_currp & page_mask) ? 1 : 0); + acpi_pages_num = (ALIGN(libxl_ctxt.guest_curr, libxl_ctxt.page_size) - + libxl_ctxt.guest_start) >> libxl_ctxt.page_shift; dom->acpi_modules[0].data = (void *)config.rsdp; dom->acpi_modules[0].length = 64; @@ -231,7 +220,7 @@ int libxl__dom_load_acpi(libxl__gc *gc, dom->acpi_modules[1].length = 4096; dom->acpi_modules[1].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS; - dom->acpi_modules[2].data = acpi_pages; + dom->acpi_modules[2].data = libxl_ctxt.buf; dom->acpi_modules[2].length = acpi_pages_num << libxl_ctxt.page_shift; dom->acpi_modules[2].guest_addr_out = ACPI_INFO_PHYSICAL_ADDRESS + libxl_ctxt.page_size; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274511.469998 (Exim 4.92) (envelope-from ) id 1nKceF-0001qC-KS; Thu, 17 Feb 2022 09:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274511.469998; Thu, 17 Feb 2022 09:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceF-0001q5-HV; Thu, 17 Feb 2022 09:00:23 +0000 Received: by outflank-mailman (input) for mailman id 274511; Thu, 17 Feb 2022 09:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceD-0001n0-RW for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceD-0000Es-Qf for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKceD-0004P6-PT for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yv4AbnZ0GFqfPBs8lA0ZsRVofXuNZnmDgiGYWzpAshc=; b=2W3oHmHjCw+qt7yHktwS0GYJpW TvmwuvTN6CI9Zb53gvPmPqer6KmGnlRM+wfkW0PWhXXVROK4KXy2rbgG+JJmMnNg09jIRt5Um8Xg8 bFDSwdzY9embSISbEw0T/Qg4sS+sARtbg6L0HEzNA2Xv0EjHrXiwcI1pycnYOK2X2/CM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] libxl: force netback to wait for hotplug execution before connecting Message-Id: Date: Thu, 17 Feb 2022 09:00:21 +0000 commit 59a5fbd6fe7a23f95e5c9bef064f9548e32feea6 Author: Roger Pau Monné AuthorDate: Wed Feb 16 16:02:34 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:34 2022 +0100 libxl: force netback to wait for hotplug execution before connecting By writing an empty "hotplug-status" xenstore node in the backend path libxl can force Linux netback to wait for hotplug script execution before proceeding to the 'connected' state. This is required so that netback doesn't skip state 2 (InitWait) and thus blocks libxl waiting for such state in order to launch the hotplug script (see libxl__wait_device_connection). Reported-by: James Dingwall Signed-off-by: Roger Pau Monné Tested-by: James Dingwall Reviewed-by: Paul Durrant Tested-by: Julien Grall Reviewed-by: Wei Liu master commit: 0bdc43c8dec993258e930b34855853c22b917519 master date: 2022-01-27 13:51:19 +0100 --- tools/libs/light/libxl_nic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index 0b45469dca..0b9e70c9d1 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -248,6 +248,13 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(ro_front, "mtu"); flexarray_append(ro_front, GCSPRINTF("%u", nic->mtu)); + /* + * Force backend to wait for hotplug script execution before switching to + * connected state. + */ + flexarray_append(back, "hotplug-status"); + flexarray_append(back, ""); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274514.470014 (Exim 4.92) (envelope-from ) id 1nKceP-0002Dv-4V; Thu, 17 Feb 2022 09:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274514.470014; Thu, 17 Feb 2022 09:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceP-0002Dm-1Y; Thu, 17 Feb 2022 09:00:33 +0000 Received: by outflank-mailman (input) for mailman id 274514; Thu, 17 Feb 2022 09:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceN-0002Cw-VK for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceN-0000FE-UZ for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKceN-0004Py-Ss for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TnV7DEjV34EhW7iWsJrZfn6c3YwxGOswsnhkNCuKTnE=; b=xaGxzvBaFqjMUgPGaFdtAIwTuj JtPWnMQnMAIftH1gmRHJRNKhEdg9n4bX1cmjBRaY2bFLdJNLCCCqkq6UFYFaKceaFtpqFQRQdFEqH Ran0Z/NF8FRQBMis3uUGn8uJ7PoRVwuw5faHV+laT9V2SGckp4are5NkrMdOUEABFh1M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL Message-Id: Date: Thu, 17 Feb 2022 09:00:31 +0000 commit ef47070bbb918e8786011242e8d94e071c35ed0f Author: Dario Faggioli AuthorDate: Wed Feb 16 16:02:58 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:02:58 2022 +0100 tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL If we are in libxl_list_vcpu() and we are returning NULL, let's avoid touching the output parameter *nr_vcpus_out, which the caller should have initialized to 0. The current behavior could be problematic if are creating a domain and, in the meantime, an existing one is destroyed when we have already done some steps of the loop. At which point, we'd return a NULL list of vcpus but with something different than 0 as the number of vcpus in that list. And this can cause troubles in the callers (e.g., nr_vcpus_on_nodes()), when they do a libxl_vcpuinfo_list_free(). Crashes due to this are rare and difficult to reproduce, but have been observed, with stack traces looking like this one: #0 libxl_bitmap_dispose (map=map@entry=0x50) at libxl_utils.c:626 #1 0x00007fe72c993a32 in libxl_vcpuinfo_dispose (p=p@entry=0x38) at _libxl_types.c:692 #2 0x00007fe72c94e3c4 in libxl_vcpuinfo_list_free (list=0x0, nr=) at libxl_utils.c:1059 #3 0x00007fe72c9528bf in nr_vcpus_on_nodes (vcpus_on_node=0x7fe71000eb60, suitable_cpumap=0x7fe721df0d38, tinfo_elements=48, tinfo=0x7fe7101b3900, gc=0x7fe7101bbfa0) at libxl_numa.c:258 #4 libxl__get_numa_candidate (gc=gc@entry=0x7fe7100033a0, min_free_memkb=4233216, min_cpus=4, min_nodes=min_nodes@entry=0, max_nodes=max_nodes@entry=0, suitable_cpumap=suitable_cpumap@entry=0x7fe721df0d38, numa_cmpf=0x7fe72c940110 , cndt_out=0x7fe721df0cf0, cndt_found=0x7fe721df0cb4) at libxl_numa.c:394 #5 0x00007fe72c94152b in numa_place_domain (d_config=0x7fe721df11b0, domid=975, gc=0x7fe7100033a0) at libxl_dom.c:209 #6 libxl__build_pre (gc=gc@entry=0x7fe7100033a0, domid=domid@entry=975, d_config=d_config@entry=0x7fe721df11b0, state=state@entry=0x7fe710077700) at libxl_dom.c:436 #7 0x00007fe72c92c4a5 in libxl__domain_build (gc=0x7fe7100033a0, d_config=d_config@entry=0x7fe721df11b0, domid=975, state=0x7fe710077700) at libxl_create.c:444 #8 0x00007fe72c92de8b in domcreate_bootloader_done (egc=0x7fe721df0f60, bl=0x7fe7100778c0, rc=) at libxl_create.c:1222 #9 0x00007fe72c980425 in libxl__bootloader_run (egc=egc@entry=0x7fe721df0f60, bl=bl@entry=0x7fe7100778c0) at libxl_bootloader.c:403 #10 0x00007fe72c92f281 in initiate_domain_create (egc=egc@entry=0x7fe721df0f60, dcs=dcs@entry=0x7fe7100771b0) at libxl_create.c:1159 #11 0x00007fe72c92f456 in do_domain_create (ctx=ctx@entry=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, restore_fd=restore_fd@entry=-1, send_back_fd=send_back_fd@entry=-1, params=params@entry=0x0, ao_how=0x0, aop_console_how=0x7fe721df10f0) at libxl_create.c:1856 #12 0x00007fe72c92f776 in libxl_domain_create_new (ctx=0x7fe71001c840, d_config=d_config@entry=0x7fe721df11b0, domid=domid@entry=0x7fe721df10a8, ao_how=ao_how@entry=0x0, aop_console_how=aop_console_how@entry=0x7fe721df10f0) at libxl_create.c:2075 Signed-off-by: Dario Faggioli Tested-by: James Fehlig Reviewed-by: Anthony PERARD master commit: d9d3496e817ace919092d70d4730257b37c2e743 master date: 2022-01-31 10:58:07 +0100 --- tools/libs/light/libxl_domain.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c index c00c36c928..8176d77d06 100644 --- a/tools/libs/light/libxl_domain.c +++ b/tools/libs/light/libxl_domain.c @@ -1660,6 +1660,7 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, libxl_vcpuinfo *ptr, *ret; xc_domaininfo_t domaininfo; xc_vcpuinfo_t vcpuinfo; + unsigned int nr_vcpus; if (xc_domain_getinfolist(ctx->xch, domid, 1, &domaininfo) != 1) { LOGED(ERROR, domid, "Getting infolist"); @@ -1676,33 +1677,34 @@ libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, ret = ptr = libxl__calloc(NOGC, domaininfo.max_vcpu_id + 1, sizeof(libxl_vcpuinfo)); - for (*nr_vcpus_out = 0; - *nr_vcpus_out <= domaininfo.max_vcpu_id; - ++*nr_vcpus_out, ++ptr) { + for (nr_vcpus = 0; + nr_vcpus <= domaininfo.max_vcpu_id; + ++nr_vcpus, ++ptr) { libxl_bitmap_init(&ptr->cpumap); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap, 0)) goto err; libxl_bitmap_init(&ptr->cpumap_soft); if (libxl_cpu_bitmap_alloc(ctx, &ptr->cpumap_soft, 0)) goto err; - if (xc_vcpu_getinfo(ctx->xch, domid, *nr_vcpus_out, &vcpuinfo) == -1) { + if (xc_vcpu_getinfo(ctx->xch, domid, nr_vcpus, &vcpuinfo) == -1) { LOGED(ERROR, domid, "Getting vcpu info"); goto err; } - if (xc_vcpu_getaffinity(ctx->xch, domid, *nr_vcpus_out, + if (xc_vcpu_getaffinity(ctx->xch, domid, nr_vcpus, ptr->cpumap.map, ptr->cpumap_soft.map, XEN_VCPUAFFINITY_SOFT|XEN_VCPUAFFINITY_HARD) == -1) { LOGED(ERROR, domid, "Getting vcpu affinity"); goto err; } - ptr->vcpuid = *nr_vcpus_out; + ptr->vcpuid = nr_vcpus; ptr->cpu = vcpuinfo.cpu; ptr->online = !!vcpuinfo.online; ptr->blocked = !!vcpuinfo.blocked; ptr->running = !!vcpuinfo.running; ptr->vcpu_time = vcpuinfo.cpu_time; } + *nr_vcpus_out = nr_vcpus; GC_FREE; return ret; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274516.470018 (Exim 4.92) (envelope-from ) id 1nKceZ-0002Ng-68; Thu, 17 Feb 2022 09:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274516.470018; Thu, 17 Feb 2022 09:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceZ-0002NX-35; Thu, 17 Feb 2022 09:00:43 +0000 Received: by outflank-mailman (input) for mailman id 274516; Thu, 17 Feb 2022 09:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceY-0002Lg-1x for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKceY-0000FQ-1B for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKceY-0004Qc-0Z for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XkOChW8CbV479DzsbT9A+CQPXGwpjq/iSnAh64RHzIw=; b=TGJmMQmVE1acVY10XRZuuxlJsG PUJ5ZJV9rqYpPM2lChw1bpRw3iM4RjWQYGTWa28LJVIFlOabt8CW5aFGwbz98h34MxKIiWNv6Ow6m rxa5WFUdmjyO6slWP2nb59ITb/cKDI6alJCcRV38uvfWmWA1haL5DFEq16VFfRH1+w80=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libs: Fix build dependencies Message-Id: Date: Thu, 17 Feb 2022 09:00:42 +0000 commit 3bf48e5325b6eb4d01e1707e6b2c79f08afb16a0 Author: Anthony PERARD AuthorDate: Wed Feb 16 16:03:56 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:03:56 2022 +0100 tools/libs: Fix build dependencies Some libs' Makefile aren't loading the dependencies files *.d2. We can load them from "libs.mk" as none of the Makefile here are changing $(DEPS) or $(DEPS_INCLUDE) so it is fine to move the "include" to "libs.mk". As a little improvement, don't load the dependencies files (and thus avoid regenerating the *.d2 files) during `make clean`. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross master commit: e62cc29f9b6c42b67182a1362e2ea18bad75b5ff master date: 2022-02-08 11:15:53 +0000 --- tools/libs/ctrl/Makefile | 2 -- tools/libs/guest/Makefile | 2 -- tools/libs/libs.mk | 4 ++++ tools/libs/light/Makefile | 2 -- tools/libs/stat/Makefile | 2 -- tools/libs/store/Makefile | 2 -- tools/libs/util/Makefile | 2 -- tools/libs/vchan/Makefile | 1 - 8 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile index ce9ecae710..449c89f440 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile @@ -63,8 +63,6 @@ $(eval $(genpath-target)) $(LIB_OBJS) $(PIC_OBJS): _paths.h --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 604e1695d6..58c50250df 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -109,8 +109,6 @@ $(eval $(genpath-target)) xc_private.h: _paths.h --include $(DEPS_INCLUDE) - .PHONY: cleanlocal cleanlocal: rm -f libxenguest.map diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk index 2d973ccb95..c453a46858 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -140,3 +140,7 @@ distclean: clean .PHONY: FORCE FORCE: + +ifeq ($(filter clean distclean,$(MAKECMDGOALS)),) +-include $(DEPS_INCLUDE) +endif diff --git a/tools/libs/light/Makefile b/tools/libs/light/Makefile index 7d8c51d492..273fab6608 100644 --- a/tools/libs/light/Makefile +++ b/tools/libs/light/Makefile @@ -271,5 +271,3 @@ cleanlocal: $(RM) -f libxenlight.map $(RM) -f $(AUTOSRCS) $(AUTOINCS) $(MAKE) -C $(ACPI_PATH) ACPI_BUILD_DIR=$(CURDIR) clean - --include $(DEPS_INCLUDE) diff --git a/tools/libs/stat/Makefile b/tools/libs/stat/Makefile index c99508ae6b..89b5412132 100644 --- a/tools/libs/stat/Makefile +++ b/tools/libs/stat/Makefile @@ -124,7 +124,5 @@ cleanlocal: rm -f $(BINDINGS) $(BINDINGSRC) $(DEPS_RM) _paths.h rm -f libxenstat.map --include $(DEPS_INCLUDE) - genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) diff --git a/tools/libs/store/Makefile b/tools/libs/store/Makefile index bee57b5629..bc89b9cd70 100644 --- a/tools/libs/store/Makefile +++ b/tools/libs/store/Makefile @@ -31,8 +31,6 @@ else PKG_CONFIG_REMOVE += -ldl endif --include $(DEPS_INCLUDE) - .PHONY: install install: install-headers diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile index f5f9e89fee..b739360be7 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile @@ -52,8 +52,6 @@ $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) _paths.h genpath-target = $(call buildmakevars2header,_paths.h) $(eval $(genpath-target)) --include $(DEPS_INCLUDE) - clean: cleanlocal .PHONY: cleanlocal diff --git a/tools/libs/vchan/Makefile b/tools/libs/vchan/Makefile index df112f1b88..83a45d2817 100644 --- a/tools/libs/vchan/Makefile +++ b/tools/libs/vchan/Makefile @@ -11,7 +11,6 @@ SRCS-y += io.c NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk --include $(DEPS_INCLUDE) clean: cleanlocal -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 09:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 09:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274521.470022 (Exim 4.92) (envelope-from ) id 1nKcej-0002Y1-7j; Thu, 17 Feb 2022 09:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274521.470022; Thu, 17 Feb 2022 09:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcej-0002Xt-4X; Thu, 17 Feb 2022 09:00:53 +0000 Received: by outflank-mailman (input) for mailman id 274521; Thu, 17 Feb 2022 09:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcei-0002WR-5i for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKcei-0000FU-4h for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKcei-0004Rh-3k for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 09:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=coc/z7lYFuwFS9GsBAwknGLekPtrX8q+5ISDrg47IKY=; b=Xz3dAWX5KY3WQXB94coDT0ysD+ PMQxUWN2JyThts6tU7iEWFm9baFBdUxk6kSDYWSsGfNnpAaLBxLTEVJ0n4W93B8aErgykl7kDaNeq D74XHT+Aq9ooQTwCJsaSfNTwFxi20sFWiFvfO9/qzeIKZwzjQBECIrwpZ1pGp3AcHzYk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86emul: fix VPBLENDMW with mask and memory operand Message-Id: Date: Thu, 17 Feb 2022 09:00:52 +0000 commit 084bf6b19a7645e05878afcba88373534b06bb18 Author: Jan Beulich AuthorDate: Wed Feb 16 16:04:14 2022 +0100 Commit: Jan Beulich CommitDate: Wed Feb 16 16:04:14 2022 +0100 x86emul: fix VPBLENDMW with mask and memory operand Element size for this opcode depends on EVEX.W, not the low opcode bit. Make use of AVX512BW being a prereq to AVX512_BITALG and move the case label there, adding an AVX512BW feature check. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: eddf13b5e9401f6871dcce1ce61c80cff62079ed master date: 2022-02-14 10:08:38 +0100 --- xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 0f7f97cd1c..5e297f7971 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7367,7 +7367,6 @@ x86_emulate( case X86EMUL_OPC_EVEX_66(0x0f38, 0x0b): /* vpmulhrsw [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1c): /* vpabsb [xyz]mm/mem,[xyz]mm{k} */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x1d): /* vpabsw [xyz]mm/mem,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << (b & 1); @@ -9523,6 +9522,9 @@ x86_emulate( /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f38, 0x54): /* vpopcnt{b,w} [xyz]mm/mem,[xyz]mm{k} */ host_and_vcpu_must_have(avx512_bitalg); + /* fall through */ + case X86EMUL_OPC_EVEX_66(0x0f38, 0x66): /* vpblendm{b,w} [xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + host_and_vcpu_must_have(avx512bw); generate_exception_if(evex.brs, EXC_UD); elem_bytes = 1 << evex.w; goto avx512f_no_sae; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274993.470654 (Exim 4.92) (envelope-from ) id 1nKmrq-0004Jg-6O; Thu, 17 Feb 2022 19:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274993.470654; Thu, 17 Feb 2022 19:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmrq-0004JY-2o; Thu, 17 Feb 2022 19:55:06 +0000 Received: by outflank-mailman (input) for mailman id 274993; Thu, 17 Feb 2022 19:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmro-0004JS-M7 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmro-0004tM-JV for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmro-0001wy-IQ for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sGQM4NUzmuEU6nnaaDNKDqjIEsKp0PPuR3zlIqa26sc=; b=GW4jV3PbHj+RpIc6cjtXV3qI3W QMZb0hZJwc9eGZbdet2EisdPZQYN72+NV9fIeYVtcvrjAjHuQuNVjZt8VPNxYdpoimwhJx60uJgCL HHiFSlvPv/WD+KY5GK7XN12Tq1ju15z3fVuJRVAr5OlHtb0ilEYCeaIVc0QltQkxtwp8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: introduce internal CDF_xxx flags for domain creation Message-Id: Date: Thu, 17 Feb 2022 19:55:04 +0000 commit 6f815e86eff46b0e1ef7815e9933c2bdf590e68f Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:46 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:40:53 2022 +0000 xen: introduce internal CDF_xxx flags for domain creation We are passing an internal-only boolean flag at domain creation to specify whether we want the domain to be privileged (i.e. dom0) or not. Another flag will be introduced later in this series. This commit extends original "boolean" to an "unsigned int" covering both the existing "is_priv" and our new "directmap", which will be introduced later. To make visible the relationship, we name the respective constants CDF_xxx (with no XEN_DOMCTL_ prefix) to represent the difference with the public constants XEN_DOMCTL_CDF_xxx. Allocate bit 0 as CDF_privileged: whether a domain is privileged or not. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Jan Beulich Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 4 ++-- xen/arch/x86/setup.c | 2 +- xen/common/domain.c | 10 +++++----- xen/common/sched/core.c | 2 +- xen/include/xen/domain.h | 4 ++++ xen/include/xen/sched.h | 2 +- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6931c022a2..0fab8604de 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3058,7 +3058,7 @@ void __init create_domUs(void) * very important to use the pre-increment operator to call * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0) */ - d = domain_create(++max_init_domid, &d_cfg, false); + d = domain_create(++max_init_domid, &d_cfg, 0); if ( IS_ERR(d) ) panic("Error creating domain %s\n", dt_node_name(node)); @@ -3160,7 +3160,7 @@ void __init create_dom0(void) if ( iommu_enabled ) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; - dom0 = domain_create(0, &dom0_cfg, true); + dom0 = domain_create(0, &dom0_cfg, CDF_privileged); if ( IS_ERR(dom0) || (alloc_dom0_vcpu0(dom0) == NULL) ) panic("Error creating domain 0\n"); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 115f8f6517..624b53ded4 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -789,7 +789,7 @@ static struct domain *__init create_dom0(const module_t *image, /* Create initial domain. Not d0 for pvshim. */ domid = get_initial_domain_id(); - d = domain_create(domid, &dom0_cfg, !pv_shim); + d = domain_create(domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", domid, PTR_ERR(d)); diff --git a/xen/common/domain.c b/xen/common/domain.c index 2048ebad86..a79103e04a 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -552,7 +552,7 @@ static int sanitise_domain_config(struct xen_domctl_createdomain *config) struct domain *domain_create(domid_t domid, struct xen_domctl_createdomain *config, - bool is_priv) + unsigned int flags) { struct domain *d, **pd, *old_hwdom = NULL; enum { INIT_watchdog = 1u<<1, @@ -578,7 +578,7 @@ struct domain *domain_create(domid_t domid, } /* Sort out our idea of is_control_domain(). */ - d->is_privileged = is_priv; + d->is_privileged = flags & CDF_privileged; /* Sort out our idea of is_hardware_domain(). */ if ( domid == 0 || domid == hardware_domid ) @@ -772,7 +772,7 @@ void __init setup_system_domains(void) * Hidden PCI devices will also be associated with this domain * (but be [partly] controlled by Dom0 nevertheless). */ - dom_xen = domain_create(DOMID_XEN, NULL, false); + dom_xen = domain_create(DOMID_XEN, NULL, 0); if ( IS_ERR(dom_xen) ) panic("Failed to create d[XEN]: %ld\n", PTR_ERR(dom_xen)); @@ -782,7 +782,7 @@ void __init setup_system_domains(void) * array. Mappings occur at the priv of the caller. * Quarantined PCI devices will be associated with this domain. */ - dom_io = domain_create(DOMID_IO, NULL, false); + dom_io = domain_create(DOMID_IO, NULL, 0); if ( IS_ERR(dom_io) ) panic("Failed to create d[IO]: %ld\n", PTR_ERR(dom_io)); @@ -791,7 +791,7 @@ void __init setup_system_domains(void) * Initialise our COW domain. * This domain owns sharable pages. */ - dom_cow = domain_create(DOMID_COW, NULL, false); + dom_cow = domain_create(DOMID_COW, NULL, 0); if ( IS_ERR(dom_cow) ) panic("Failed to create d[COW]: %ld\n", PTR_ERR(dom_cow)); #endif diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 8f4b1ca10d..f5c819349b 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3021,7 +3021,7 @@ void __init scheduler_init(void) sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; } - idle_domain = domain_create(DOMID_IDLE, NULL, false); + idle_domain = domain_create(DOMID_IDLE, NULL, 0); BUG_ON(IS_ERR(idle_domain)); BUG_ON(nr_cpu_ids > ARRAY_SIZE(idle_vcpu)); idle_domain->vcpu = idle_vcpu; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 160c8dbdab..cfb0b47f13 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -28,6 +28,10 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info); void arch_get_domain_info(const struct domain *d, struct xen_domctl_getdomaininfo *info); +/* CDF_* constant. Internal flags for domain creation. */ +/* Is this a privileged domain? */ +#define CDF_privileged (1U << 0) + /* * Arch-specifics. */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 37f78cc4c4..24a9a87f83 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -665,7 +665,7 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config); */ struct domain *domain_create(domid_t domid, struct xen_domctl_createdomain *config, - bool is_priv); + unsigned int flags); /* * rcu_lock_domain_by_id() is more efficient than get_domain_by_id(). -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274994.470657 (Exim 4.92) (envelope-from ) id 1nKms0-0004Le-7K; Thu, 17 Feb 2022 19:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274994.470657; Thu, 17 Feb 2022 19:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKms0-0004LW-4J; Thu, 17 Feb 2022 19:55:16 +0000 Received: by outflank-mailman (input) for mailman id 274994; Thu, 17 Feb 2022 19:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmry-0004LQ-PH for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmry-0004uz-OP for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmry-0001xp-MA for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NI1i6oMYuTuWl4rTw7aqHNNA1JPEoMz2SOscT5SqmWw=; b=md8ZiBWJsy5ms6+jgfPqRePSjq CwoO7L4nYDMljeyjPCrMTDDRq57UYkQ8ELYSf6ihMEVtWUsUBaC8WyYFNGS6+Mag5x56jAuU+hhgg yF3SK0/NrfSLVHORWnGlAu0wq61nqpmNBQU8HntRO8LZsen7P6EOsniz/cY6Ncodfy/w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: introduce CDF_directmap Message-Id: Date: Thu, 17 Feb 2022 19:55:14 +0000 commit 80e2005373dd40f9d4696e78f1f9ddef2e978abf Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:47 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:42:49 2022 +0000 xen: introduce CDF_directmap This commit introduces a new arm-specific flag CDF_directmap to specify that a domain should have its memory direct-map(guest physical address == host physical address) at domain creation. Also, add a directmap flag under struct arch_domain and use it to reimplement is_domain_direct_mapped. For now, direct-map is only available when statically allocated memory is used for the domain, that is, "xen,static-mem" must be also defined in the domain configuration. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Acked-by: Jan Beulich Acked-by: Julien Grall Tested-by: Stefano Stabellini --- docs/misc/arm/device-tree/booting.txt | 6 ++++++ xen/arch/arm/domain.c | 5 ++++- xen/arch/arm/domain_build.c | 14 ++++++++++++-- xen/arch/arm/include/asm/domain.h | 5 +++-- xen/arch/x86/domain.c | 3 ++- xen/common/domain.c | 2 +- xen/include/xen/domain.h | 7 ++++++- 7 files changed, 34 insertions(+), 8 deletions(-) diff --git a/docs/misc/arm/device-tree/booting.txt b/docs/misc/arm/device-tree/booting.txt index 71895663a4..a94125394e 100644 --- a/docs/misc/arm/device-tree/booting.txt +++ b/docs/misc/arm/device-tree/booting.txt @@ -182,6 +182,12 @@ with the following properties: Both #address-cells and #size-cells need to be specified because both sub-nodes (described shortly) have reg properties. +- direct-map + + Only available when statically allocated memory is used for the domain. + An empty property to request the memory of the domain to be + direct-map (guest physical address == physical address). + Under the "xen,domain" compatible node, one or more sub-nodes are present for the DomU kernel and ramdisk. diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 92a6c509e5..8110c1df86 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -692,7 +692,8 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) } int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config) + struct xen_domctl_createdomain *config, + unsigned int flags) { int rc, count = 0; @@ -708,6 +709,8 @@ int arch_domain_create(struct domain *d, ioreq_domain_init(d); #endif + d->arch.directmap = flags & CDF_directmap; + /* p2m_init relies on some value initialized by the IOMMU subsystem */ if ( (rc = iommu_domain_init(d, config->iommu_opts)) != 0 ) goto fail; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 0fab8604de..6467e8ee32 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3029,10 +3029,20 @@ void __init create_domUs(void) .max_maptrack_frames = -1, .grant_opts = XEN_DOMCTL_GRANT_version(opt_gnttab_max_version), }; + unsigned int flags = 0U; if ( !dt_device_is_compatible(node, "xen,domain") ) continue; + if ( dt_property_read_bool(node, "direct-map") ) + { + if ( !IS_ENABLED(CONFIG_STATIC_MEMORY) || !dt_find_property(node, "xen,static-mem", NULL) ) + panic("direct-map is not valid for domain %s without static allocation.\n", + dt_node_name(node)); + + flags |= CDF_directmap; + } + if ( !dt_property_read_u32(node, "cpus", &d_cfg.max_vcpus) ) panic("Missing property 'cpus' for domain %s\n", dt_node_name(node)); @@ -3058,7 +3068,7 @@ void __init create_domUs(void) * very important to use the pre-increment operator to call * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0) */ - d = domain_create(++max_init_domid, &d_cfg, 0); + d = domain_create(++max_init_domid, &d_cfg, flags); if ( IS_ERR(d) ) panic("Error creating domain %s\n", dt_node_name(node)); @@ -3160,7 +3170,7 @@ void __init create_dom0(void) if ( iommu_enabled ) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; - dom0 = domain_create(0, &dom0_cfg, CDF_privileged); + dom0 = domain_create(0, &dom0_cfg, CDF_privileged | CDF_directmap); if ( IS_ERR(dom0) || (alloc_dom0_vcpu0(dom0) == NULL) ) panic("Error creating domain 0\n"); diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index 9b3647587a..aabe942cde 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -29,8 +29,7 @@ enum domain_type { #define is_64bit_domain(d) (0) #endif -/* The hardware domain has always its memory direct mapped. */ -#define is_domain_direct_mapped(d) is_hardware_domain(d) +#define is_domain_direct_mapped(d) (d)->arch.directmap struct vtimer { struct vcpu *v; @@ -89,6 +88,8 @@ struct arch_domain #ifdef CONFIG_TEE void *tee; #endif + + bool directmap; } __cacheline_aligned; struct arch_vcpu diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index ef1812dc14..9835f90ea0 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -722,7 +722,8 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags) } int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config) + struct xen_domctl_createdomain *config, + unsigned int flags) { bool paging_initialised = false; uint32_t emflags; diff --git a/xen/common/domain.c b/xen/common/domain.c index a79103e04a..3742322d22 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -659,7 +659,7 @@ struct domain *domain_create(domid_t domid, radix_tree_init(&d->pirq_tree); } - if ( (err = arch_domain_create(d, config)) != 0 ) + if ( (err = arch_domain_create(d, config, flags)) != 0 ) goto fail; init_status |= INIT_arch; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index cfb0b47f13..24eb4cc7d3 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -31,6 +31,10 @@ void arch_get_domain_info(const struct domain *d, /* CDF_* constant. Internal flags for domain creation. */ /* Is this a privileged domain? */ #define CDF_privileged (1U << 0) +#ifdef CONFIG_ARM +/* Should domain memory be directly mapped? */ +#define CDF_directmap (1U << 1) +#endif /* * Arch-specifics. @@ -65,7 +69,8 @@ int map_vcpu_info(struct vcpu *v, unsigned long gfn, unsigned offset); void unmap_vcpu_info(struct vcpu *v); int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config); + struct xen_domctl_createdomain *config, + unsigned int flags); void arch_domain_destroy(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274996.470672 (Exim 4.92) (envelope-from ) id 1nKmsA-0004f6-HT; Thu, 17 Feb 2022 19:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274996.470672; Thu, 17 Feb 2022 19:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsA-0004ez-EK; Thu, 17 Feb 2022 19:55:26 +0000 Received: by outflank-mailman (input) for mailman id 274996; Thu, 17 Feb 2022 19:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKms8-0004e4-Sa for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKms8-0004vn-Ro for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKms8-0001yr-Qn for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RD1fdaY/q3h+IwvIWEZIoumiKlEikZPbSKJInvUCdm4=; b=sjPBMoxTcLFYf3i/k6Cu9bvItb Ln0S6j5z6FqbiBLAfAO0Pm7VYplML0p3YbFXoxZBMqkXT0lWUlgbIvCGvImE03o+CUxtZWJKHFf7m IR7NtScuhb6FWwoAjrOTqarYFcZfe+Vx0zedX9vv3lVhMIX/fRwK9hMvo6khFXca8mSc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Allow device-passthrough even the IOMMU is off Message-Id: Date: Thu, 17 Feb 2022 19:55:24 +0000 commit 02d552627c2b2b4e8874ff9b6e9a47b728964c18 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:48 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: Allow device-passthrough even the IOMMU is off At the moment, we are only supporting device-passthrough when Xen has enabled the IOMMU. There are some use cases where it is not possible to use the IOMMU (e.g. doesn't exist, hardware limitation, performance) yet it would be OK to assign a device to trusted domain so long they are direct-mapped or the device doesn't do DMA. Note that when the IOMMU is disabled, it will be necessary to add xen,force-assign-without-iommu for every device that needs to be assigned. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Tested-by: Stefano Stabellini Acked-by: Julien Grall --- xen/arch/arm/domain_build.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6467e8ee32..c1e8c99f64 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3047,7 +3047,8 @@ void __init create_domUs(void) panic("Missing property 'cpus' for domain %s\n", dt_node_name(node)); - if ( dt_find_compatible_node(node, NULL, "multiboot,device-tree") ) + if ( dt_find_compatible_node(node, NULL, "multiboot,device-tree") && + iommu_enabled ) d_cfg.flags |= XEN_DOMCTL_CDF_iommu; if ( !dt_property_read_u32(node, "nr_spis", &d_cfg.arch.nr_spis) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.274997.470676 (Exim 4.92) (envelope-from ) id 1nKmsK-0004o5-J7; Thu, 17 Feb 2022 19:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 274997.470676; Thu, 17 Feb 2022 19:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsK-0004nw-G0; Thu, 17 Feb 2022 19:55:36 +0000 Received: by outflank-mailman (input) for mailman id 274997; Thu, 17 Feb 2022 19:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsI-0004lq-W2 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsI-0004vz-V2 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmsI-0001zT-U4 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rQemg6AXRA3xzjB65WfSNlWWzXSld6jbZBgQ3Cq58Zc=; b=LviSb/Ld++momsjn4uHBsLC7en uRiywg/8XrAWEdkh8nvQ03OI9ci6MayHOV6SKsUMAsyLMzNvsKhGFOxVzYNqNipWQhFaRzXBo4tS7 tZSMQ5N5Wd0vXV256bgRJamM5aZXKLCXcwyR1wU9UkJmpWgOj/wygY6g81x5qjWapzlc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce new helper parse_static_mem_prop and acquire_static_memory_bank Message-Id: Date: Thu, 17 Feb 2022 19:55:34 +0000 commit ba560aa0bdd8044b831cdd41ea9db6a26ec6978f Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:49 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: introduce new helper parse_static_mem_prop and acquire_static_memory_bank Later, we will introduce assign_static_memory_11 for allocating static memory for direct-map domains, and it will share a lot common codes with the existing allocate_static_memory. In order not to bring a lot of duplicate codes, and also to make the whole code more readable, this commit extracts common codes into two new helpers parse_static_mem_prop and acquire_static_memory_bank. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 100 ++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 36 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index c1e8c99f64..e61d2d53ba 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -509,12 +509,69 @@ static bool __init append_static_memory_to_bank(struct domain *d, return true; } +static mfn_t __init acquire_static_memory_bank(struct domain *d, + const __be32 **cell, + u32 addr_cells, u32 size_cells, + paddr_t *pbase, paddr_t *psize) +{ + mfn_t smfn; + int res; + + device_tree_get_reg(cell, addr_cells, size_cells, pbase, psize); + ASSERT(IS_ALIGNED(*pbase, PAGE_SIZE) && IS_ALIGNED(*psize, PAGE_SIZE)); + if ( PFN_DOWN(*psize) > UINT_MAX ) + { + printk(XENLOG_ERR "%pd: static memory size too large: %#"PRIpaddr, + d, *psize); + return INVALID_MFN; + } + + smfn = maddr_to_mfn(*pbase); + res = acquire_domstatic_pages(d, smfn, PFN_DOWN(*psize), 0); + if ( res ) + { + printk(XENLOG_ERR + "%pd: failed to acquire static memory: %d.\n", d, res); + return INVALID_MFN; + } + + return smfn; +} + +static int __init parse_static_mem_prop(const struct dt_device_node *node, + u32 *addr_cells, u32 *size_cells, + int *length, const __be32 **cell) +{ + const struct dt_property *prop; + + prop = dt_find_property(node, "xen,static-mem", NULL); + if ( !dt_property_read_u32(node, "#xen,static-mem-address-cells", + addr_cells) ) + { + printk(XENLOG_ERR + "failed to read \"#xen,static-mem-address-cells\".\n"); + return -EINVAL; + } + + if ( !dt_property_read_u32(node, "#xen,static-mem-size-cells", + size_cells) ) + { + printk(XENLOG_ERR + "failed to read \"#xen,static-mem-size-cells\".\n"); + return -EINVAL; + } + + *cell = (const __be32 *)prop->value; + *length = prop->length; + + return 0; +} + /* Allocate memory from static memory as RAM for one specific domain d. */ static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { - const struct dt_property *prop; u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, gbank, bank = 0; const uint64_t rambase[] = GUEST_RAM_BANK_BASES; @@ -523,24 +580,10 @@ static void __init allocate_static_memory(struct domain *d, u64 tot_size = 0; paddr_t pbase, psize, gsize; mfn_t smfn; - int res; - - prop = dt_find_property(node, "xen,static-mem", NULL); - if ( !dt_property_read_u32(node, "#xen,static-mem-address-cells", - &addr_cells) ) - { - printk(XENLOG_ERR - "%pd: failed to read \"#xen,static-mem-address-cells\".\n", d); - goto fail; - } + int length; - if ( !dt_property_read_u32(node, "#xen,static-mem-size-cells", - &size_cells) ) - { - printk(XENLOG_ERR - "%pd: failed to read \"#xen,static-mem-size-cells\".\n", d); + if ( parse_static_mem_prop(node, &addr_cells, &size_cells, &length, &cell) ) goto fail; - } reg_cells = addr_cells + size_cells; /* @@ -551,29 +594,14 @@ static void __init allocate_static_memory(struct domain *d, gbank = 0; gsize = ramsize[gbank]; kinfo->mem.bank[gbank].start = rambase[gbank]; - - cell = (const __be32 *)prop->value; - nr_banks = (prop->length) / (reg_cells * sizeof (u32)); + nr_banks = length / (reg_cells * sizeof (u32)); for ( ; bank < nr_banks; bank++ ) { - device_tree_get_reg(&cell, addr_cells, size_cells, &pbase, &psize); - ASSERT(IS_ALIGNED(pbase, PAGE_SIZE) && IS_ALIGNED(psize, PAGE_SIZE)); - - if ( PFN_DOWN(psize) > UINT_MAX ) - { - printk(XENLOG_ERR "%pd: static memory size too large: %#"PRIpaddr, - d, psize); + smfn = acquire_static_memory_bank(d, &cell, addr_cells, size_cells, + &pbase, &psize); + if ( mfn_eq(smfn, INVALID_MFN) ) goto fail; - } - smfn = maddr_to_mfn(pbase); - res = acquire_domstatic_pages(d, smfn, PFN_DOWN(psize), 0); - if ( res ) - { - printk(XENLOG_ERR - "%pd: failed to acquire static memory: %d.\n", d, res); - goto fail; - } printk(XENLOG_INFO "%pd: STATIC BANK[%u] %#"PRIpaddr"-%#"PRIpaddr"\n", d, bank, pbase, pbase + psize); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275000.470679 (Exim 4.92) (envelope-from ) id 1nKmsU-0004wp-Km; Thu, 17 Feb 2022 19:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275000.470679; Thu, 17 Feb 2022 19:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsU-0004wh-HU; Thu, 17 Feb 2022 19:55:46 +0000 Received: by outflank-mailman (input) for mailman id 275000; Thu, 17 Feb 2022 19:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsT-0004wE-2g for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsT-0004w9-1s for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmsT-00020C-13 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a1cLHQurrerBGvEMoTHysByPrgxYIi2Zj7VKoLTLqwM=; b=qfk6EHNiPQYteBiSlc13DjGbG5 NDqsWkqF7EKA6JlYIMQYrQTYFLXJbh9Jm4LgyQt3PIdw28+kxmPYdwkw6kUTX8MKxfgcf/VoiSWoR ROUGOtholuxbCyObsHbSQqbRPhAsbvlJcq/eDfVMVBLk8oto9E13dd2I7MpgG6fRM+V4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: introduce direct-map for domUs Message-Id: Date: Thu, 17 Feb 2022 19:55:45 +0000 commit 75591dcfe0341def8dfc79fb7ef19f89fb3de327 Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:50 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: introduce direct-map for domUs Cases where domU needs direct-map memory map: * IOMMU not present in the system. * IOMMU disabled if it doesn't cover a specific device and all the guests are trusted. Thinking a mixed scenario, where a few devices with IOMMU and a few without, then guest DMA security still could not be totally guaranteed. So users may want to disable the IOMMU, to at least gain some performance improvement from IOMMU disabled. * IOMMU disabled as a workaround when it doesn't have enough bandwidth. To be specific, in a few extreme situation, when multiple devices do DMA concurrently, these requests may exceed IOMMU's transmission capacity. * IOMMU disabled when it adds too much latency on DMA. For example, TLB may be missing in some IOMMU hardware, which may bring latency in DMA progress, so users may want to disable it in some realtime scenario. * Guest OS relies on the host memory layout This commit introduces a new helper assign_static_memory_11 to allocate static memory as guest RAM for direct-map domain. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 97 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index e61d2d53ba..ec29bd302c 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -494,8 +494,17 @@ static bool __init append_static_memory_to_bank(struct domain *d, { int res; unsigned int nr_pages = PFN_DOWN(size); - /* Infer next GFN. */ - gfn_t sgfn = gaddr_to_gfn(bank->start + bank->size); + gfn_t sgfn; + + /* + * For direct-mapped domain, the GFN match the MFN. + * Otherwise, this is inferred on what has already been allocated + * in the bank. + */ + if ( !is_domain_direct_mapped(d) ) + sgfn = gaddr_to_gfn(bank->start + bank->size); + else + sgfn = gaddr_to_gfn(mfn_to_maddr(smfn)); res = guest_physmap_add_pages(d, sgfn, smfn, nr_pages); if ( res ) @@ -668,12 +677,92 @@ static void __init allocate_static_memory(struct domain *d, fail: panic("Failed to allocate requested static memory for domain %pd.", d); } + +/* + * Allocate static memory as RAM for one specific domain d. + * The static memory will be directly mapped in the guest(Guest Physical + * Address == Physical Address). + */ +static void __init assign_static_memory_11(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ + u32 addr_cells, size_cells, reg_cells; + unsigned int nr_banks, bank = 0; + const __be32 *cell; + paddr_t pbase, psize; + mfn_t smfn; + int length; + + if ( parse_static_mem_prop(node, &addr_cells, &size_cells, &length, &cell) ) + { + printk(XENLOG_ERR + "%pd: failed to parse \"xen,static-mem\" property.\n", d); + goto fail; + } + reg_cells = addr_cells + size_cells; + nr_banks = length / (reg_cells * sizeof(u32)); + + if ( nr_banks > NR_MEM_BANKS ) + { + printk(XENLOG_ERR + "%pd: exceed max number of supported guest memory banks.\n", d); + goto fail; + } + + for ( ; bank < nr_banks; bank++ ) + { + smfn = acquire_static_memory_bank(d, &cell, addr_cells, size_cells, + &pbase, &psize); + if ( mfn_eq(smfn, INVALID_MFN) ) + goto fail; + + printk(XENLOG_INFO "%pd: STATIC BANK[%u] %#"PRIpaddr"-%#"PRIpaddr"\n", + d, bank, pbase, pbase + psize); + + /* One guest memory bank is matched with one physical memory bank. */ + kinfo->mem.bank[bank].start = pbase; + if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[bank], + smfn, psize) ) + goto fail; + + kinfo->unassigned_mem -= psize; + } + + kinfo->mem.nr_banks = nr_banks; + + /* + * The property 'memory' should match the amount of memory given to + * the guest. + * Currently, it is only possible to either acquire static memory or + * let Xen allocate. *Mixing* is not supported. + */ + if ( kinfo->unassigned_mem != 0 ) + { + printk(XENLOG_ERR + "Size of \"memory\" property doesn't match up with the sum-up of \"xen,static-mem\".\n"); + goto fail; + } + + return; + + fail: + panic("Failed to assign requested static memory for direct-map domain %pd.", + d); +} #else static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { } + +static void __init assign_static_memory_11(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ + ASSERT_UNREACHABLE(); +} #endif /* @@ -3023,8 +3112,10 @@ static int __init construct_domU(struct domain *d, #endif if ( !dt_find_property(node, "xen,static-mem", NULL) ) allocate_memory(d, &kinfo); - else + else if ( !is_domain_direct_mapped(d) ) allocate_static_memory(d, &kinfo, node); + else + assign_static_memory_11(d, &kinfo, node); rc = prepare_dtb_domU(d, &kinfo); if ( rc < 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275002.470684 (Exim 4.92) (envelope-from ) id 1nKmse-00053Q-Nq; Thu, 17 Feb 2022 19:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275002.470684; Thu, 17 Feb 2022 19:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmse-00053E-Kh; Thu, 17 Feb 2022 19:55:56 +0000 Received: by outflank-mailman (input) for mailman id 275002; Thu, 17 Feb 2022 19:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsd-00052x-5r for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsd-0004wK-57 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmsd-00021D-4E for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RfDhXxXsBLdUwyEsuLdubapFvN5eB4aqG3zRfYTTlrc=; b=Ad7B+MCNOxeSE9ckF9BEP2PK4p FUC89Sve4Xcny5heI5jDRCq6iSNlLqqeFXOSOG2VFmfckoE2+H/Wij3rJkjYdXOY4YdTWr92bxbt9 t4gXY7bG5lAlGHukqn4e1/dF13BGTsyW7oYfXwtpGFuXf+1XxiTiRkngR+jiXRWcCbA8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: add ASSERT_UNREACHABLE in allocate_static_memory Message-Id: Date: Thu, 17 Feb 2022 19:55:55 +0000 commit 489859a33681b2921bc08e6c37763fedd2c099d5 Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:51 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: add ASSERT_UNREACHABLE in allocate_static_memory Helper allocate_static_memory is not meant to be reachable when built with !CONFIG_STATIC_MEMORY, so this commit adds ASSERT_UNREACHABLE in it to catch potential misuse. Signed-off-by: Penny Zheng Acked-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index ec29bd302c..52f256de9c 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -755,6 +755,7 @@ static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + ASSERT_UNREACHABLE(); } static void __init assign_static_memory_11(struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:56:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275005.470688 (Exim 4.92) (envelope-from ) id 1nKmso-00058R-PC; Thu, 17 Feb 2022 19:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275005.470688; Thu, 17 Feb 2022 19:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmso-00058J-MD; Thu, 17 Feb 2022 19:56:06 +0000 Received: by outflank-mailman (input) for mailman id 275005; Thu, 17 Feb 2022 19:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsn-00056n-8q for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsn-0004wh-87 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmsn-00022P-7X for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zAv1y5yM9C9FAqtNiEOAQqDkADoYbloMDbAf78LDhS8=; b=OzMpfqFN4HXh1bhCNE09b3CL7l rtNHwShULDwTEjSlxAVwxLkm9BfkU4qWyfaNy9Whg5dJuo3GCyi3kRjDDwZVRTwjOc1j+nahdf5X5 kmoZi5fRxq1H9Lgn20zjaRRWzfvdNcCc54bFz1bY5dbzOKLEBLqf3NIncQRIadYYYmfM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: if direct-map domain use native addresses for GICv2 Message-Id: Date: Thu, 17 Feb 2022 19:56:05 +0000 commit c4f2a96102526e8bc9767238653f6f487cd38403 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:52 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native addresses for GICv2 Today we use native addresses to map the GICv2 for Dom0 and fixed addresses for DomUs. This patch changes the behavior so that native addresses are used for all domains that are direct-mapped. NEW VGIC has different naming schemes, like referring distributor base address as vgic_dist_base, other than the dbase. So this patch also introduces vgic_dist_base/vgic_cpu_base accessor to access correct distributor base address/cpu interface base address on varied scenarios, Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 11 ++++++++--- xen/arch/arm/include/asm/new_vgic.h | 10 ++++++++++ xen/arch/arm/include/asm/vgic.h | 11 +++++++++++ xen/arch/arm/vgic-v2.c | 34 +++++++++++++++++++++++++++------- xen/arch/arm/vgic/vgic-v2.c | 34 +++++++++++++++++++++++++++------- 5 files changed, 83 insertions(+), 17 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 52f256de9c..87391adde6 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2273,8 +2273,13 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) int res = 0; __be32 reg[(GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * 2]; __be32 *cells; + const struct domain *d = kinfo->d; + /* Placeholder for interrupt-controller@ + a 64-bit number + \0 */ + char buf[38]; - res = fdt_begin_node(fdt, "interrupt-controller@"__stringify(GUEST_GICD_BASE)); + snprintf(buf, sizeof(buf), "interrupt-controller@%"PRIx64, + vgic_dist_base(&d->arch.vgic)); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2296,9 +2301,9 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) cells = ®[0]; dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICD_BASE, GUEST_GICD_SIZE); + vgic_dist_base(&d->arch.vgic), GUEST_GICD_SIZE); dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICC_BASE, GUEST_GICC_SIZE); + vgic_cpu_base(&d->arch.vgic), GUEST_GICC_SIZE); res = fdt_property(fdt, "reg", reg, sizeof(reg)); if (res) diff --git a/xen/arch/arm/include/asm/new_vgic.h b/xen/arch/arm/include/asm/new_vgic.h index 97d622bff6..ab57fcd91d 100644 --- a/xen/arch/arm/include/asm/new_vgic.h +++ b/xen/arch/arm/include/asm/new_vgic.h @@ -186,6 +186,16 @@ struct vgic_cpu { uint32_t num_id_bits; }; +static inline paddr_t vgic_cpu_base(const struct vgic_dist *vgic) +{ + return vgic->vgic_cpu_base; +} + +static inline paddr_t vgic_dist_base(const struct vgic_dist *vgic) +{ + return vgic->vgic_dist_base; +} + #endif /* __ASM_ARM_NEW_VGIC_H */ /* diff --git a/xen/arch/arm/include/asm/vgic.h b/xen/arch/arm/include/asm/vgic.h index ade427a808..d2a9fc7d83 100644 --- a/xen/arch/arm/include/asm/vgic.h +++ b/xen/arch/arm/include/asm/vgic.h @@ -152,6 +152,7 @@ struct vgic_dist { struct pending_irq *pending_irqs; /* Base address for guest GIC */ paddr_t dbase; /* Distributor base address */ + paddr_t cbase; /* CPU interface base address */ #ifdef CONFIG_GICV3 /* GIC V3 addressing */ /* List of contiguous occupied by the redistributors */ @@ -271,6 +272,16 @@ static inline int REG_RANK_NR(int b, uint32_t n) enum gic_sgi_mode; +static inline paddr_t vgic_cpu_base(const struct vgic_dist *vgic) +{ + return vgic->cbase; +} + +static inline paddr_t vgic_dist_base(const struct vgic_dist *vgic) +{ + return vgic->dbase; +} + /* * Offset of GICD_ with its rank, for GICD_ size with * -bits-per-interrupt. diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c index 589c033eda..b1bd7a46ad 100644 --- a/xen/arch/arm/vgic-v2.c +++ b/xen/arch/arm/vgic-v2.c @@ -654,12 +654,16 @@ static int vgic_v2_vcpu_init(struct vcpu *v) static int vgic_v2_domain_init(struct domain *d) { int ret; - paddr_t cbase, csize; + paddr_t csize; paddr_t vbase; /* - * The hardware domain gets the hardware address. - * Guests get the virtual platform layout. + * The hardware domain and direct-mapped domain both get the hardware + * address. + * We have to handle them separately because the hwdom is re-using the + * same Device-Tree as the host (see more details below). + * + * Other domains get the virtual platform layout. */ if ( is_hardware_domain(d) ) { @@ -671,10 +675,26 @@ static int vgic_v2_domain_init(struct domain *d) * Note that we assume the size of the CPU interface is always * aligned to PAGE_SIZE. */ - cbase = vgic_v2_hw.cbase; + d->arch.vgic.cbase = vgic_v2_hw.cbase; csize = vgic_v2_hw.csize; vbase = vgic_v2_hw.vbase; } + else if ( is_domain_direct_mapped(d) ) + { + /* + * For all the direct-mapped domain other than the hardware domain, + * we only map a 8kB CPU interface but we make sure it is at a + * location occupied by the physical GIC in the host device tree. + * + * We need to add an offset to the virtual CPU interface base + * address when the GIC is aliased to get a 8kB contiguous + * region. + */ + d->arch.vgic.dbase = vgic_v2_hw.dbase; + d->arch.vgic.cbase = vgic_v2_hw.cbase; + csize = GUEST_GICC_SIZE; + vbase = vgic_v2_hw.vbase + vgic_v2_hw.aliased_offset; + } else { d->arch.vgic.dbase = GUEST_GICD_BASE; @@ -685,7 +705,7 @@ static int vgic_v2_domain_init(struct domain *d) * region. */ BUILD_BUG_ON(GUEST_GICC_SIZE != SZ_8K); - cbase = GUEST_GICC_BASE; + d->arch.vgic.cbase = GUEST_GICC_BASE; csize = GUEST_GICC_SIZE; vbase = vgic_v2_hw.vbase + vgic_v2_hw.aliased_offset; } @@ -694,8 +714,8 @@ static int vgic_v2_domain_init(struct domain *d) * Map the gic virtual cpu interface in the gic cpu interface * region of the guest. */ - ret = map_mmio_regions(d, gaddr_to_gfn(cbase), csize / PAGE_SIZE, - maddr_to_mfn(vbase)); + ret = map_mmio_regions(d, gaddr_to_gfn(d->arch.vgic.cbase), + csize / PAGE_SIZE, maddr_to_mfn(vbase)); if ( ret ) return ret; diff --git a/xen/arch/arm/vgic/vgic-v2.c b/xen/arch/arm/vgic/vgic-v2.c index b5ba4ace87..1a99d3a8b4 100644 --- a/xen/arch/arm/vgic/vgic-v2.c +++ b/xen/arch/arm/vgic/vgic-v2.c @@ -258,13 +258,17 @@ void vgic_v2_enable(struct vcpu *vcpu) int vgic_v2_map_resources(struct domain *d) { struct vgic_dist *dist = &d->arch.vgic; - paddr_t cbase, csize; + paddr_t csize; paddr_t vbase; int ret; /* - * The hardware domain gets the hardware address. - * Guests get the virtual platform layout. + * The hardware domain and direct-mapped domain both get the hardware + * address. + * We have to handle them separately because the hwdom is re-using the + * same Device-Tree as the host (see more details below). + * + * Other domains get the virtual platform layout. */ if ( is_hardware_domain(d) ) { @@ -276,10 +280,26 @@ int vgic_v2_map_resources(struct domain *d) * Note that we assume the size of the CPU interface is always * aligned to PAGE_SIZE. */ - cbase = gic_v2_hw_data.cbase; + d->arch.vgic.vgic_cpu_base = gic_v2_hw_data.cbase; csize = gic_v2_hw_data.csize; vbase = gic_v2_hw_data.vbase; } + else if ( is_domain_direct_mapped(d) ) + { + d->arch.vgic.vgic_dist_base = gic_v2_hw_data.dbase; + /* + * For all the direct-mapped domain other than the hardware domain, + * we only map a 8kB CPU interface but we make sure it is at a location + * occupied by the physical GIC in the host device tree. + * + * We need to add an offset to the virtual CPU interface base + * address when the GIC is aliased to get a 8kB contiguous + * region. + */ + d->arch.vgic.vgic_cpu_base = gic_v2_hw_data.cbase; + csize = GUEST_GICC_SIZE; + vbase = gic_v2_hw_data.vbase + gic_v2_hw_data.aliased_offset; + } else { d->arch.vgic.vgic_dist_base = GUEST_GICD_BASE; @@ -290,7 +310,7 @@ int vgic_v2_map_resources(struct domain *d) * region. */ BUILD_BUG_ON(GUEST_GICC_SIZE != SZ_8K); - cbase = GUEST_GICC_BASE; + d->arch.vgic.vgic_cpu_base = GUEST_GICC_BASE; csize = GUEST_GICC_SIZE; vbase = gic_v2_hw_data.vbase + gic_v2_hw_data.aliased_offset; } @@ -308,8 +328,8 @@ int vgic_v2_map_resources(struct domain *d) * Map the gic virtual cpu interface in the gic cpu interface * region of the guest. */ - ret = map_mmio_regions(d, gaddr_to_gfn(cbase), csize / PAGE_SIZE, - maddr_to_mfn(vbase)); + ret = map_mmio_regions(d, gaddr_to_gfn(d->arch.vgic.vgic_cpu_base), + csize / PAGE_SIZE, maddr_to_mfn(vbase)); if ( ret ) { gdprintk(XENLOG_ERR, "Unable to remap VGIC CPU to VCPU\n"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:56:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:56:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275006.470692 (Exim 4.92) (envelope-from ) id 1nKmsy-0005CJ-R5; Thu, 17 Feb 2022 19:56:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275006.470692; Thu, 17 Feb 2022 19:56:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsy-0005CA-Np; Thu, 17 Feb 2022 19:56:16 +0000 Received: by outflank-mailman (input) for mailman id 275006; Thu, 17 Feb 2022 19:56:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsx-0005Ba-C3 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmsx-0004wr-BN for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmsx-000233-AW for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kXsOvK4HT+7sMhk/8ABDLUIGzd3wirM1IDkC60QXvJM=; b=k3Y69WSuGFiZXrm+4Fw6Qcadpe 9O0MEWheFeb4zAIIaG9L6cI1+6VKXDwwRJXbshcOXTfADGdNZMESiXtUuQR0dRqNByNRPA9p9Izpv MwBcfNqVOQKyBC0DP31XHraB6n13q7FNbn6eo8u3HezG/jH9ORvqVr8JV8turnAgBP0k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: gate make_gicv3_domU_node with CONFIG_GICV3 Message-Id: Date: Thu, 17 Feb 2022 19:56:15 +0000 commit ba417313232b1ca4384a4d1f74dc1c1312dac70e Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:53 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: gate make_gicv3_domU_node with CONFIG_GICV3 This commit gates function make_gicv3_domU_node with CONFIG_GICV3. Signed-off-by: Penny Zheng Acked-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 87391adde6..a01dc60b55 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2322,6 +2322,7 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) return res; } +#ifdef CONFIG_GICV3 static int __init make_gicv3_domU_node(struct kernel_info *kinfo) { void *fdt = kinfo->fdt; @@ -2371,13 +2372,16 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) return res; } +#endif static int __init make_gic_domU_node(struct kernel_info *kinfo) { switch ( kinfo->d->arch.vgic.version ) { +#ifdef CONFIG_GICV3 case GIC_V3: return make_gicv3_domU_node(kinfo); +#endif case GIC_V2: return make_gicv2_domU_node(kinfo); default: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:56:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:56:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275007.470698 (Exim 4.92) (envelope-from ) id 1nKmt7-0005FS-T6; Thu, 17 Feb 2022 19:56:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275007.470698; Thu, 17 Feb 2022 19:56:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmt7-0005FF-Pe; Thu, 17 Feb 2022 19:56:25 +0000 Received: by outflank-mailman (input) for mailman id 275007; Thu, 17 Feb 2022 19:56:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmt7-0005F8-FM for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmt7-0004xH-Eg for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmt7-00023p-Dt for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jwAalamEwAXzUJQecuc1DpZQQLL8QnCQpAI/2TLgln8=; b=YF5Au7ATv6p6YGyAUGzGC4WR2F gVQjgw1qrrYu/zgeMLfSqgreAnEyZpnXYXOiG3OtS3xnaaM5sJP+Ms7kjSINGZ4UN8F/AZGrikj6d X4X1K6LYijfd7QEWr70xnyzXRtjAoE3kb1EE/uPDKdPDK3AWJIsRpVr+LtUTc2YWVxq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: if direct-map domain use native addresses for GICv3 Message-Id: Date: Thu, 17 Feb 2022 19:56:25 +0000 commit 4809f9ec7d71bdf6fb9e952ac5730f5592c30ec7 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:54 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native addresses for GICv3 Today we use native addresses to map the GICv3 for Dom0 and fixed addresses for DomUs. This patch changes the behavior so that native addresses are used for all domain which is using the host memory layout Considering that DOM0 may not always be directly mapped in the future, this patch introduces a new helper "domain_use_host_layout()" that wraps both two check "is_domain_direct_mapped(d) || is_hardware_domain(d)" for more flexible usage. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 34 ++++++++++++++++++++++++++-------- xen/arch/arm/include/asm/domain.h | 14 ++++++++++++++ xen/arch/arm/vgic-v3.c | 30 ++++++++++++++++-------------- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index a01dc60b55..cff2cb93cc 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2327,10 +2327,16 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) { void *fdt = kinfo->fdt; int res = 0; - __be32 reg[(GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * 2]; - __be32 *cells; + __be32 *reg, *cells; + const struct domain *d = kinfo->d; + /* Placeholder for interrupt-controller@ + a 64-bit number + \0 */ + char buf[38]; + unsigned int i, len = 0; + + snprintf(buf, sizeof(buf), "interrupt-controller@%"PRIx64, + vgic_dist_base(&d->arch.vgic)); - res = fdt_begin_node(fdt, "interrupt-controller@"__stringify(GUEST_GICV3_GICD_BASE)); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2350,13 +2356,25 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) if ( res ) return res; - cells = ®[0]; - dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICV3_GICD_BASE, GUEST_GICV3_GICD_SIZE); + /* reg specifies all re-distributors and Distributor. */ + len = (GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * + (d->arch.vgic.nr_regions + 1) * sizeof(__be32); + reg = xmalloc_bytes(len); + if ( reg == NULL ) + return -ENOMEM; + cells = reg; + dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICV3_GICR0_BASE, GUEST_GICV3_GICR0_SIZE); + vgic_dist_base(&d->arch.vgic), GUEST_GICV3_GICD_SIZE); - res = fdt_property(fdt, "reg", reg, sizeof(reg)); + for ( i = 0; i < d->arch.vgic.nr_regions; i++ ) + dt_child_set_range(&cells, + GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, + d->arch.vgic.rdist_regions[i].base, + d->arch.vgic.rdist_regions[i].size); + + res = fdt_property(fdt, "reg", reg, len); + xfree(reg); if (res) return res; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index aabe942cde..c56f6e4398 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -31,6 +31,20 @@ enum domain_type { #define is_domain_direct_mapped(d) (d)->arch.directmap +/* + * Is the domain using the host memory layout? + * + * Direct-mapped domain will always have the RAM mapped with GFN == MFN. + * To avoid any trouble finding space, it is easier to force using the + * host memory layout. + * + * The hardware domain will use the host layout regardless of + * direct-mapped because some OS may rely on a specific address ranges + * for the devices. + */ +#define domain_use_host_layout(d) (is_domain_direct_mapped(d) || \ + is_hardware_domain(d)) + struct vtimer { struct vcpu *v; int irq; diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 65bb7991a6..e4ba9a6476 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -1640,14 +1640,15 @@ static inline unsigned int vgic_v3_max_rdist_count(struct domain *d) * Normally there is only one GICv3 redistributor region. * The GICv3 DT binding provisions for multiple regions, since there are * platforms out there which need those (multi-socket systems). - * For Dom0 we have to live with the MMIO layout the hardware provides, - * so we have to copy the multiple regions - as the first region may not - * provide enough space to hold all redistributors we need. - * However DomU get a constructed memory map, so we can go with - * the architected single redistributor region. + * For domain using the host memory layout, we have to live with the MMIO + * layout the hardware provides, so we have to copy the multiple regions + * - as the first region may not provide enough space to hold all + * redistributors we need. + * All the other domains will get a constructed memory map, so we can go + * with the architected single redistributor region. */ - return is_hardware_domain(d) ? vgic_v3_hw.nr_rdist_regions : - GUEST_GICV3_RDIST_REGIONS; + return domain_use_host_layout(d) ? vgic_v3_hw.nr_rdist_regions : + GUEST_GICV3_RDIST_REGIONS; } static int vgic_v3_domain_init(struct domain *d) @@ -1669,10 +1670,11 @@ static int vgic_v3_domain_init(struct domain *d) radix_tree_init(&d->arch.vgic.pend_lpi_tree); /* - * Domain 0 gets the hardware address. - * Guests get the virtual platform layout. + * For domain using the host memory layout, it gets the hardware + * address. + * Other domains get the virtual platform layout. */ - if ( is_hardware_domain(d) ) + if ( domain_use_host_layout(d) ) { unsigned int first_cpu = 0; @@ -1695,10 +1697,10 @@ static int vgic_v3_domain_init(struct domain *d) } /* - * The hardware domain may not use all the re-distributors - * regions (e.g when the number of vCPUs does not match the - * number of pCPUs). Update the number of regions to avoid - * exposing unused region as they will not get emulated. + * For domain using the host memory layout, it may not use all + * the re-distributors regions (e.g when the number of vCPUs does + * not match the number of pCPUs). Update the number of regions to + * avoid exposing unused region as they will not get emulated. */ d->arch.vgic.nr_regions = i + 1; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:56:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:56:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275008.470700 (Exim 4.92) (envelope-from ) id 1nKmtH-0005IP-Ui; Thu, 17 Feb 2022 19:56:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275008.470700; Thu, 17 Feb 2022 19:56:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtH-0005IH-Ru; Thu, 17 Feb 2022 19:56:35 +0000 Received: by outflank-mailman (input) for mailman id 275008; Thu, 17 Feb 2022 19:56:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtH-0005I9-Id for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtH-0004xU-Hr for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmtH-00024d-H9 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lu25WAJAlIgXHcCGV7o4go2qqm3FaWMiQ1gXcCV/XPM=; b=kxT32bJ9rxZIpUmcpaatOZLYv2 aEVpFsMbX3bd30A8yJrMYrskxJz+dtSpnJT5s/j4QoT2V0bYsEMANArpkRgO/omweHtm4eLAuzYSn kCsRxLAHnnkRd5bhLnf6djDrMRTOz1wbkBUzIqrVm7rW1KVboKlx6MRYiiNmySxCNg6c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: if direct-map domain use native UART address and IRQ number for vPL011 Message-Id: Date: Thu, 17 Feb 2022 19:56:35 +0000 commit 3580c8b2dfc35d70b436430cbb14f72c64c2855a Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:55 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native UART address and IRQ number for vPL011 We always use a fix address to map the vPL011 to domains. The address could be a problem for direct-map domains. So, for domains that are directly mapped, reuse the address of the physical UART on the platform to avoid potential clashes. Do the same for the virtual IRQ number: instead of always using GUEST_VPL011_SPI, try to reuse the physical SPI number if possible. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 44 +++++++++++++++++++++++----- xen/arch/arm/include/asm/vpl011.h | 2 ++ xen/arch/arm/vpl011.c | 60 ++++++++++++++++++++++++++++++++++----- 3 files changed, 92 insertions(+), 14 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index cff2cb93cc..8be01678de 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -30,6 +30,7 @@ #include #include +#include static unsigned int __initdata opt_dom0_max_vcpus; integer_param("dom0_max_vcpus", opt_dom0_max_vcpus); @@ -2415,8 +2416,12 @@ static int __init make_vpl011_uart_node(struct kernel_info *kinfo) gic_interrupt_t intr; __be32 reg[GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS]; __be32 *cells; + struct domain *d = kinfo->d; + /* Placeholder for sbsa-uart@ + a 64-bit number + \0 */ + char buf[27]; - res = fdt_begin_node(fdt, "sbsa-uart@"__stringify(GUEST_PL011_BASE)); + snprintf(buf, sizeof(buf), "sbsa-uart@%"PRIx64, d->arch.vpl011.base_addr); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2426,14 +2431,14 @@ static int __init make_vpl011_uart_node(struct kernel_info *kinfo) cells = ®[0]; dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, - GUEST_ROOT_SIZE_CELLS, GUEST_PL011_BASE, + GUEST_ROOT_SIZE_CELLS, d->arch.vpl011.base_addr, GUEST_PL011_SIZE); res = fdt_property(fdt, "reg", reg, sizeof(reg)); if ( res ) return res; - set_interrupt(intr, GUEST_VPL011_SPI, 0xf, DT_IRQ_TYPE_LEVEL_HIGH); + set_interrupt(intr, d->arch.vpl011.virq, 0xf, DT_IRQ_TYPE_LEVEL_HIGH); res = fdt_property(fdt, "interrupts", intr, sizeof (intr)); if ( res ) @@ -3145,6 +3150,14 @@ static int __init construct_domU(struct domain *d, else assign_static_memory_11(d, &kinfo, node); + /* + * Base address and irq number are needed when creating vpl011 device + * tree node in prepare_dtb_domU, so initialization on related variables + * shall be done first. + */ + if ( kinfo.vpl011 ) + rc = domain_vpl011_init(d, NULL); + rc = prepare_dtb_domU(d, &kinfo); if ( rc < 0 ) return rc; @@ -3153,9 +3166,6 @@ static int __init construct_domU(struct domain *d, if ( rc < 0 ) return rc; - if ( kinfo.vpl011 ) - rc = domain_vpl011_init(d, NULL); - return rc; } @@ -3200,15 +3210,35 @@ void __init create_domUs(void) if ( !dt_property_read_u32(node, "nr_spis", &d_cfg.arch.nr_spis) ) { + unsigned int vpl011_virq = GUEST_VPL011_SPI; + d_cfg.arch.nr_spis = gic_number_lines() - 32; + /* + * The VPL011 virq is GUEST_VPL011_SPI, unless direct-map is + * set, in which case it'll match the hardware. + * + * Since the domain is not yet created, we can't use + * d->arch.vpl011.irq. So the logic to find the vIRQ has to + * be hardcoded. + * The logic here shall be consistent with the one in + * domain_vpl011_init(). + */ + if ( flags & CDF_directmap ) + { + vpl011_virq = serial_irq(SERHND_DTUART); + if ( vpl011_virq < 0 ) + panic("Error getting IRQ number for this serial port %d\n", + SERHND_DTUART); + } + /* * vpl011 uses one emulated SPI. If vpl011 is requested, make * sure that we allocate enough SPIs for it. */ if ( dt_property_read_bool(node, "vpl011") ) d_cfg.arch.nr_spis = MAX(d_cfg.arch.nr_spis, - GUEST_VPL011_SPI - 32 + 1); + vpl011_virq - 32 + 1); } /* diff --git a/xen/arch/arm/include/asm/vpl011.h b/xen/arch/arm/include/asm/vpl011.h index e6c7ab7381..c09abcd7a9 100644 --- a/xen/arch/arm/include/asm/vpl011.h +++ b/xen/arch/arm/include/asm/vpl011.h @@ -53,6 +53,8 @@ struct vpl011 { uint32_t uarticr; /* Interrupt clear register */ uint32_t uartris; /* Raw interrupt status register */ uint32_t shadow_uartmis; /* shadow masked interrupt register */ + paddr_t base_addr; + unsigned int virq; spinlock_t lock; evtchn_port_t evtchn; }; diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c index 895f436cc4..43522d48fd 100644 --- a/xen/arch/arm/vpl011.c +++ b/xen/arch/arm/vpl011.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -71,11 +72,11 @@ static void vpl011_update_interrupt_status(struct domain *d) * status bit has been set since the last time. */ if ( uartmis & ~vpl011->shadow_uartmis ) - vgic_inject_irq(d, NULL, GUEST_VPL011_SPI, true); + vgic_inject_irq(d, NULL, vpl011->virq, true); vpl011->shadow_uartmis = uartmis; #else - vgic_inject_irq(d, NULL, GUEST_VPL011_SPI, uartmis); + vgic_inject_irq(d, NULL, vpl011->virq, uartmis); #endif } @@ -347,7 +348,8 @@ static int vpl011_mmio_read(struct vcpu *v, void *priv) { struct hsr_dabt dabt = info->dabt; - uint32_t vpl011_reg = (uint32_t)(info->gpa - GUEST_PL011_BASE); + uint32_t vpl011_reg = (uint32_t)(info->gpa - + v->domain->arch.vpl011.base_addr); struct vpl011 *vpl011 = &v->domain->arch.vpl011; struct domain *d = v->domain; unsigned long flags; @@ -430,7 +432,8 @@ static int vpl011_mmio_write(struct vcpu *v, void *priv) { struct hsr_dabt dabt = info->dabt; - uint32_t vpl011_reg = (uint32_t)(info->gpa - GUEST_PL011_BASE); + uint32_t vpl011_reg = (uint32_t)(info->gpa - + v->domain->arch.vpl011.base_addr); struct vpl011 *vpl011 = &v->domain->arch.vpl011; struct domain *d = v->domain; unsigned long flags; @@ -626,6 +629,49 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) if ( vpl011->backend.dom.ring_buf ) return -EINVAL; + /* + * The VPL011 virq is GUEST_VPL011_SPI, except for direct-map domains + * where the hardware value shall be used. + * The logic here should stay in sync with the one in + * create_domUs(). + */ + if ( is_domain_direct_mapped(d) ) + { + const struct vuart_info *uart = serial_vuart_info(SERHND_DTUART); + int vpl011_irq = serial_irq(SERHND_DTUART); + + if ( (uart != NULL) && (vpl011_irq > 0) ) + { + vpl011->base_addr = uart->base_addr; + vpl011->virq = vpl011_irq; + } + else + { + printk(XENLOG_ERR + "vpl011: Unable to re-use the Xen UART information.\n"); + return -EINVAL; + } + + /* + * Since the PL011 we emulate for the guest requires a 4KB region, + * and on some Hardware (e.g. on some sunxi SoC), the UART MMIO + * region is less than 4KB, in which case, there may exist multiple + * devices within the same 4KB region, here adds the following check to + * prevent potential known pitfalls + */ + if ( uart->size < GUEST_PL011_SIZE ) + { + printk(XENLOG_ERR + "vpl011: Can't re-use the Xen UART MMIO region as it is too small.\n"); + return -EINVAL; + } + } + else + { + vpl011->base_addr = GUEST_PL011_BASE; + vpl011->virq = GUEST_VPL011_SPI; + } + /* * info is NULL when the backend is in Xen. * info is != NULL when the backend is in a domain. @@ -661,7 +707,7 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) } } - rc = vgic_reserve_virq(d, GUEST_VPL011_SPI); + rc = vgic_reserve_virq(d, vpl011->virq); if ( !rc ) { rc = -EINVAL; @@ -673,12 +719,12 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) spin_lock_init(&vpl011->lock); register_mmio_handler(d, &vpl011_mmio_handler, - GUEST_PL011_BASE, GUEST_PL011_SIZE, NULL); + vpl011->base_addr, GUEST_PL011_SIZE, NULL); return 0; out2: - vgic_free_virq(d, GUEST_VPL011_SPI); + vgic_free_virq(d, vpl011->virq); out1: if ( vpl011->backend_in_domain ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 17 19:56:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Feb 2022 19:56:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275009.470703 (Exim 4.92) (envelope-from ) id 1nKmtT-0005Lt-1S; Thu, 17 Feb 2022 19:56:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275009.470703; Thu, 17 Feb 2022 19:56:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtS-0005Ll-Un; Thu, 17 Feb 2022 19:56:46 +0000 Received: by outflank-mailman (input) for mailman id 275009; Thu, 17 Feb 2022 19:56:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtR-0005LZ-Lc for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKmtR-0004xh-Kr for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKmtR-00025Q-K4 for xen-changelog@lists.xenproject.org; Thu, 17 Feb 2022 19:56:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W41sP8r+O886trncTaTQcrrXRDa0cPsliSA/omtbEig=; b=j0SZL3eqnefCyddICUVxW9xa5m FHI6gzQgJFs5sqS55YOGZRd8LEVP8fJbVhJs/fBj8UM8J3nf9BnFTMbkWmSEWxKfu1dTY5jVbLxL8 XWmJcaYODxOwTHzS4ZWxb1fis3qZnX5cb4FPAiaEaTsmBrGLllV2VlPFKorT1q3ACxlQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/docs: Document how to do passthrough without IOMMU Message-Id: Date: Thu, 17 Feb 2022 19:56:45 +0000 commit 4ec51e87804bd9aad0d0b8e5dadb987b54c5adeb Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:56 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/docs: Document how to do passthrough without IOMMU This commit creates a new doc to document how to do passthrough without IOMMU. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Acked-by: Julien Grall Tested-by: Stefano Stabellini --- docs/misc/arm/passthrough-noiommu.txt | 52 +++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/docs/misc/arm/passthrough-noiommu.txt b/docs/misc/arm/passthrough-noiommu.txt new file mode 100644 index 0000000000..3e2ef21ad7 --- /dev/null +++ b/docs/misc/arm/passthrough-noiommu.txt @@ -0,0 +1,52 @@ +Request Device Assignment without IOMMU support +=============================================== + +*WARNING: +Users should be aware that it is not always secure to assign a device without +IOMMU protection. +When the device is not protected by the IOMMU, the administrator should make +sure that: + 1. The device is assigned to a trusted guest. + 2. Users have additional security mechanism on the platform. + +This document assumes that the IOMMU is absent from the system or it is +disabled (status = "disabled" in device tree). + +Add xen,force-assign-without-iommu; to the device tree snippet: + +ethernet: ethernet@ff0e0000 { + compatible = "cdns,zynqmp-gem"; + xen,path = "/amba/ethernet@ff0e0000"; + xen,reg = <0x0 0xff0e0000 0x1000 0x0 0xff0e0000>; + xen,force-assign-without-iommu; +}; + +Request 1:1 memory mapping for the domain on static allocation +============================================================== + +Add a direct-map property under the appropriate /chosen/domU node which +is also statically allocated with physical memory ranges through +xen,static-mem property as its guest RAM. + +Below is an example on how to specify the 1:1 memory mapping for the domain +on static allocation in the device-tree: + +/ { + chosen { + domU1 { + compatible = "xen,domain"; + #address-cells = <0x2>; + #size-cells = <0x2>; + cpus = <2>; + memory = <0x0 0x80000>; + #xen,static-mem-address-cells = <0x1>; + #xen,static-mem-size-cells = <0x1>; + xen,static-mem = <0x30000000 0x20000000>; + direct-map; + ... + }; + }; +}; + +Besides reserving a 512MB region starting at the host physical address +0x30000000 to DomU1, it also requests 1:1 memory mapping. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275168.470889 (Exim 4.92) (envelope-from ) id 1nKyM6-0001Jr-73; Fri, 18 Feb 2022 08:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275168.470889; Fri, 18 Feb 2022 08:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyM6-0001Ji-44; Fri, 18 Feb 2022 08:11:06 +0000 Received: by outflank-mailman (input) for mailman id 275168; Fri, 18 Feb 2022 08:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyM4-0001JX-FG for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyM4-0004ja-CG for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyM4-0006kX-Af for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EdZQM59GIDP9Md8mMf88pU55tzCGmnNRsLBTVby2fZM=; b=MVre41DfqhY3WGJ8xKStihLOsC x4+kgGtRQGNqQgPhDoa6TxgbU+IA2HLO6kg3rP29vO6Ym9zrJS3cUQwaRV8qQiuUButDv53SHBsHZ UHoka5yoiku6dp4ROxeo9IN9e7cSfDoD6cOyvB+WWL1+oo3jP9CsmjfVdi9HmtrtfADk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile Message-Id: Date: Fri, 18 Feb 2022 08:11:04 +0000 commit 8fd1aeb8f486523af218632b19cac7519d923f45 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:57:03 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:57:03 2022 +0100 build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile This is to avoid arch/$arch/Makefile having to recurse into parents directories. This avoid duplication of the logic to build prelink.o between arches. In order to do that, we cut the $(TARGET) target in the main Makefile in two, there is a "prepare" phase/target runned before starting to build "prelink.o" which will prepare "include/" among other things, then all the $(ALL_OBJS) will be generated in order to build "prelink.o" and finally $(TARGET) will be generated by calling into "arch/*/" to make $(TARGET). Now we don't need to prefix $(ALL_OBJS) with $(BASEDIR) as it is now only used from the main Makefile. Other changes is to use "$<" instead of spelling "prelink.o" in the target "$(TARGET)" in both arch/*/Makefile. Beside "prelink.o" been at a different location, no other functional change intended. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 12 +++++++++++- xen/Rules.mk | 13 ------------- xen/arch/arm/Makefile | 31 ++++--------------------------- xen/arch/arm/Rules.mk | 4 ++++ xen/arch/arm/arch.mk | 2 ++ xen/arch/x86/Makefile | 29 ++++++----------------------- xen/arch/x86/arch.mk | 2 ++ xen/build.mk | 18 ++++++++++++++++++ 8 files changed, 47 insertions(+), 64 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index fb37043d08..0dc44ddd27 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -285,6 +285,16 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +# Note that link order matters! +ALL_OBJS-y := common/built_in.o +ALL_OBJS-y += drivers/built_in.o +ALL_OBJS-y += lib/built_in.o +ALL_OBJS-y += xsm/built_in.o +ALL_OBJS-y += arch/$(TARGET_ARCH)/built_in.o +ALL_OBJS-$(CONFIG_CRYPTO) += crypto/built_in.o + +ALL_LIBS-y := lib/lib.a + include $(BASEDIR)/arch/$(TARGET_ARCH)/arch.mk # define new variables to avoid the ones defined in Config.mk @@ -407,7 +417,7 @@ $(TARGET): FORCE $(MAKE) -f $(BASEDIR)/Rules.mk -C include $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) include $(MAKE) -f $(BASEDIR)/Rules.mk arch/$(TARGET_ARCH)/include/asm/asm-offsets.h - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) MKRELOC=$(MKRELOC) $@ + $(MAKE) -f $(BASEDIR)/Rules.mk MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ SUBDIRS = xsm arch/$(TARGET_ARCH) common drivers lib test define all_sources diff --git a/xen/Rules.mk b/xen/Rules.mk index 7b8b9047cf..77d359beda 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -8,25 +8,12 @@ include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include -# Note that link order matters! -ALL_OBJS-y += $(BASEDIR)/common/built_in.o -ALL_OBJS-y += $(BASEDIR)/drivers/built_in.o -ALL_OBJS-y += $(BASEDIR)/lib/built_in.o -ALL_OBJS-y += $(BASEDIR)/xsm/built_in.o -ALL_OBJS-y += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o -ALL_OBJS-$(CONFIG_CRYPTO) += $(BASEDIR)/crypto/built_in.o - -ALL_LIBS-y := $(BASEDIR)/lib/lib.a - # Initialise some variables lib-y := targets := CFLAGS-y := AFLAGS-y := -ALL_OBJS := $(ALL_OBJS-y) -ALL_LIBS := $(ALL_LIBS-y) - SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach w,1 2 4, \ rodata.str$(w).$(a)) \ diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index d0dee10102..1495227577 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -75,14 +75,6 @@ ifneq ($(CONFIG_DTB_FILE),"") obj-y += dtb.o endif -ALL_OBJS := $(TARGET_SUBARCH)/head.o $(ALL_OBJS) - -# head.o is built by descending into the sub-directory, depends on the part of -# $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and build -# head.o -$(TARGET_SUBARCH)/head.o: $(BASEDIR)/arch/arm/built_in.o -$(TARGET_SUBARCH)/head.o: ; - ifdef CONFIG_LIVEPATCH all_symbols = --all-symbols ifdef CONFIG_FAST_SYMBOL_LOOKUP @@ -98,33 +90,18 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -ifeq ($(CONFIG_LTO),y) -# Gather all LTO objects together -prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) - $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group - -# Link it with all the binary objects -prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o - $(call if_changed,ld) -else -prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE - $(call if_changed,ld) -endif - -targets += prelink.o - -$(TARGET)-syms: prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o \ +$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ diff --git a/xen/arch/arm/Rules.mk b/xen/arch/arm/Rules.mk index e69de29bb2..c6463a433e 100644 --- a/xen/arch/arm/Rules.mk +++ b/xen/arch/arm/Rules.mk @@ -0,0 +1,4 @@ +# head.o is built by descending into arch/arm/$(TARGET_SUBARCH), depends on the +# part of $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and +# build head.o +arch/arm/$(TARGET_SUBARCH)/head.o: arch/arm/built_in.o ; diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index c3ac443b37..ba3f140e2e 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -26,3 +26,5 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) LDFLAGS += --fix-cortex-a53-843419 endif endif + +ALL_OBJS-y := arch/arm/$(TARGET_SUBARCH)/head.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9fc884813c..a830b5791e 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -123,37 +123,20 @@ $(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -ALL_OBJS := $(BASEDIR)/arch/x86/boot/built_in.o $(BASEDIR)/arch/x86/efi/built_in.o $(ALL_OBJS) - -ifeq ($(CONFIG_LTO),y) -# Gather all LTO objects together -prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) - $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group - -# Link it with all the binary objects -prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o FORCE - $(call if_changed,ld) -else -prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE - $(call if_changed,ld) -endif - -targets += prelink.o - -$(TARGET)-syms: prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ +$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ @@ -206,7 +189,7 @@ note_file_option ?= $(note_file) ifeq ($(XEN_BUILD_PE),y) extra-y += efi.lds -$(TARGET).efi: prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc +$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif @@ -235,7 +218,7 @@ $(TARGET).efi: FORCE echo '$(if $(filter y,$(XEN_BUILD_EFI)),xen.efi generation,EFI support) disabled' endif -efi/buildid.o efi/relocs-dummy.o: $(BASEDIR)/arch/x86/efi/built_in.o +# These should already have been rebuilt when building the prerequisite of "prelink.o" efi/buildid.o efi/relocs-dummy.o: ; .PHONY: include diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index fa7cf38443..bfd5eaa35f 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -104,3 +104,5 @@ endif # Set up the assembler include path properly for older toolchains. CFLAGS += -Wa,-I$(BASEDIR)/include + +ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/build.mk b/xen/build.mk index 3d7a91df22..af1b283113 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -59,3 +59,21 @@ arch/$(TARGET_ARCH)/include/asm/asm-offsets.h: asm-offsets.s sed -rne "/^[^#].*==>/{s:.*==>(.*)<==.*:\1:; s: [\$$#]: :; p;}"; \ echo ""; \ echo "#endif") <$< >$@ + +ifeq ($(CONFIG_LTO),y) +# Gather all LTO objects together +prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) + $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group + +# Link it with all the binary objects +prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o FORCE + $(call if_changed,ld) +else +prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE + $(call if_changed,ld) +endif + +targets += prelink.o + +$(TARGET): prelink.o FORCE + $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) $@ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275169.470894 (Exim 4.92) (envelope-from ) id 1nKyMG-0001M1-9H; Fri, 18 Feb 2022 08:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275169.470894; Fri, 18 Feb 2022 08:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMG-0001Lt-5d; Fri, 18 Feb 2022 08:11:16 +0000 Received: by outflank-mailman (input) for mailman id 275169; Fri, 18 Feb 2022 08:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyME-0001Lh-GR for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyME-0004je-Fc for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyME-0006lA-Ej for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9bAImL2zQVJ/Aj1HbJAUYprGtrpfU2zPtwYC3iN7clc=; b=ydZXkgT0HemUtZL4TOUK+tGwdp OhO0ekkQqEbdBlKL0+8XrETqHHpXvd9d1dxMq10DgcWRKwYrzH/v0zIw5tKJLFcXXHL9VWnQE2oap tHvdG/Sm014GjY5IHGLps9/+aSs1snrZdFG+u84BkEB4I5NhMdMRyl3QRh7S/oiADDqI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: prepare to always invoke $(MAKE) from xen/, use $(obj) Message-Id: Date: Fri, 18 Feb 2022 08:11:14 +0000 commit 14b9b35b4ea35835309d4a0d5a59cc3cbd7fdb82 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:58:01 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:58:01 2022 +0100 build: prepare to always invoke $(MAKE) from xen/, use $(obj) In a future patch, when building a subdirectory, we will set "obj=$subdir" rather than change directory. Before that, we add "$(obj)" and "$(src)" in as many places as possible where we will need to know which subdirectory is been built. "$(obj)" is for files been generated during the build, and "$(src)" is for files present in the source tree. For now, we set both to "." in Rules.mk and Makefile.clean. A few places don't tolerate the addition of "./", this is because make remove the leading "./" in targets and dependencies in rules, so these will be change later. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Reviewed-by: Daniel P. Smith # XSM --- xen/Rules.mk | 5 +++- xen/arch/arm/Makefile | 14 +++++----- xen/arch/x86/Makefile | 48 ++++++++++++++++----------------- xen/arch/x86/boot/Makefile | 14 +++++----- xen/arch/x86/efi/Makefile | 6 ++--- xen/common/Makefile | 8 +++--- xen/common/libelf/Makefile | 4 +-- xen/common/libfdt/Makefile | 6 ++--- xen/include/Makefile | 44 +++++++++++++++--------------- xen/scripts/Makefile.clean | 5 +++- xen/xsm/flask/Makefile | 36 ++++++++++++------------- xen/xsm/flask/policy/mkaccess_vector.sh | 7 +++-- 12 files changed, 103 insertions(+), 94 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 77d359beda..60d1d6c4f5 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -3,6 +3,9 @@ # Makefile and are consumed by Rules.mk # +obj := . +src := $(obj) + -include $(BASEDIR)/include/config/auto.conf include $(XEN_ROOT)/Config.mk @@ -21,7 +24,7 @@ SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach r,rel rel.ro,data.$(r).local) # The filename build.mk has precedence over Makefile -include $(firstword $(wildcard build.mk) Makefile) +include $(firstword $(wildcard $(src)/build.mk) $(src)/Makefile) # Linking # --------------------------------------------------------------------------- diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 1495227577..c993ce72a3 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -90,18 +90,18 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ +$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ @@ -111,13 +111,13 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds .PHONY: include include: -xen.lds: xen.lds.S FORCE +$(obj)/xen.lds: $(src)/xen.lds.S FORCE $(call if_changed,cpp_lds_S) -dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) +$(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) .PHONY: clean clean:: - rm -f xen.lds + rm -f $(obj)/xen.lds rm -f $(BASEDIR)/.xen-syms.[0-9]* rm -f $(TARGET).efi diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index a830b5791e..db97ae8c07 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -81,7 +81,7 @@ extra-y += asm-macros.i extra-y += xen.lds ifneq ($(CONFIG_HVM),y) -x86_emulate.o: CFLAGS-y += -Wno-unused-label +$(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ @@ -112,8 +112,8 @@ syms-warn-dup-$(CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS) := syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) := --error-dup $(TARGET): TMP = $(@D)/.$(@F).elf32 -$(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 - ./boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ +$(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 + $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ `$(NM) $(TARGET)-syms | sed -ne 's/^\([^ ]*\) . __2M_rwdata_end$$/0x\1/p'` od -t x4 -N 8192 $(TMP) | grep 1badb002 > /dev/null || \ { echo "No Multiboot1 header found" >&2; false; } @@ -123,27 +123,27 @@ $(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ +$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* -note.o: $(TARGET)-syms +$(obj)/note.o: $(TARGET)-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 \ --rename-section=.data=.note.gnu.build-id -S $@.bin $@ @@ -162,25 +162,25 @@ ifdef SOURCE_DATE_EPOCH EFI_LDFLAGS += --no-insert-timestamp endif -$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') +$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) $(obj)/efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') ifeq ($(MKRELOC),:) relocs-dummy := $(TARGET).efi: ALT_BASE := else -relocs-dummy := efi/relocs-dummy.o -$(TARGET).efi: ALT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A ALT_START$$,,p') +relocs-dummy := $(obj)/efi/relocs-dummy.o +$(TARGET).efi: ALT_BASE = 0x$(shell $(NM) $(obj)/efi/relocs-dummy.o | sed -n 's, A ALT_START$$,,p') endif ifneq ($(build_id_linker),) ifeq ($(call ld-ver-build-id,$(LD) $(filter -m%,$(EFI_LDFLAGS))),y) CFLAGS-y += -DBUILD_ID_EFI EFI_LDFLAGS += $(build_id_linker) -note_file := efi/buildid.o +note_file := $(obj)/efi/buildid.o # NB: this must be the last input in the linker call, because inputs following # the -b option will all be treated as being in the specified format. note_file_option := -b pe-x86-64 $(note_file) else -note_file := note.o +note_file := $(obj)/note.o endif else note_file := @@ -189,25 +189,25 @@ note_file_option ?= $(note_file) ifeq ($(XEN_BUILD_PE),y) extra-y += efi.lds -$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc +$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ - $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< $(relocs-dummy) \ + $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< $(relocs-dummy) \ $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ - $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ + $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o - $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ + $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map @@ -219,14 +219,14 @@ $(TARGET).efi: FORCE endif # These should already have been rebuilt when building the prerequisite of "prelink.o" -efi/buildid.o efi/relocs-dummy.o: ; +$(obj)/efi/buildid.o $(obj)/efi/relocs-dummy.o: ; .PHONY: include include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h -asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P +$(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P -$(BASEDIR)/arch/x86/include/asm/asm-macros.h: asm-macros.i Makefile +$(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile echo '#if 0' >$@.new echo '.if 0' >>$@.new echo '#endif' >>$@.new @@ -240,14 +240,14 @@ $(BASEDIR)/arch/x86/include/asm/asm-macros.h: asm-macros.i Makefile echo '#endif' >>$@.new $(call move-if-changed,$@.new,$@) -efi.lds: AFLAGS-y += -DEFI -xen.lds efi.lds: xen.lds.S FORCE +$(obj)/efi.lds: AFLAGS-y += -DEFI +$(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE $(call if_changed,cpp_lds_S) -boot/mkelf32: boot/mkelf32.c +$(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< -efi/mkreloc: efi/mkreloc.c +$(obj)/efi/mkreloc: $(src)/efi/mkreloc.c $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< .PHONY: clean diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d2eb277d42..0aec8a4643 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,8 +1,8 @@ obj-bin-y += head.o -DEFS_H_DEPS = defs.h $(BASEDIR)/include/xen/stdbool.h +DEFS_H_DEPS = $(src)/defs.h $(BASEDIR)/include/xen/stdbool.h -CMDLINE_DEPS = $(DEFS_H_DEPS) video.h \ +CMDLINE_DEPS = $(DEFS_H_DEPS) $(src)/video.h \ $(BASEDIR)/include/xen/kconfig.h \ $(BASEDIR)/include/generated/autoconf.h @@ -14,10 +14,10 @@ RELOC_DEPS = $(DEFS_H_DEPS) \ $(BASEDIR)/include/xen/const.h \ $(BASEDIR)/include/public/arch-x86/hvm/start_info.h -head.o: cmdline.S reloc.S +$(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S -cmdline.S: cmdline.c $(CMDLINE_DEPS) build32.lds - $(MAKE) -f build32.mk $@ CMDLINE_DEPS="$(CMDLINE_DEPS)" +$(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds + $(MAKE) -f build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" -reloc.S: reloc.c $(RELOC_DEPS) build32.lds - $(MAKE) -f build32.mk $@ RELOC_DEPS="$(RELOC_DEPS)" +$(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds + $(MAKE) -f build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index abae493bf3..e08b4d8e48 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -3,16 +3,16 @@ CFLAGS-y += -fshort-wchar quiet_cmd_objcopy_o_ihex = OBJCOPY $@ cmd_objcopy_o_ihex = $(OBJCOPY) -I ihex -O binary $< $@ -%.o: %.ihex FORCE +$(obj)/%.o: $(src)/%.ihex FORCE $(call if_changed,objcopy_o_ihex) -boot.init.o: buildid.o +$(obj)/boot.init.o: $(obj)/buildid.o EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o EFIOBJ-$(CONFIG_COMPAT) += compat.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ-y): CFLAGS_stack_boundary := $(cflags-stack-boundary) +$(addprefix $(obj)/,$(EFIOBJ-y)): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ-y)) diff --git a/xen/common/Makefile b/xen/common/Makefile index 141d7d40d3..ca839118e4 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -75,13 +75,13 @@ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(BASEDIR)/)$(KCONFIG_CONFIG) -config.gz: $(CONF_FILE) +$(obj)/config.gz: $(CONF_FILE) gzip -n -c $< >$@ -config_data.o: config.gz +$(obj)/config_data.o: $(obj)/config.gz -config_data.S: $(BASEDIR)/tools/binfile FORCE - $(call if_changed,binfile,config.gz xen_config_data) +$(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE + $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S clean:: diff --git a/xen/common/libelf/Makefile b/xen/common/libelf/Makefile index a92326c982..8a4522e4e1 100644 --- a/xen/common/libelf/Makefile +++ b/xen/common/libelf/Makefile @@ -7,10 +7,10 @@ OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) CFLAGS-y += -Wno-pointer-sign -libelf.o: libelf-temp.o FORCE +$(obj)/libelf.o: $(obj)/libelf-temp.o FORCE $(call if_changed,objcopy) -libelf-temp.o: $(libelf-objs) FORCE +$(obj)/libelf-temp.o: $(addprefix $(obj)/,$(libelf-objs)) FORCE $(call if_changed,ld) extra-y += libelf-temp.o $(libelf-objs) diff --git a/xen/common/libfdt/Makefile b/xen/common/libfdt/Makefile index 6bd207cf8f..6708af12e5 100644 --- a/xen/common/libfdt/Makefile +++ b/xen/common/libfdt/Makefile @@ -1,4 +1,4 @@ -include Makefile.libfdt +include $(src)/Makefile.libfdt SECTIONS := text data $(SPECIAL_DATA_SECTIONS) OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) @@ -8,10 +8,10 @@ nocov-y += libfdt.o CFLAGS-y += -I$(BASEDIR)/include/xen/libfdt/ -libfdt.o: libfdt-temp.o FORCE +$(obj)/libfdt.o: $(obj)/libfdt-temp.o FORCE $(call if_changed,objcopy) -libfdt-temp.o: $(LIBFDT_OBJS) FORCE +$(obj)/libfdt-temp.o: $(addprefix $(obj)/,$(LIBFDT_OBJS)) FORCE $(call if_changed,ld) extra-y += libfdt-temp.o $(LIBFDT_OBJS) diff --git a/xen/include/Makefile b/xen/include/Makefile index 95daa8a289..d2f5a956a1 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -39,57 +39,57 @@ cppflags-$(CONFIG_X86) += -m32 endif -public-$(CONFIG_X86) := $(wildcard public/arch-x86/*.h public/arch-x86/*/*.h) -public-$(CONFIG_ARM) := $(wildcard public/arch-arm/*.h public/arch-arm/*/*.h) +public-$(CONFIG_X86) := $(wildcard $(src)/public/arch-x86/*.h $(src)/public/arch-x86/*/*.h) +public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch-arm/*/*.h) .PHONY: all -all: $(headers-y) +all: $(addprefix $(obj)/,$(headers-y)) -compat/%.h: compat/%.i Makefile $(BASEDIR)/tools/compat-build-header.py - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $@ >>$@.new; \ +$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(BASEDIR)/tools/compat-build-header.py + $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ -compat/%.i: compat/%.c Makefile +$(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -compat/%.c: public/%.h xlat.lst Makefile $(BASEDIR)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(BASEDIR)/tools/compat-build-source.py mkdir -p $(@D) - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py xlat.lst <$< >$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-source.py $(src)/xlat.lst <$< >$@.new mv -f $@.new $@ -compat/.xlat/%.h: compat/%.h compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh $(src)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ done <$(patsubst compat/%,compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ -.PRECIOUS: compat/.xlat/%.lst -compat/.xlat/%.lst: xlat.lst Makefile +.PRECIOUS: $(obj)/compat/.xlat/%.lst +$(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile mkdir -p $(@D) grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) -xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' xlat.lst | uniq) +xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(src)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) -compat/xlat.h: $(addprefix compat/.xlat/,$(xlat-y)) config/auto.conf Makefile +$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile cat $(filter %.h,$^) >$@.new mv -f $@.new $@ ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) -all: headers.chk headers99.chk headers++.chk +all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk -PUBLIC_HEADERS := $(filter-out public/arch-% public/dom0_ops.h, $(wildcard public/*.h public/*/*.h) $(public-y)) +PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $(wildcard $(src)/public/*.h $(src)/public/*/*.h) $(public-y)) -PUBLIC_C99_HEADERS := public/io/9pfs.h public/io/pvcalls.h -PUBLIC_ANSI_HEADERS := $(filter-out public/%ctl.h public/xsm/% public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) +PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h +PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) public/io/9pfs.h-prereq := string public/io/pvcalls.h-prereq := string -headers.chk: $(PUBLIC_ANSI_HEADERS) Makefile +$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile for i in $(filter %.h,$^); do \ $(CC) -x c -ansi -Wall -Werror -include stdint.h \ -S -o /dev/null $$i || exit 1; \ @@ -97,7 +97,7 @@ headers.chk: $(PUBLIC_ANSI_HEADERS) Makefile done >$@.new mv $@.new $@ -headers99.chk: $(PUBLIC_C99_HEADERS) Makefile +$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile rm -f $@.new $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ @@ -107,7 +107,7 @@ headers99.chk: $(PUBLIC_C99_HEADERS) Makefile || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ -headers++.chk: $(PUBLIC_HEADERS) Makefile +$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(src)/Makefile rm -f $@.new if ! $(CXX) -v >/dev/null 2>&1; then \ touch $@.new; \ @@ -116,7 +116,7 @@ headers++.chk: $(PUBLIC_HEADERS) Makefile $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ | $(CXX) -x c++ -std=gnu++98 -Wall -Werror -D__XEN_TOOLS__ \ - -include stdint.h -include public/xen.h \ + -include stdint.h -include $(src)/public/xen.h \ $(foreach j, $($(i)-prereq), -include c$(j)) -S -o /dev/null - \ || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ @@ -126,7 +126,7 @@ endif ifeq ($(XEN_TARGET_ARCH),x86_64) .PHONY: lib-x86-all lib-x86-all: - $(MAKE) -C xen/lib/x86 all + $(MAKE) -C $(obj)/xen/lib/x86 all all: lib-x86-all endif diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 8582ec35e4..c3b0681611 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -3,11 +3,14 @@ # Cleaning up # ========================================================================== +obj := . +src := $(obj) + clean:: include $(BASEDIR)/scripts/Kbuild.include -include Makefile +include $(src)/Makefile # Figure out what we need to clean from the various variables # ========================================================================== diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 11c530dcf4..51fd37f6c4 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -4,46 +4,46 @@ obj-y += flask_op.o obj-y += ss/ -CFLAGS-y += -I./include +CFLAGS-y += -I$(obj)/include AWK = awk -FLASK_H_DEPEND = policy/security_classes policy/initial_sids -AV_H_DEPEND = policy/access_vectors +FLASK_H_DEPEND := $(addprefix $(src)/policy/,security_classes initial_sids) +AV_H_DEPEND = $(src)/policy/access_vectors -FLASK_H_FILES = include/flask.h include/class_to_string.h include/initial_sid_to_string.h -AV_H_FILES = include/av_perm_to_string.h include/av_permissions.h -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) +FLASK_H_FILES := flask.h class_to_string.h initial_sid_to_string.h +AV_H_FILES := av_perm_to_string.h av_permissions.h +ALL_H_FILES := $(addprefix include/,$(FLASK_H_FILES) $(AV_H_FILES)) -$(obj-y) ss/built_in.o: $(ALL_H_FILES) +$(addprefix $(obj)/,$(obj-y)) $(obj)/ss/built_in.o: $(addprefix $(obj)/,$(ALL_H_FILES)) extra-y += $(ALL_H_FILES) -mkflask := policy/mkflask.sh +mkflask := $(src)/policy/mkflask.sh quiet_cmd_mkflask = MKFLASK $@ -cmd_mkflask = $(SHELL) $(mkflask) $(AWK) include $(FLASK_H_DEPEND) +cmd_mkflask = $(SHELL) $(mkflask) $(AWK) $(obj)/include $(FLASK_H_DEPEND) -$(subst include/,%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE +$(addprefix $(obj)/%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE $(call if_changed,mkflask) -mkaccess := policy/mkaccess_vector.sh +mkaccess := $(src)/policy/mkaccess_vector.sh quiet_cmd_mkaccess = MKACCESS VECTOR $@ -cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(AV_H_DEPEND) +cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(obj)/include $(AV_H_DEPEND) -$(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE +$(addprefix $(obj)/%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE $(call if_changed,mkaccess) obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o -flask-policy.o: policy.bin +$(obj)/flask-policy.o: $(obj)/policy.bin -flask-policy.S: BINFILE_FLAGS := -i -flask-policy.S: $(BASEDIR)/tools/binfile FORCE - $(call if_changed,binfile,policy.bin xsm_flask_init_policy) +$(obj)/flask-policy.S: BINFILE_FLAGS := -i +$(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE + $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S FLASK_BUILD_DIR := $(CURDIR) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) -policy.bin: FORCE +$(obj)/policy.bin: FORCE $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common \ -C $(XEN_ROOT)/tools/flask/policy \ FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) diff --git a/xen/xsm/flask/policy/mkaccess_vector.sh b/xen/xsm/flask/policy/mkaccess_vector.sh index 942ede4713..ad9772193b 100755 --- a/xen/xsm/flask/policy/mkaccess_vector.sh +++ b/xen/xsm/flask/policy/mkaccess_vector.sh @@ -8,9 +8,12 @@ set -e awk=$1 shift +output_dir=$1 +shift + # output files -av_permissions="include/av_permissions.h" -av_perm_to_string="include/av_perm_to_string.h" +av_permissions="$output_dir/av_permissions.h" +av_perm_to_string="$output_dir/av_perm_to_string.h" cat $* | $awk " BEGIN { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275170.470898 (Exim 4.92) (envelope-from ) id 1nKyMP-0001Op-C9; Fri, 18 Feb 2022 08:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275170.470898; Fri, 18 Feb 2022 08:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMP-0001Od-8b; Fri, 18 Feb 2022 08:11:25 +0000 Received: by outflank-mailman (input) for mailman id 275170; Fri, 18 Feb 2022 08:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMO-0001OR-JR for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMO-0004jv-Ij for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyMO-0006m6-Hh for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mvqbK3bqZHEItfzKIVXZw16bjN4JHMIXyuv+yzJtvvE=; b=4J1cN2UbTcxz8Db+CZ0eAzJS0l ZcLvDl0fGXDfWrSUiBHQxTndFELBoVRvhLTkOoMsGCi5SRG4/3Q3oKN1bCsE+XJHbcdXeCupVilz3 d7IJqYpwusmsJrxEfuh0IZvvJpUQLAZ/XdSEFG/jfht7jrXTIG32clnueze0JzZmVVm4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework cloc recipe Message-Id: Date: Fri, 18 Feb 2022 08:11:24 +0000 commit 83a0353f49373c58fb92fc74626d7ab13c0399a3 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:58:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:58:52 2022 +0100 build: rework cloc recipe We are going to make other modifications to the cloc recipe, so this patch prepare make those modification easier. We replace the Makefile meta programming by just a shell script which should be easier to read and is actually faster to execute. Instead of looking for files in "$(BASEDIR)", we use "." which is give the same result overall. We also avoid the need for a temporary file as cloc can read the list of files from stdin. No change intended to the output of `cloc`. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 0dc44ddd27..6e4ea200aa 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -473,14 +473,12 @@ _MAP: .PHONY: cloc cloc: - $(eval tmpfile := $(shell mktemp)) - $(foreach f, $(shell find $(BASEDIR) -name *.o.d), \ - $(eval path := $(dir $(f))) \ - $(eval names := $(shell grep -o "[a-zA-Z0-9_/-]*\.[cS]" $(f))) \ - $(foreach sf, $(names), \ - $(shell if test -f $(path)/$(sf) ; then echo $(path)/$(sf) >> $(tmpfile); fi;))) - cloc --list-file=$(tmpfile) - rm $(tmpfile) + find . -name '*.o.d' | while read f; do \ + for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ + sf="$$(dirname $$f)/$$sf"; \ + test -f "$$sf" && echo "$$sf"; \ + done; \ + done | cloc --list-file=- endif #config-build -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:11:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275171.470902 (Exim 4.92) (envelope-from ) id 1nKyMZ-0001SD-DI; Fri, 18 Feb 2022 08:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275171.470902; Fri, 18 Feb 2022 08:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMZ-0001S3-AB; Fri, 18 Feb 2022 08:11:35 +0000 Received: by outflank-mailman (input) for mailman id 275171; Fri, 18 Feb 2022 08:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMY-0001Rw-MY for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMY-0004kO-Lh for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyMY-0006mg-Ki for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eBHXfVXbZYzg1cXQ373P9i8mcuphNa1L5seb/0RD+G0=; b=gMz+3FXVQHBD/5tsDSGAKZ2ahr KV0bxGGPNe216IgNQAZHQ8a4ImetkkxnwtDBvG4j7oMoPSSxDddrDSmVLdV8FJBDQxaQWtBXtv5pz weyin35vhbt00NaGh1huixjnSdkH/WCLbAORlBCFIr9hoQcmL9KJEI5b96MBSENRbOaU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: fix enforce unique symbols for recent clang version Message-Id: Date: Fri, 18 Feb 2022 08:11:34 +0000 commit 035ab75d8e37b63729886d7cb760b085ffde9977 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:59:03 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:59:03 2022 +0100 build: fix enforce unique symbols for recent clang version clang 6.0 and newer behave like gcc in regards for the FILE symbol, so only the filename rather than the full path to the source file. clang 3.8.1-24 (in our debian:stretch container) and 3.5.0-10 (in our debian:jessie container) do store the full path to the source file in the FILE symbol. Also we have commit 81ecb38b83 ("build: provide option to disambiguate symbol names") which were using clang 5, and LLVM's commit f5040b9685a7 [1] ("Make .file directive to have basename only") which is part of "llvmorg-6.0.0" tag but not "release/5.x" branch. Both suggest that clang change of behavior happened with clang 6.0. This means that we also need to check clang version to figure out which command we need to use to redefine symbol. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich [1] https://github.com/llvm/llvm-project/commit/f5040b9685a760e584c576e9185295e54635d51e --- xen/Rules.mk | 2 +- xen/scripts/Kbuild.include | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 60d1d6c4f5..1e7f47a3d8 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -166,7 +166,7 @@ SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@ - ifeq ($(CONFIG_CC_IS_CLANG),y) + ifeq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(dot-target).tmp $@ else cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $( Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275172.470906 (Exim 4.92) (envelope-from ) id 1nKyMj-0001Us-Ei; Fri, 18 Feb 2022 08:11:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275172.470906; Fri, 18 Feb 2022 08:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMj-0001Uk-Bj; Fri, 18 Feb 2022 08:11:45 +0000 Received: by outflank-mailman (input) for mailman id 275172; Fri, 18 Feb 2022 08:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMi-0001Ue-PO for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMi-0004kk-Oe for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyMi-0006nE-Np for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CMysCJ3SQlbpiyRqJwT1K0b19LMCGZpsziHIh3fgVwk=; b=TXq5dzolDWodZqNo2lOVhnr/vp +yG/tMj8ytNWD7J5qHzShYRSeYZGPdqAuiSjlLFXKb8H3SyHoh/bThC56AJ7YiqUIDdHvxGaAUjNc 58ZjKlSQkrIQKcd5hr+5m8ba6xqrauftWD1neRLGUyWtOh64/O8pkWNToUqIKJ1u5WWc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Intel: re-indent family 6 switch() in intel_log_freq() Message-Id: Date: Fri, 18 Feb 2022 08:11:44 +0000 commit 3e548a6379bc0b1b79a20d12aeb4faed2833a4a7 Author: Jan Beulich AuthorDate: Fri Feb 18 09:00:10 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:00:10 2022 +0100 x86/Intel: re-indent family 6 switch() in intel_log_freq() This was left at its previous indentation by e6e3cf191d37 ("x86/Intel: also display CPU freq for family 0xf") to ease review. Remove the now unnecessary level of indentation. No functional change. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 54 +++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 699add6a4a..d7c6e2bd7d 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -468,35 +468,33 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) if ( !max_ratio ) return; + switch ( c->x86_model ) { - switch ( c->x86_model ) - { - case 0x0e: /* Core */ - case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ - /* - * PLATFORM_INFO, while not documented for these, appears to - * exist in at least some cases, but what it holds doesn't - * match the scheme used by newer CPUs. At a guess, the min - * and max fields look to be reversed, while the scaling - * factor is encoded in FSB_FREQ. - */ - if ( min_ratio > max_ratio ) - SWAP(min_ratio, max_ratio); - if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || - (msrval &= 7) >= ARRAY_SIZE(core_factors) ) - return; - factor = core_factors[msrval]; - break; - - case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ - case 0x25: case 0x2c: case 0x2f: /* Westmere */ - factor = 13333; - break; - - default: - factor = 10000; - break; - } + case 0x0e: /* Core */ + case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ + /* + * PLATFORM_INFO, while not documented for these, appears to exist + * in at least some cases, but what it holds doesn't match the + * scheme used by newer CPUs. At a guess, the min and max fields + * look to be reversed, while the scaling factor is encoded in + * FSB_FREQ. + */ + if ( min_ratio > max_ratio ) + SWAP(min_ratio, max_ratio); + if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || + (msrval &= 7) >= ARRAY_SIZE(core_factors) ) + return; + factor = core_factors[msrval]; + break; + + case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ + case 0x25: case 0x2c: case 0x2f: /* Westmere */ + factor = 13333; + break; + + default: + factor = 10000; + break; } break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:11:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:11:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275173.470910 (Exim 4.92) (envelope-from ) id 1nKyMt-0001XS-G8; Fri, 18 Feb 2022 08:11:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275173.470910; Fri, 18 Feb 2022 08:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMt-0001XK-DF; Fri, 18 Feb 2022 08:11:55 +0000 Received: by outflank-mailman (input) for mailman id 275173; Fri, 18 Feb 2022 08:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMs-0001XE-ST for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyMs-0004kx-Rd for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyMs-0006nn-Qf for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oGslnZPP235mE+VLUbvRX7ePunyILGO1efR5cuV4WRs=; b=t80nXkax53yfkyKL78rSysKZ9Q wG++/CPdpry6iG1ou6HSx7F1SmJmcoJe3WLv6K439HLPd4Wdd7MusYbUdN1M9TJiyJ3trIPASlIzm xxKJy1WCZ0tYX1gKEFR5qQvxibPLXROXEg+oWxJqCp7FH8Gi0e19tp0mUyARGPdMYML0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] rwlock: remove unneeded subtraction Message-Id: Date: Fri, 18 Feb 2022 08:11:54 +0000 commit 26f8eead2b8d19396bb57d00144bb19ae25f8f27 Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:01:27 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:01:27 2022 +0100 rwlock: remove unneeded subtraction There's no need to subtract _QR_BIAS from the lock value for storing in the local cnts variable in the read lock slow path: the users of the value in cnts only care about the writer-related bits and use a mask to get the value. Note that further setting of cnts in rspin_until_writer_unlock already do not subtract _QR_BIAS. Originally _QR_BIAS was subtracted from the result of atomic_add_return_acquire in order to prevent GCC from emitting an unneeded ADD instruction. This being in the lock slow path such optimizations don't seem likely to make any relevant performance difference. Also modern GCC and CLANG versions will already avoid emitting the ADD instruction. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Luca Fancellu --- xen/common/rwlock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/rwlock.c b/xen/common/rwlock.c index dadab372b5..aa15529bbe 100644 --- a/xen/common/rwlock.c +++ b/xen/common/rwlock.c @@ -47,7 +47,7 @@ void queue_read_lock_slowpath(rwlock_t *lock) while ( atomic_read(&lock->cnts) & _QW_WMASK ) cpu_relax(); - cnts = atomic_add_return(_QR_BIAS, &lock->cnts) - _QR_BIAS; + cnts = atomic_add_return(_QR_BIAS, &lock->cnts); rspin_until_writer_unlock(lock, cnts); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:12:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275174.470914 (Exim 4.92) (envelope-from ) id 1nKyN3-0001Zu-Hs; Fri, 18 Feb 2022 08:12:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275174.470914; Fri, 18 Feb 2022 08:12:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyN3-0001Zm-Ej; Fri, 18 Feb 2022 08:12:05 +0000 Received: by outflank-mailman (input) for mailman id 275174; Fri, 18 Feb 2022 08:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyN2-0001Zg-VP for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyN2-0004lE-Ud for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyN2-0006oo-Tk for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TCq6HcgP3yPG63T+dt8/VO1lIpKLN9jb4oiT//I6qFQ=; b=Py9B3bs2z8McRIDrJACI9WBWMY dRLFoV0/J3gsTgnJjCyigejeCrC6jNGkuwRI2DjrvGBu4FKnbjQWohdJGZCPvzqAW6vrxZteuf7ni ioVeTmtjBaunSRRedol4LiyWKvKzpcGsS8NNe/b46p2+MCtfSLwosiDOXHUV00dzKfwo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/console: process softirqs between warning prints Message-Id: Date: Fri, 18 Feb 2022 08:12:04 +0000 commit 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:02:16 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:02:16 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:12:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:12:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275175.470918 (Exim 4.92) (envelope-from ) id 1nKyND-0001cn-JZ; Fri, 18 Feb 2022 08:12:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275175.470918; Fri, 18 Feb 2022 08:12:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyND-0001cf-GN; Fri, 18 Feb 2022 08:12:15 +0000 Received: by outflank-mailman (input) for mailman id 275175; Fri, 18 Feb 2022 08:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyND-0001cX-2K for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyND-0004lI-1g for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyND-0006pR-0g for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w6ubxIkNncQSWoytliCjdYk3kyvov88P4b6qOqujAZk=; b=Kl1PUK3fAsnDWuyvDa5A/eGLJs cBdlYc6IaWRsJtiVHUhSsM7/udqxIynU179y5JJ/W7lxMxesYeLA8z0cjwA2mGzNx9b1pvXZ/TstC rpAKsxa4tfu3GaHiFobYiEeqzFVUxwurrCYXbq8lEr1cDolBOuM6h62w8mtk8h1MPL9U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/xenstore: add error indicator to ring page Message-Id: Date: Fri, 18 Feb 2022 08:12:15 +0000 commit aeaed47023377a20d0f77c82e54f504e99468fb6 Author: Juergen Gross AuthorDate: Fri Feb 18 09:02:48 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:02:48 2022 +0100 tools/xenstore: add error indicator to ring page In case Xenstore is detecting a malicious ring page modification (e.g. an invalid producer or consumer index set by a guest) it will ignore the connection of that guest in future. Add a new error field to the ring page indicating that case. Add a new feature bit in order to signal the presence of that error field. Move the ignore_connection() function to xenstored_domain.c in order to be able to access the ring page for setting the error indicator. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD --- docs/misc/xenstore-ring.txt | 35 +++++++++++++++++++++++++++++++ tools/xenstore/xenstored_core.c | 43 +++++++++------------------------------ tools/xenstore/xenstored_core.h | 1 - tools/xenstore/xenstored_domain.c | 34 ++++++++++++++++++++++++++++++- tools/xenstore/xenstored_domain.h | 1 + xen/include/public/io/xs_wire.h | 9 ++++++++ 6 files changed, 88 insertions(+), 35 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index 16b4d0f5ac..b338b21b19 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -22,6 +22,7 @@ Offset Length Description 2060 4 Output producer offset 2064 4 Server feature bitmap 2068 4 Connection state +2072 4 Connection error indicator The Input data and Output data are circular buffers. Each buffer is associated with a pair of free-running offsets labelled "consumer" and @@ -66,6 +67,7 @@ The following features are defined: Mask Description ----------------------------------------------------------------- 1 Ring reconnection (see the ring reconnection feature below) +2 Connection error indicator (see connection error feature below) The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has @@ -78,6 +80,19 @@ Value Description 1 Ring close and reconnect is in progress (see the "ring reconnection feature" described below) +The "Connection error indicator" is used to let the server indicate it has +detected some error that led to deactivation of the connection by the server. +If the feature has been advertised then the "Connection error indicator" may +take the following values (new values might be added in future without them +being advertised as a new feature): + +Value Description +----------------------------------------------------------------- +0 No error, connection is valid +1 Communication problems (event channel not functional) +2 Inconsistent producer or consumer offset +3 Protocol violation (client data package too long) + The ring reconnection feature ============================= @@ -114,3 +129,23 @@ packet boundary. Note that only the guest may set the Connection state to 1 and only the server may set it back to 0. + +The connection error feature +============================ + +The connection error feature allows the server to signal error conditions +leading to a stop of the communication with the client. In case such an error +condition has occurred, the server will set the appropriate error condition in +the Connection error indicator and will stop communication with the client. + +Any value different from 0 is indicating an error. The value used is meant +just for diagnostic purposes. A client reading the error value should be +prepared to see values not described here, as new error cases might be added +in future. + +The server will discard any already read or written packets, in-flight +requests, watches and transactions associated with the connection. + +Depending on the error cause it might be possible that a reconnect via the +ring reconnection feature (if present) can be performed. There is no guarantee +this will succeed. diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 91d3adccb1..6e4022e5da 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1455,35 +1455,6 @@ static struct { [XS_DIRECTORY_PART] = { "DIRECTORY_PART", send_directory_part }, }; -/* - * Keep the connection alive but stop processing any new request or sending - * reponse. This is to allow sending @releaseDomain watch event at the correct - * moment and/or to allow the connection to restart (not yet implemented). - * - * All watches, transactions, buffers will be freed. - */ -void ignore_connection(struct connection *conn) -{ - struct buffered_data *out, *tmp; - - trace("CONN %p ignored\n", conn); - - conn->is_ignored = true; - conn_delete_all_watches(conn); - conn_delete_all_transactions(conn); - - list_for_each_entry_safe(out, tmp, &conn->out_list, list) { - list_del(&out->list); - talloc_free(out); - } - - talloc_free(conn->in); - conn->in = NULL; - /* if this is a socket connection, drop it now */ - if (conn->fd >= 0) - talloc_free(conn); -} - static const char *sockmsg_string(enum xsd_sockmsg_type type) { if ((unsigned int)type < ARRAY_SIZE(wire_funcs) && wire_funcs[type].str) @@ -1598,6 +1569,7 @@ static void handle_input(struct connection *conn) { int bytes; struct buffered_data *in; + unsigned int err; if (!conn->in) { conn->in = new_buffer(conn); @@ -1612,8 +1584,10 @@ static void handle_input(struct connection *conn) if (in->used != sizeof(in->hdr)) { bytes = conn->funcs->read(conn, in->hdr.raw + in->used, sizeof(in->hdr) - in->used); - if (bytes < 0) + if (bytes < 0) { + err = XENSTORE_ERROR_RINGIDX; goto bad_client; + } in->used += bytes; if (in->used != sizeof(in->hdr)) return; @@ -1621,6 +1595,7 @@ static void handle_input(struct connection *conn) if (in->hdr.msg.len > XENSTORE_PAYLOAD_MAX) { syslog(LOG_ERR, "Client tried to feed us %i", in->hdr.msg.len); + err = XENSTORE_ERROR_PROTO; goto bad_client; } } @@ -1638,8 +1613,10 @@ static void handle_input(struct connection *conn) bytes = conn->funcs->read(conn, in->buffer + in->used, in->hdr.msg.len - in->used); - if (bytes < 0) + if (bytes < 0) { + err = XENSTORE_ERROR_RINGIDX; goto bad_client; + } in->used += bytes; if (in->used != in->hdr.msg.len) @@ -1649,14 +1626,14 @@ static void handle_input(struct connection *conn) return; bad_client: - ignore_connection(conn); + ignore_connection(conn, err); } static void handle_output(struct connection *conn) { /* Ignore the connection if an error occured */ if (!write_messages(conn)) - ignore_connection(conn); + ignore_connection(conn, XENSTORE_ERROR_RINGIDX); } struct connection *new_connection(const struct interface_funcs *funcs) diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h index 190d2447cd..742812a974 100644 --- a/tools/xenstore/xenstored_core.h +++ b/tools/xenstore/xenstored_core.h @@ -206,7 +206,6 @@ struct node *read_node(struct connection *conn, const void *ctx, struct connection *new_connection(const struct interface_funcs *funcs); struct connection *get_connection_by_id(unsigned int conn_id); -void ignore_connection(struct connection *conn); void check_store(void); void corrupt(struct connection *conn, const char *fmt, ...); diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index d03c7d93a9..ae065fcbee 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -427,6 +427,38 @@ static void domain_conn_reset(struct domain *domain) domain->interface->rsp_cons = domain->interface->rsp_prod = 0; } +/* + * Keep the connection alive but stop processing any new request or sending + * reponse. This is to allow sending @releaseDomain watch event at the correct + * moment and/or to allow the connection to restart (not yet implemented). + * + * All watches, transactions, buffers will be freed. + */ +void ignore_connection(struct connection *conn, unsigned int err) +{ + struct buffered_data *out, *tmp; + + trace("CONN %p ignored, reason %u\n", conn, err); + + if (conn->domain && conn->domain->interface) + conn->domain->interface->error = err; + + conn->is_ignored = true; + conn_delete_all_watches(conn); + conn_delete_all_transactions(conn); + + list_for_each_entry_safe(out, tmp, &conn->out_list, list) { + list_del(&out->list); + talloc_free(out); + } + + talloc_free(conn->in); + conn->in = NULL; + /* if this is a socket connection, drop it now */ + if (conn->fd >= 0) + talloc_free(conn); +} + static struct domain *introduce_domain(const void *ctx, unsigned int domid, evtchn_port_t port, bool restore) @@ -1305,7 +1337,7 @@ void read_state_connection(const void *ctx, const void *state) * dead. So mark it as ignored. */ if (!domain->port || !domain->interface) - ignore_connection(conn); + ignore_connection(conn, XENSTORE_ERROR_COMM); if (sc->spec.ring.tdomid != DOMID_INVALID) { tdomain = find_or_alloc_domain(ctx, diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h index 1e929b8f8c..4a37de67a0 100644 --- a/tools/xenstore/xenstored_domain.h +++ b/tools/xenstore/xenstored_domain.h @@ -47,6 +47,7 @@ int do_reset_watches(struct connection *conn, struct buffered_data *in); void domain_init(int evtfd); void dom0_init(void); void domain_deinit(void); +void ignore_connection(struct connection *conn, unsigned int err); /* Returns the implicit path of a connection (only domains have this) */ const char *get_implicit_path(const struct connection *conn); diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index 4dd6632669..953a0050a3 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -124,6 +124,7 @@ struct xenstore_domain_interface { XENSTORE_RING_IDX rsp_cons, rsp_prod; uint32_t server_features; /* Bitmap of features supported by the server */ uint32_t connection; + uint32_t error; }; /* Violating this is very bad. See docs/misc/xenstore.txt. */ @@ -135,11 +136,19 @@ struct xenstore_domain_interface { /* The ability to reconnect a ring */ #define XENSTORE_SERVER_FEATURE_RECONNECTION 1 +/* The presence of the "error" field in the ring page */ +#define XENSTORE_SERVER_FEATURE_ERROR 2 /* Valid values for the connection field */ #define XENSTORE_CONNECTED 0 /* the steady-state */ #define XENSTORE_RECONNECT 1 /* guest has initiated a reconnect */ +/* Valid values for the error field */ +#define XENSTORE_ERROR_NONE 0 /* No error */ +#define XENSTORE_ERROR_COMM 1 /* Communication problem */ +#define XENSTORE_ERROR_RINGIDX 2 /* Invalid ring index */ +#define XENSTORE_ERROR_PROTO 3 /* Protocol violation (payload too long) */ + #endif /* _XS_WIRE_H */ /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:12:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:12:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275176.470922 (Exim 4.92) (envelope-from ) id 1nKyNN-0001fx-MN; Fri, 18 Feb 2022 08:12:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275176.470922; Fri, 18 Feb 2022 08:12:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyNN-0001fp-JX; Fri, 18 Feb 2022 08:12:25 +0000 Received: by outflank-mailman (input) for mailman id 275176; Fri, 18 Feb 2022 08:12:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyNN-0001fg-5M for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyNN-0004lS-4g for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyNN-0006q0-3z for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YOEmqaugjzGA+BBBFiI8HlWiNoH+KOwa+lCbHaHpAo4=; b=cbA8zjXOSi5PSQr+wLZIaoI2gk B1BRwcu9wEFw3f2xDtqNI8xr8U9Unhh60w+2lNqLhAaQmuuZxxsO6OYHXOQ8FWiT4dPP0/BvaxZ7j HFygGr0GWth4/Aya5T5SkM9umFKkWFypckvHmy7yDaZforpLXcyLSluD7JZb39o1mutY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Fri, 18 Feb 2022 08:12:25 +0000 commit 07449ecfa42532495156fa342af2112e3e31dd3f Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:03:08 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:03:08 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index d7a40d7550..15ed021f41 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1160,17 +1160,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 08:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 08:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275191.470948 (Exim 4.92) (envelope-from ) id 1nKyWj-0003nK-UG; Fri, 18 Feb 2022 08:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275191.470948; Fri, 18 Feb 2022 08:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyWj-0003nD-R7; Fri, 18 Feb 2022 08:22:05 +0000 Received: by outflank-mailman (input) for mailman id 275191; Fri, 18 Feb 2022 08:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyWi-0003n7-O4 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nKyWi-0004yF-M2 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nKyWi-0007SW-Kw for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 08:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LgEbocD6QtXyPzYoU+uPp3CR+iLQUNDT+NFNJCDSXM0=; b=YRVbQv35EJtnLZ7mv+euXjpdLk paG7mAKtSV0sQ4StemHpV0t+WtmYwqNduBwAzKJHGeEY4p7RYwYqMPSKpxyyvrettjAXmdZ48IdxY ACl94H4frTNk2PaIDtG0caJItkWjC7ZayfQYiTP3y/sSDbiZXp6lA9R4edJ3Ey9E7wIc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: add CPUID flag for Extended Destination ID support Message-Id: Date: Fri, 18 Feb 2022 08:22:04 +0000 commit f5592322062f7912dc45b30606f20691f6e1c3ee Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:17:47 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:17:47 2022 +0100 x86/cpuid: add CPUID flag for Extended Destination ID support Introduce the CPUID flag to be used in order to signal the support for using an extended destination ID in IO-APIC RTEs and MSI address fields. Such format expands the maximum target APIC ID from 255 to 32768 without requiring the usage of interrupt remapping. The design document describing the feature can be found at: http://david.woodhou.se/15-bit-msi.pdf Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/include/public/arch-x86/cpuid.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/public/arch-x86/cpuid.h b/xen/include/public/arch-x86/cpuid.h index ce46305bee..f2b2b3632c 100644 --- a/xen/include/public/arch-x86/cpuid.h +++ b/xen/include/public/arch-x86/cpuid.h @@ -102,6 +102,13 @@ #define XEN_HVM_CPUID_IOMMU_MAPPINGS (1u << 2) #define XEN_HVM_CPUID_VCPU_ID_PRESENT (1u << 3) /* vcpu id is present in EBX */ #define XEN_HVM_CPUID_DOMID_PRESENT (1u << 4) /* domid is present in ECX */ +/* + * With interrupt format set to 0 (non-remappable) bits 55:49 from the + * IO-APIC RTE and bits 11:5 from the MSI address can be used to store + * high bits for the Destination ID. This expands the Destination ID + * field from 8 to 15 bits, allowing to target APIC IDs up 32768. + */ +#define XEN_HVM_CPUID_EXT_DEST_ID (1u << 5) /* * Leaf 6 (0x40000x05) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275275.471054 (Exim 4.92) (envelope-from ) id 1nL0EB-0002Y1-FP; Fri, 18 Feb 2022 10:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275275.471054; Fri, 18 Feb 2022 10:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0EB-0002Xt-CY; Fri, 18 Feb 2022 10:11:03 +0000 Received: by outflank-mailman (input) for mailman id 275275; Fri, 18 Feb 2022 10:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0E9-0002Xn-Pw for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0E9-0006wz-J6 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0E9-00083E-I8 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4U2mK4qHo3QbUumFFysX0hDsMRgWxWwU72k7NQ2V1OU=; b=k/6gqasSPKwCEEQSJzrBjnAoEu RTpWmVo9glcdIX5d0pWcr/yr48O3TLOEribfFyy6RdmI88gem7IfIAhUY+/SQMnXVaS6MjcUGtCHe BenX9ihg8TfS4T9m6YIA1IQ9/Zf+92gHedqGbVRKotvegLlsQFlVVNgK4wEOYEjidZl4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: introduce internal CDF_xxx flags for domain creation Message-Id: Date: Fri, 18 Feb 2022 10:11:01 +0000 commit 6f815e86eff46b0e1ef7815e9933c2bdf590e68f Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:46 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:40:53 2022 +0000 xen: introduce internal CDF_xxx flags for domain creation We are passing an internal-only boolean flag at domain creation to specify whether we want the domain to be privileged (i.e. dom0) or not. Another flag will be introduced later in this series. This commit extends original "boolean" to an "unsigned int" covering both the existing "is_priv" and our new "directmap", which will be introduced later. To make visible the relationship, we name the respective constants CDF_xxx (with no XEN_DOMCTL_ prefix) to represent the difference with the public constants XEN_DOMCTL_CDF_xxx. Allocate bit 0 as CDF_privileged: whether a domain is privileged or not. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Jan Beulich Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 4 ++-- xen/arch/x86/setup.c | 2 +- xen/common/domain.c | 10 +++++----- xen/common/sched/core.c | 2 +- xen/include/xen/domain.h | 4 ++++ xen/include/xen/sched.h | 2 +- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6931c022a2..0fab8604de 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3058,7 +3058,7 @@ void __init create_domUs(void) * very important to use the pre-increment operator to call * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0) */ - d = domain_create(++max_init_domid, &d_cfg, false); + d = domain_create(++max_init_domid, &d_cfg, 0); if ( IS_ERR(d) ) panic("Error creating domain %s\n", dt_node_name(node)); @@ -3160,7 +3160,7 @@ void __init create_dom0(void) if ( iommu_enabled ) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; - dom0 = domain_create(0, &dom0_cfg, true); + dom0 = domain_create(0, &dom0_cfg, CDF_privileged); if ( IS_ERR(dom0) || (alloc_dom0_vcpu0(dom0) == NULL) ) panic("Error creating domain 0\n"); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 115f8f6517..624b53ded4 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -789,7 +789,7 @@ static struct domain *__init create_dom0(const module_t *image, /* Create initial domain. Not d0 for pvshim. */ domid = get_initial_domain_id(); - d = domain_create(domid, &dom0_cfg, !pv_shim); + d = domain_create(domid, &dom0_cfg, pv_shim ? 0 : CDF_privileged); if ( IS_ERR(d) ) panic("Error creating d%u: %ld\n", domid, PTR_ERR(d)); diff --git a/xen/common/domain.c b/xen/common/domain.c index 2048ebad86..a79103e04a 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -552,7 +552,7 @@ static int sanitise_domain_config(struct xen_domctl_createdomain *config) struct domain *domain_create(domid_t domid, struct xen_domctl_createdomain *config, - bool is_priv) + unsigned int flags) { struct domain *d, **pd, *old_hwdom = NULL; enum { INIT_watchdog = 1u<<1, @@ -578,7 +578,7 @@ struct domain *domain_create(domid_t domid, } /* Sort out our idea of is_control_domain(). */ - d->is_privileged = is_priv; + d->is_privileged = flags & CDF_privileged; /* Sort out our idea of is_hardware_domain(). */ if ( domid == 0 || domid == hardware_domid ) @@ -772,7 +772,7 @@ void __init setup_system_domains(void) * Hidden PCI devices will also be associated with this domain * (but be [partly] controlled by Dom0 nevertheless). */ - dom_xen = domain_create(DOMID_XEN, NULL, false); + dom_xen = domain_create(DOMID_XEN, NULL, 0); if ( IS_ERR(dom_xen) ) panic("Failed to create d[XEN]: %ld\n", PTR_ERR(dom_xen)); @@ -782,7 +782,7 @@ void __init setup_system_domains(void) * array. Mappings occur at the priv of the caller. * Quarantined PCI devices will be associated with this domain. */ - dom_io = domain_create(DOMID_IO, NULL, false); + dom_io = domain_create(DOMID_IO, NULL, 0); if ( IS_ERR(dom_io) ) panic("Failed to create d[IO]: %ld\n", PTR_ERR(dom_io)); @@ -791,7 +791,7 @@ void __init setup_system_domains(void) * Initialise our COW domain. * This domain owns sharable pages. */ - dom_cow = domain_create(DOMID_COW, NULL, false); + dom_cow = domain_create(DOMID_COW, NULL, 0); if ( IS_ERR(dom_cow) ) panic("Failed to create d[COW]: %ld\n", PTR_ERR(dom_cow)); #endif diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 8f4b1ca10d..f5c819349b 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -3021,7 +3021,7 @@ void __init scheduler_init(void) sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; } - idle_domain = domain_create(DOMID_IDLE, NULL, false); + idle_domain = domain_create(DOMID_IDLE, NULL, 0); BUG_ON(IS_ERR(idle_domain)); BUG_ON(nr_cpu_ids > ARRAY_SIZE(idle_vcpu)); idle_domain->vcpu = idle_vcpu; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 160c8dbdab..cfb0b47f13 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -28,6 +28,10 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info); void arch_get_domain_info(const struct domain *d, struct xen_domctl_getdomaininfo *info); +/* CDF_* constant. Internal flags for domain creation. */ +/* Is this a privileged domain? */ +#define CDF_privileged (1U << 0) + /* * Arch-specifics. */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 37f78cc4c4..24a9a87f83 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -665,7 +665,7 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config); */ struct domain *domain_create(domid_t domid, struct xen_domctl_createdomain *config, - bool is_priv); + unsigned int flags); /* * rcu_lock_domain_by_id() is more efficient than get_domain_by_id(). -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275276.471059 (Exim 4.92) (envelope-from ) id 1nL0EK-0002Zs-Gy; Fri, 18 Feb 2022 10:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275276.471059; Fri, 18 Feb 2022 10:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0EK-0002Zk-Dy; Fri, 18 Feb 2022 10:11:12 +0000 Received: by outflank-mailman (input) for mailman id 275276; Fri, 18 Feb 2022 10:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0EJ-0002ZS-NR for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0EJ-0006xG-Mb for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0EJ-000841-Lg for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JujlgtscZmoF7SsAQf7o1oA06x8UR8qeD1tB1R68jYg=; b=X+HnG29NDjgDJMTbxtLJV6ijtJ qWbZeMESrPBgpm9oc2Z3qxJ03Jl+lVyL+TO5F7Uz7zBHlyUAT4TzA+dDIQriofUWbWGJLnKZ57+S2 FBKCwN48V+JcZhxoabmeQt4I/qYkbOyGmc2te5OAOTLFicVCElYkkQAaFCePM8QJPfY8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: introduce CDF_directmap Message-Id: Date: Fri, 18 Feb 2022 10:11:11 +0000 commit 80e2005373dd40f9d4696e78f1f9ddef2e978abf Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:47 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:42:49 2022 +0000 xen: introduce CDF_directmap This commit introduces a new arm-specific flag CDF_directmap to specify that a domain should have its memory direct-map(guest physical address == host physical address) at domain creation. Also, add a directmap flag under struct arch_domain and use it to reimplement is_domain_direct_mapped. For now, direct-map is only available when statically allocated memory is used for the domain, that is, "xen,static-mem" must be also defined in the domain configuration. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Acked-by: Jan Beulich Acked-by: Julien Grall Tested-by: Stefano Stabellini --- docs/misc/arm/device-tree/booting.txt | 6 ++++++ xen/arch/arm/domain.c | 5 ++++- xen/arch/arm/domain_build.c | 14 ++++++++++++-- xen/arch/arm/include/asm/domain.h | 5 +++-- xen/arch/x86/domain.c | 3 ++- xen/common/domain.c | 2 +- xen/include/xen/domain.h | 7 ++++++- 7 files changed, 34 insertions(+), 8 deletions(-) diff --git a/docs/misc/arm/device-tree/booting.txt b/docs/misc/arm/device-tree/booting.txt index 71895663a4..a94125394e 100644 --- a/docs/misc/arm/device-tree/booting.txt +++ b/docs/misc/arm/device-tree/booting.txt @@ -182,6 +182,12 @@ with the following properties: Both #address-cells and #size-cells need to be specified because both sub-nodes (described shortly) have reg properties. +- direct-map + + Only available when statically allocated memory is used for the domain. + An empty property to request the memory of the domain to be + direct-map (guest physical address == physical address). + Under the "xen,domain" compatible node, one or more sub-nodes are present for the DomU kernel and ramdisk. diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 92a6c509e5..8110c1df86 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -692,7 +692,8 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) } int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config) + struct xen_domctl_createdomain *config, + unsigned int flags) { int rc, count = 0; @@ -708,6 +709,8 @@ int arch_domain_create(struct domain *d, ioreq_domain_init(d); #endif + d->arch.directmap = flags & CDF_directmap; + /* p2m_init relies on some value initialized by the IOMMU subsystem */ if ( (rc = iommu_domain_init(d, config->iommu_opts)) != 0 ) goto fail; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 0fab8604de..6467e8ee32 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3029,10 +3029,20 @@ void __init create_domUs(void) .max_maptrack_frames = -1, .grant_opts = XEN_DOMCTL_GRANT_version(opt_gnttab_max_version), }; + unsigned int flags = 0U; if ( !dt_device_is_compatible(node, "xen,domain") ) continue; + if ( dt_property_read_bool(node, "direct-map") ) + { + if ( !IS_ENABLED(CONFIG_STATIC_MEMORY) || !dt_find_property(node, "xen,static-mem", NULL) ) + panic("direct-map is not valid for domain %s without static allocation.\n", + dt_node_name(node)); + + flags |= CDF_directmap; + } + if ( !dt_property_read_u32(node, "cpus", &d_cfg.max_vcpus) ) panic("Missing property 'cpus' for domain %s\n", dt_node_name(node)); @@ -3058,7 +3068,7 @@ void __init create_domUs(void) * very important to use the pre-increment operator to call * domain_create() with a domid > 0. (domid == 0 is reserved for Dom0) */ - d = domain_create(++max_init_domid, &d_cfg, 0); + d = domain_create(++max_init_domid, &d_cfg, flags); if ( IS_ERR(d) ) panic("Error creating domain %s\n", dt_node_name(node)); @@ -3160,7 +3170,7 @@ void __init create_dom0(void) if ( iommu_enabled ) dom0_cfg.flags |= XEN_DOMCTL_CDF_iommu; - dom0 = domain_create(0, &dom0_cfg, CDF_privileged); + dom0 = domain_create(0, &dom0_cfg, CDF_privileged | CDF_directmap); if ( IS_ERR(dom0) || (alloc_dom0_vcpu0(dom0) == NULL) ) panic("Error creating domain 0\n"); diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index 9b3647587a..aabe942cde 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -29,8 +29,7 @@ enum domain_type { #define is_64bit_domain(d) (0) #endif -/* The hardware domain has always its memory direct mapped. */ -#define is_domain_direct_mapped(d) is_hardware_domain(d) +#define is_domain_direct_mapped(d) (d)->arch.directmap struct vtimer { struct vcpu *v; @@ -89,6 +88,8 @@ struct arch_domain #ifdef CONFIG_TEE void *tee; #endif + + bool directmap; } __cacheline_aligned; struct arch_vcpu diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index ef1812dc14..9835f90ea0 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -722,7 +722,8 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags) } int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config) + struct xen_domctl_createdomain *config, + unsigned int flags) { bool paging_initialised = false; uint32_t emflags; diff --git a/xen/common/domain.c b/xen/common/domain.c index a79103e04a..3742322d22 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -659,7 +659,7 @@ struct domain *domain_create(domid_t domid, radix_tree_init(&d->pirq_tree); } - if ( (err = arch_domain_create(d, config)) != 0 ) + if ( (err = arch_domain_create(d, config, flags)) != 0 ) goto fail; init_status |= INIT_arch; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index cfb0b47f13..24eb4cc7d3 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -31,6 +31,10 @@ void arch_get_domain_info(const struct domain *d, /* CDF_* constant. Internal flags for domain creation. */ /* Is this a privileged domain? */ #define CDF_privileged (1U << 0) +#ifdef CONFIG_ARM +/* Should domain memory be directly mapped? */ +#define CDF_directmap (1U << 1) +#endif /* * Arch-specifics. @@ -65,7 +69,8 @@ int map_vcpu_info(struct vcpu *v, unsigned long gfn, unsigned offset); void unmap_vcpu_info(struct vcpu *v); int arch_domain_create(struct domain *d, - struct xen_domctl_createdomain *config); + struct xen_domctl_createdomain *config, + unsigned int flags); void arch_domain_destroy(struct domain *d); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275277.471064 (Exim 4.92) (envelope-from ) id 1nL0EU-0002d4-Iv; Fri, 18 Feb 2022 10:11:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275277.471064; Fri, 18 Feb 2022 10:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0EU-0002cw-FU; Fri, 18 Feb 2022 10:11:22 +0000 Received: by outflank-mailman (input) for mailman id 275277; Fri, 18 Feb 2022 10:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0ET-0002cf-QO for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0ET-0006xY-Pd for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0ET-00084o-Ol for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jR7nXrj5aUF5R3v8HzD70LIDQPI5jKSoyBqeDdJXu8k=; b=jegZO0GhlAq7E+TS/kmiy0HCe9 ltJx6E8kWYH1YvnwBGrkjfiuC5rHVYEGtdgtWBH5hqbzkRW3d2pXcKYL9sR9jr9Yr15ZYN7oBHHUa w33iMVabnUyUIbBNAyil/dsc15QwHpgTuUIGFECWARiWWymFN8T+Y3w+2k99BnonUEVk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Allow device-passthrough even the IOMMU is off Message-Id: Date: Fri, 18 Feb 2022 10:11:21 +0000 commit 02d552627c2b2b4e8874ff9b6e9a47b728964c18 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:48 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: Allow device-passthrough even the IOMMU is off At the moment, we are only supporting device-passthrough when Xen has enabled the IOMMU. There are some use cases where it is not possible to use the IOMMU (e.g. doesn't exist, hardware limitation, performance) yet it would be OK to assign a device to trusted domain so long they are direct-mapped or the device doesn't do DMA. Note that when the IOMMU is disabled, it will be necessary to add xen,force-assign-without-iommu for every device that needs to be assigned. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Tested-by: Stefano Stabellini Acked-by: Julien Grall --- xen/arch/arm/domain_build.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6467e8ee32..c1e8c99f64 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -3047,7 +3047,8 @@ void __init create_domUs(void) panic("Missing property 'cpus' for domain %s\n", dt_node_name(node)); - if ( dt_find_compatible_node(node, NULL, "multiboot,device-tree") ) + if ( dt_find_compatible_node(node, NULL, "multiboot,device-tree") && + iommu_enabled ) d_cfg.flags |= XEN_DOMCTL_CDF_iommu; if ( !dt_property_read_u32(node, "nr_spis", &d_cfg.arch.nr_spis) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275278.471067 (Exim 4.92) (envelope-from ) id 1nL0Ef-0002gy-M1; Fri, 18 Feb 2022 10:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275278.471067; Fri, 18 Feb 2022 10:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ef-0002gq-Iw; Fri, 18 Feb 2022 10:11:33 +0000 Received: by outflank-mailman (input) for mailman id 275278; Fri, 18 Feb 2022 10:11:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ed-0002gL-TX for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ed-0006y1-Sf for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0Ed-00085m-Ru for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eoFtzDIbStXfGjl2ZgnV8JJdl40c7bUSbyL0UnBR7rU=; b=gDpguFp2c9WxMlIVdM8d8d2t35 rU81LwyImcgQ/RZL3DpbptfYUXwWGVAlBV3cwFLUYBS0bTEVDscW4gHRaSXiGl+JTQTbn9fRU5czl MTqv6DQnVfstFcJSLm+W6vOUJipammUwmWPUF8yTlU3q+tZMsToy1nZhW1KyAJMuRbnw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: introduce new helper parse_static_mem_prop and acquire_static_memory_bank Message-Id: Date: Fri, 18 Feb 2022 10:11:31 +0000 commit ba560aa0bdd8044b831cdd41ea9db6a26ec6978f Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:49 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: introduce new helper parse_static_mem_prop and acquire_static_memory_bank Later, we will introduce assign_static_memory_11 for allocating static memory for direct-map domains, and it will share a lot common codes with the existing allocate_static_memory. In order not to bring a lot of duplicate codes, and also to make the whole code more readable, this commit extracts common codes into two new helpers parse_static_mem_prop and acquire_static_memory_bank. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 100 ++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 36 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index c1e8c99f64..e61d2d53ba 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -509,12 +509,69 @@ static bool __init append_static_memory_to_bank(struct domain *d, return true; } +static mfn_t __init acquire_static_memory_bank(struct domain *d, + const __be32 **cell, + u32 addr_cells, u32 size_cells, + paddr_t *pbase, paddr_t *psize) +{ + mfn_t smfn; + int res; + + device_tree_get_reg(cell, addr_cells, size_cells, pbase, psize); + ASSERT(IS_ALIGNED(*pbase, PAGE_SIZE) && IS_ALIGNED(*psize, PAGE_SIZE)); + if ( PFN_DOWN(*psize) > UINT_MAX ) + { + printk(XENLOG_ERR "%pd: static memory size too large: %#"PRIpaddr, + d, *psize); + return INVALID_MFN; + } + + smfn = maddr_to_mfn(*pbase); + res = acquire_domstatic_pages(d, smfn, PFN_DOWN(*psize), 0); + if ( res ) + { + printk(XENLOG_ERR + "%pd: failed to acquire static memory: %d.\n", d, res); + return INVALID_MFN; + } + + return smfn; +} + +static int __init parse_static_mem_prop(const struct dt_device_node *node, + u32 *addr_cells, u32 *size_cells, + int *length, const __be32 **cell) +{ + const struct dt_property *prop; + + prop = dt_find_property(node, "xen,static-mem", NULL); + if ( !dt_property_read_u32(node, "#xen,static-mem-address-cells", + addr_cells) ) + { + printk(XENLOG_ERR + "failed to read \"#xen,static-mem-address-cells\".\n"); + return -EINVAL; + } + + if ( !dt_property_read_u32(node, "#xen,static-mem-size-cells", + size_cells) ) + { + printk(XENLOG_ERR + "failed to read \"#xen,static-mem-size-cells\".\n"); + return -EINVAL; + } + + *cell = (const __be32 *)prop->value; + *length = prop->length; + + return 0; +} + /* Allocate memory from static memory as RAM for one specific domain d. */ static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { - const struct dt_property *prop; u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, gbank, bank = 0; const uint64_t rambase[] = GUEST_RAM_BANK_BASES; @@ -523,24 +580,10 @@ static void __init allocate_static_memory(struct domain *d, u64 tot_size = 0; paddr_t pbase, psize, gsize; mfn_t smfn; - int res; - - prop = dt_find_property(node, "xen,static-mem", NULL); - if ( !dt_property_read_u32(node, "#xen,static-mem-address-cells", - &addr_cells) ) - { - printk(XENLOG_ERR - "%pd: failed to read \"#xen,static-mem-address-cells\".\n", d); - goto fail; - } + int length; - if ( !dt_property_read_u32(node, "#xen,static-mem-size-cells", - &size_cells) ) - { - printk(XENLOG_ERR - "%pd: failed to read \"#xen,static-mem-size-cells\".\n", d); + if ( parse_static_mem_prop(node, &addr_cells, &size_cells, &length, &cell) ) goto fail; - } reg_cells = addr_cells + size_cells; /* @@ -551,29 +594,14 @@ static void __init allocate_static_memory(struct domain *d, gbank = 0; gsize = ramsize[gbank]; kinfo->mem.bank[gbank].start = rambase[gbank]; - - cell = (const __be32 *)prop->value; - nr_banks = (prop->length) / (reg_cells * sizeof (u32)); + nr_banks = length / (reg_cells * sizeof (u32)); for ( ; bank < nr_banks; bank++ ) { - device_tree_get_reg(&cell, addr_cells, size_cells, &pbase, &psize); - ASSERT(IS_ALIGNED(pbase, PAGE_SIZE) && IS_ALIGNED(psize, PAGE_SIZE)); - - if ( PFN_DOWN(psize) > UINT_MAX ) - { - printk(XENLOG_ERR "%pd: static memory size too large: %#"PRIpaddr, - d, psize); + smfn = acquire_static_memory_bank(d, &cell, addr_cells, size_cells, + &pbase, &psize); + if ( mfn_eq(smfn, INVALID_MFN) ) goto fail; - } - smfn = maddr_to_mfn(pbase); - res = acquire_domstatic_pages(d, smfn, PFN_DOWN(psize), 0); - if ( res ) - { - printk(XENLOG_ERR - "%pd: failed to acquire static memory: %d.\n", d, res); - goto fail; - } printk(XENLOG_INFO "%pd: STATIC BANK[%u] %#"PRIpaddr"-%#"PRIpaddr"\n", d, bank, pbase, pbase + psize); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275279.471071 (Exim 4.92) (envelope-from ) id 1nL0Ep-0002jf-O1; Fri, 18 Feb 2022 10:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275279.471071; Fri, 18 Feb 2022 10:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ep-0002jW-KU; Fri, 18 Feb 2022 10:11:43 +0000 Received: by outflank-mailman (input) for mailman id 275279; Fri, 18 Feb 2022 10:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Eo-0002jK-0C for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0En-0006yB-Vj for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0En-00086e-Uw for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9Xx8EYeP9E8IqAVW5enkLmFFEmvc0DstzW28tNwl1aA=; b=dqX+6DQZ7pNAtjfOO1DJ8HSYfU AvjGObUPsqNDyCWAIHQVnCmS6mHyga4nxvwlyyWl7wJewU/c41RDVIswnrbo08FB6K75LPaAq9qN9 XcGG7qo6iRTUbC8E4tl6hZyPcABotiJi7Tz3GkK6pxYkRZSu6g1F+Plkc85x+p+5tGTI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: introduce direct-map for domUs Message-Id: Date: Fri, 18 Feb 2022 10:11:41 +0000 commit 75591dcfe0341def8dfc79fb7ef19f89fb3de327 Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:50 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: introduce direct-map for domUs Cases where domU needs direct-map memory map: * IOMMU not present in the system. * IOMMU disabled if it doesn't cover a specific device and all the guests are trusted. Thinking a mixed scenario, where a few devices with IOMMU and a few without, then guest DMA security still could not be totally guaranteed. So users may want to disable the IOMMU, to at least gain some performance improvement from IOMMU disabled. * IOMMU disabled as a workaround when it doesn't have enough bandwidth. To be specific, in a few extreme situation, when multiple devices do DMA concurrently, these requests may exceed IOMMU's transmission capacity. * IOMMU disabled when it adds too much latency on DMA. For example, TLB may be missing in some IOMMU hardware, which may bring latency in DMA progress, so users may want to disable it in some realtime scenario. * Guest OS relies on the host memory layout This commit introduces a new helper assign_static_memory_11 to allocate static memory as guest RAM for direct-map domain. Signed-off-by: Penny Zheng Reviewed-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 97 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index e61d2d53ba..ec29bd302c 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -494,8 +494,17 @@ static bool __init append_static_memory_to_bank(struct domain *d, { int res; unsigned int nr_pages = PFN_DOWN(size); - /* Infer next GFN. */ - gfn_t sgfn = gaddr_to_gfn(bank->start + bank->size); + gfn_t sgfn; + + /* + * For direct-mapped domain, the GFN match the MFN. + * Otherwise, this is inferred on what has already been allocated + * in the bank. + */ + if ( !is_domain_direct_mapped(d) ) + sgfn = gaddr_to_gfn(bank->start + bank->size); + else + sgfn = gaddr_to_gfn(mfn_to_maddr(smfn)); res = guest_physmap_add_pages(d, sgfn, smfn, nr_pages); if ( res ) @@ -668,12 +677,92 @@ static void __init allocate_static_memory(struct domain *d, fail: panic("Failed to allocate requested static memory for domain %pd.", d); } + +/* + * Allocate static memory as RAM for one specific domain d. + * The static memory will be directly mapped in the guest(Guest Physical + * Address == Physical Address). + */ +static void __init assign_static_memory_11(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ + u32 addr_cells, size_cells, reg_cells; + unsigned int nr_banks, bank = 0; + const __be32 *cell; + paddr_t pbase, psize; + mfn_t smfn; + int length; + + if ( parse_static_mem_prop(node, &addr_cells, &size_cells, &length, &cell) ) + { + printk(XENLOG_ERR + "%pd: failed to parse \"xen,static-mem\" property.\n", d); + goto fail; + } + reg_cells = addr_cells + size_cells; + nr_banks = length / (reg_cells * sizeof(u32)); + + if ( nr_banks > NR_MEM_BANKS ) + { + printk(XENLOG_ERR + "%pd: exceed max number of supported guest memory banks.\n", d); + goto fail; + } + + for ( ; bank < nr_banks; bank++ ) + { + smfn = acquire_static_memory_bank(d, &cell, addr_cells, size_cells, + &pbase, &psize); + if ( mfn_eq(smfn, INVALID_MFN) ) + goto fail; + + printk(XENLOG_INFO "%pd: STATIC BANK[%u] %#"PRIpaddr"-%#"PRIpaddr"\n", + d, bank, pbase, pbase + psize); + + /* One guest memory bank is matched with one physical memory bank. */ + kinfo->mem.bank[bank].start = pbase; + if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[bank], + smfn, psize) ) + goto fail; + + kinfo->unassigned_mem -= psize; + } + + kinfo->mem.nr_banks = nr_banks; + + /* + * The property 'memory' should match the amount of memory given to + * the guest. + * Currently, it is only possible to either acquire static memory or + * let Xen allocate. *Mixing* is not supported. + */ + if ( kinfo->unassigned_mem != 0 ) + { + printk(XENLOG_ERR + "Size of \"memory\" property doesn't match up with the sum-up of \"xen,static-mem\".\n"); + goto fail; + } + + return; + + fail: + panic("Failed to assign requested static memory for direct-map domain %pd.", + d); +} #else static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { } + +static void __init assign_static_memory_11(struct domain *d, + struct kernel_info *kinfo, + const struct dt_device_node *node) +{ + ASSERT_UNREACHABLE(); +} #endif /* @@ -3023,8 +3112,10 @@ static int __init construct_domU(struct domain *d, #endif if ( !dt_find_property(node, "xen,static-mem", NULL) ) allocate_memory(d, &kinfo); - else + else if ( !is_domain_direct_mapped(d) ) allocate_static_memory(d, &kinfo, node); + else + assign_static_memory_11(d, &kinfo, node); rc = prepare_dtb_domU(d, &kinfo); if ( rc < 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275280.471075 (Exim 4.92) (envelope-from ) id 1nL0Ez-0002mI-P2; Fri, 18 Feb 2022 10:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275280.471075; Fri, 18 Feb 2022 10:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ez-0002mA-M4; Fri, 18 Feb 2022 10:11:53 +0000 Received: by outflank-mailman (input) for mailman id 275280; Fri, 18 Feb 2022 10:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ey-0002m2-3V for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Ey-0006yS-2Y for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0Ey-00087c-1o for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FUyxz1cLf9MtxSbRm9k6eWZONzadbauwgywj0dg9jI4=; b=aMWSQUnJ9ytaF2ThQ40PdgTYNL wmqiVj4maWdlFTF1swyqVIi6xoup6dh2PABit8WFCSRE08hM1Ta6b/KQv3P15vsMDxIejHe6bTuDW nlXLZN4j33tGTazmjp53RxTculcBbCkp0Q5g5DUbm9aKNeFXSj1PRwQEt4M3IdlekCUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: add ASSERT_UNREACHABLE in allocate_static_memory Message-Id: Date: Fri, 18 Feb 2022 10:11:52 +0000 commit 489859a33681b2921bc08e6c37763fedd2c099d5 Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:51 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: add ASSERT_UNREACHABLE in allocate_static_memory Helper allocate_static_memory is not meant to be reachable when built with !CONFIG_STATIC_MEMORY, so this commit adds ASSERT_UNREACHABLE in it to catch potential misuse. Signed-off-by: Penny Zheng Acked-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index ec29bd302c..52f256de9c 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -755,6 +755,7 @@ static void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + ASSERT_UNREACHABLE(); } static void __init assign_static_memory_11(struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:12:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:12:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275281.471081 (Exim 4.92) (envelope-from ) id 1nL0F9-0002oy-S8; Fri, 18 Feb 2022 10:12:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275281.471081; Fri, 18 Feb 2022 10:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0F9-0002oq-Nh; Fri, 18 Feb 2022 10:12:03 +0000 Received: by outflank-mailman (input) for mailman id 275281; Fri, 18 Feb 2022 10:12:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0F8-0002of-6m for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0F8-0006yp-5x for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0F8-00088Y-51 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rAJbYx+jRytpuoxAebD8qdXju/3ZEQI2exVjsMBoIx8=; b=sERRLnYxFKVNoDt1m9JdCYk9q5 gRm/Kp+gbbp1xeXCF4PV9PQUHJPp9kFgknZhoZU1VGl2GuYLRa6Qs8zs2E4B8VUJIg4Z2vj8+e3a5 tCwyXn1epDcg1nILm6hG4XvX9ym7ZNRgNlPdJC1ZwP/DyBgnxGuIrvbF8UDr9OkO/i6A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: if direct-map domain use native addresses for GICv2 Message-Id: Date: Fri, 18 Feb 2022 10:12:02 +0000 commit c4f2a96102526e8bc9767238653f6f487cd38403 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:52 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native addresses for GICv2 Today we use native addresses to map the GICv2 for Dom0 and fixed addresses for DomUs. This patch changes the behavior so that native addresses are used for all domains that are direct-mapped. NEW VGIC has different naming schemes, like referring distributor base address as vgic_dist_base, other than the dbase. So this patch also introduces vgic_dist_base/vgic_cpu_base accessor to access correct distributor base address/cpu interface base address on varied scenarios, Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 11 ++++++++--- xen/arch/arm/include/asm/new_vgic.h | 10 ++++++++++ xen/arch/arm/include/asm/vgic.h | 11 +++++++++++ xen/arch/arm/vgic-v2.c | 34 +++++++++++++++++++++++++++------- xen/arch/arm/vgic/vgic-v2.c | 34 +++++++++++++++++++++++++++------- 5 files changed, 83 insertions(+), 17 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 52f256de9c..87391adde6 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2273,8 +2273,13 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) int res = 0; __be32 reg[(GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * 2]; __be32 *cells; + const struct domain *d = kinfo->d; + /* Placeholder for interrupt-controller@ + a 64-bit number + \0 */ + char buf[38]; - res = fdt_begin_node(fdt, "interrupt-controller@"__stringify(GUEST_GICD_BASE)); + snprintf(buf, sizeof(buf), "interrupt-controller@%"PRIx64, + vgic_dist_base(&d->arch.vgic)); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2296,9 +2301,9 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) cells = ®[0]; dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICD_BASE, GUEST_GICD_SIZE); + vgic_dist_base(&d->arch.vgic), GUEST_GICD_SIZE); dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICC_BASE, GUEST_GICC_SIZE); + vgic_cpu_base(&d->arch.vgic), GUEST_GICC_SIZE); res = fdt_property(fdt, "reg", reg, sizeof(reg)); if (res) diff --git a/xen/arch/arm/include/asm/new_vgic.h b/xen/arch/arm/include/asm/new_vgic.h index 97d622bff6..ab57fcd91d 100644 --- a/xen/arch/arm/include/asm/new_vgic.h +++ b/xen/arch/arm/include/asm/new_vgic.h @@ -186,6 +186,16 @@ struct vgic_cpu { uint32_t num_id_bits; }; +static inline paddr_t vgic_cpu_base(const struct vgic_dist *vgic) +{ + return vgic->vgic_cpu_base; +} + +static inline paddr_t vgic_dist_base(const struct vgic_dist *vgic) +{ + return vgic->vgic_dist_base; +} + #endif /* __ASM_ARM_NEW_VGIC_H */ /* diff --git a/xen/arch/arm/include/asm/vgic.h b/xen/arch/arm/include/asm/vgic.h index ade427a808..d2a9fc7d83 100644 --- a/xen/arch/arm/include/asm/vgic.h +++ b/xen/arch/arm/include/asm/vgic.h @@ -152,6 +152,7 @@ struct vgic_dist { struct pending_irq *pending_irqs; /* Base address for guest GIC */ paddr_t dbase; /* Distributor base address */ + paddr_t cbase; /* CPU interface base address */ #ifdef CONFIG_GICV3 /* GIC V3 addressing */ /* List of contiguous occupied by the redistributors */ @@ -271,6 +272,16 @@ static inline int REG_RANK_NR(int b, uint32_t n) enum gic_sgi_mode; +static inline paddr_t vgic_cpu_base(const struct vgic_dist *vgic) +{ + return vgic->cbase; +} + +static inline paddr_t vgic_dist_base(const struct vgic_dist *vgic) +{ + return vgic->dbase; +} + /* * Offset of GICD_ with its rank, for GICD_ size with * -bits-per-interrupt. diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c index 589c033eda..b1bd7a46ad 100644 --- a/xen/arch/arm/vgic-v2.c +++ b/xen/arch/arm/vgic-v2.c @@ -654,12 +654,16 @@ static int vgic_v2_vcpu_init(struct vcpu *v) static int vgic_v2_domain_init(struct domain *d) { int ret; - paddr_t cbase, csize; + paddr_t csize; paddr_t vbase; /* - * The hardware domain gets the hardware address. - * Guests get the virtual platform layout. + * The hardware domain and direct-mapped domain both get the hardware + * address. + * We have to handle them separately because the hwdom is re-using the + * same Device-Tree as the host (see more details below). + * + * Other domains get the virtual platform layout. */ if ( is_hardware_domain(d) ) { @@ -671,10 +675,26 @@ static int vgic_v2_domain_init(struct domain *d) * Note that we assume the size of the CPU interface is always * aligned to PAGE_SIZE. */ - cbase = vgic_v2_hw.cbase; + d->arch.vgic.cbase = vgic_v2_hw.cbase; csize = vgic_v2_hw.csize; vbase = vgic_v2_hw.vbase; } + else if ( is_domain_direct_mapped(d) ) + { + /* + * For all the direct-mapped domain other than the hardware domain, + * we only map a 8kB CPU interface but we make sure it is at a + * location occupied by the physical GIC in the host device tree. + * + * We need to add an offset to the virtual CPU interface base + * address when the GIC is aliased to get a 8kB contiguous + * region. + */ + d->arch.vgic.dbase = vgic_v2_hw.dbase; + d->arch.vgic.cbase = vgic_v2_hw.cbase; + csize = GUEST_GICC_SIZE; + vbase = vgic_v2_hw.vbase + vgic_v2_hw.aliased_offset; + } else { d->arch.vgic.dbase = GUEST_GICD_BASE; @@ -685,7 +705,7 @@ static int vgic_v2_domain_init(struct domain *d) * region. */ BUILD_BUG_ON(GUEST_GICC_SIZE != SZ_8K); - cbase = GUEST_GICC_BASE; + d->arch.vgic.cbase = GUEST_GICC_BASE; csize = GUEST_GICC_SIZE; vbase = vgic_v2_hw.vbase + vgic_v2_hw.aliased_offset; } @@ -694,8 +714,8 @@ static int vgic_v2_domain_init(struct domain *d) * Map the gic virtual cpu interface in the gic cpu interface * region of the guest. */ - ret = map_mmio_regions(d, gaddr_to_gfn(cbase), csize / PAGE_SIZE, - maddr_to_mfn(vbase)); + ret = map_mmio_regions(d, gaddr_to_gfn(d->arch.vgic.cbase), + csize / PAGE_SIZE, maddr_to_mfn(vbase)); if ( ret ) return ret; diff --git a/xen/arch/arm/vgic/vgic-v2.c b/xen/arch/arm/vgic/vgic-v2.c index b5ba4ace87..1a99d3a8b4 100644 --- a/xen/arch/arm/vgic/vgic-v2.c +++ b/xen/arch/arm/vgic/vgic-v2.c @@ -258,13 +258,17 @@ void vgic_v2_enable(struct vcpu *vcpu) int vgic_v2_map_resources(struct domain *d) { struct vgic_dist *dist = &d->arch.vgic; - paddr_t cbase, csize; + paddr_t csize; paddr_t vbase; int ret; /* - * The hardware domain gets the hardware address. - * Guests get the virtual platform layout. + * The hardware domain and direct-mapped domain both get the hardware + * address. + * We have to handle them separately because the hwdom is re-using the + * same Device-Tree as the host (see more details below). + * + * Other domains get the virtual platform layout. */ if ( is_hardware_domain(d) ) { @@ -276,10 +280,26 @@ int vgic_v2_map_resources(struct domain *d) * Note that we assume the size of the CPU interface is always * aligned to PAGE_SIZE. */ - cbase = gic_v2_hw_data.cbase; + d->arch.vgic.vgic_cpu_base = gic_v2_hw_data.cbase; csize = gic_v2_hw_data.csize; vbase = gic_v2_hw_data.vbase; } + else if ( is_domain_direct_mapped(d) ) + { + d->arch.vgic.vgic_dist_base = gic_v2_hw_data.dbase; + /* + * For all the direct-mapped domain other than the hardware domain, + * we only map a 8kB CPU interface but we make sure it is at a location + * occupied by the physical GIC in the host device tree. + * + * We need to add an offset to the virtual CPU interface base + * address when the GIC is aliased to get a 8kB contiguous + * region. + */ + d->arch.vgic.vgic_cpu_base = gic_v2_hw_data.cbase; + csize = GUEST_GICC_SIZE; + vbase = gic_v2_hw_data.vbase + gic_v2_hw_data.aliased_offset; + } else { d->arch.vgic.vgic_dist_base = GUEST_GICD_BASE; @@ -290,7 +310,7 @@ int vgic_v2_map_resources(struct domain *d) * region. */ BUILD_BUG_ON(GUEST_GICC_SIZE != SZ_8K); - cbase = GUEST_GICC_BASE; + d->arch.vgic.vgic_cpu_base = GUEST_GICC_BASE; csize = GUEST_GICC_SIZE; vbase = gic_v2_hw_data.vbase + gic_v2_hw_data.aliased_offset; } @@ -308,8 +328,8 @@ int vgic_v2_map_resources(struct domain *d) * Map the gic virtual cpu interface in the gic cpu interface * region of the guest. */ - ret = map_mmio_regions(d, gaddr_to_gfn(cbase), csize / PAGE_SIZE, - maddr_to_mfn(vbase)); + ret = map_mmio_regions(d, gaddr_to_gfn(d->arch.vgic.vgic_cpu_base), + csize / PAGE_SIZE, maddr_to_mfn(vbase)); if ( ret ) { gdprintk(XENLOG_ERR, "Unable to remap VGIC CPU to VCPU\n"); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:12:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:12:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275282.471083 (Exim 4.92) (envelope-from ) id 1nL0FJ-0002sY-Ut; Fri, 18 Feb 2022 10:12:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275282.471083; Fri, 18 Feb 2022 10:12:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FJ-0002sQ-Rc; Fri, 18 Feb 2022 10:12:13 +0000 Received: by outflank-mailman (input) for mailman id 275282; Fri, 18 Feb 2022 10:12:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FI-0002sG-AJ for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FI-0006z0-9W for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0FI-00089o-8N for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=atgAZOPfJjttQza5dIFOsaza/PsPnRKS8U1bQXcQHQk=; b=Jhmvo5nBCiihrCLSLdPEj8M9Z6 ZYRtq1AL8Ya2WSq/SKvxFJmMD5X7LomzKoBu+ptRzicu31X1ZNbkNfSgIXupuvT6UKzH03SJWWzIZ MGZsxENteEgxt7SzI9S43Fz2nGzHFipTzQFyT0dE5DC3M3YHOEAJo2uTL5qpUpwsDOYU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: gate make_gicv3_domU_node with CONFIG_GICV3 Message-Id: Date: Fri, 18 Feb 2022 10:12:12 +0000 commit ba417313232b1ca4384a4d1f74dc1c1312dac70e Author: Penny Zheng AuthorDate: Mon Feb 14 03:19:53 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: gate make_gicv3_domU_node with CONFIG_GICV3 This commit gates function make_gicv3_domU_node with CONFIG_GICV3. Signed-off-by: Penny Zheng Acked-by: Stefano Stabellini Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 87391adde6..a01dc60b55 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2322,6 +2322,7 @@ static int __init make_gicv2_domU_node(struct kernel_info *kinfo) return res; } +#ifdef CONFIG_GICV3 static int __init make_gicv3_domU_node(struct kernel_info *kinfo) { void *fdt = kinfo->fdt; @@ -2371,13 +2372,16 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) return res; } +#endif static int __init make_gic_domU_node(struct kernel_info *kinfo) { switch ( kinfo->d->arch.vgic.version ) { +#ifdef CONFIG_GICV3 case GIC_V3: return make_gicv3_domU_node(kinfo); +#endif case GIC_V2: return make_gicv2_domU_node(kinfo); default: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:12:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:12:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275286.471098 (Exim 4.92) (envelope-from ) id 1nL0FU-0003DC-8j; Fri, 18 Feb 2022 10:12:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275286.471098; Fri, 18 Feb 2022 10:12:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FU-0003D4-5a; Fri, 18 Feb 2022 10:12:24 +0000 Received: by outflank-mailman (input) for mailman id 275286; Fri, 18 Feb 2022 10:12:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FS-0003Br-Dv for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0FS-0006zF-D1 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0FS-0008Ak-CD for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I6VU9z85qpYg4SMepwiz6aA1CbjUTgJbQcTbAphrpqE=; b=gBhQRyPtfRHixwWzSWVLz1hVjm /ARyrlgotTPrbaOoktd5hvqxPSPpyaONdJGFSrf14DaBUYwoPfphw1DZZ6zlN69ykVpd1mq60hKKR FHPlDNZEEDq06n3BYh++lM6Ms2d4OpPeDoALscIRroerSAhSC1IVPuROjDY+fQ03FCJU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: if direct-map domain use native addresses for GICv3 Message-Id: Date: Fri, 18 Feb 2022 10:12:22 +0000 commit 4809f9ec7d71bdf6fb9e952ac5730f5592c30ec7 Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:54 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native addresses for GICv3 Today we use native addresses to map the GICv3 for Dom0 and fixed addresses for DomUs. This patch changes the behavior so that native addresses are used for all domain which is using the host memory layout Considering that DOM0 may not always be directly mapped in the future, this patch introduces a new helper "domain_use_host_layout()" that wraps both two check "is_domain_direct_mapped(d) || is_hardware_domain(d)" for more flexible usage. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 34 ++++++++++++++++++++++++++-------- xen/arch/arm/include/asm/domain.h | 14 ++++++++++++++ xen/arch/arm/vgic-v3.c | 30 ++++++++++++++++-------------- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index a01dc60b55..cff2cb93cc 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2327,10 +2327,16 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) { void *fdt = kinfo->fdt; int res = 0; - __be32 reg[(GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * 2]; - __be32 *cells; + __be32 *reg, *cells; + const struct domain *d = kinfo->d; + /* Placeholder for interrupt-controller@ + a 64-bit number + \0 */ + char buf[38]; + unsigned int i, len = 0; + + snprintf(buf, sizeof(buf), "interrupt-controller@%"PRIx64, + vgic_dist_base(&d->arch.vgic)); - res = fdt_begin_node(fdt, "interrupt-controller@"__stringify(GUEST_GICV3_GICD_BASE)); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2350,13 +2356,25 @@ static int __init make_gicv3_domU_node(struct kernel_info *kinfo) if ( res ) return res; - cells = ®[0]; - dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICV3_GICD_BASE, GUEST_GICV3_GICD_SIZE); + /* reg specifies all re-distributors and Distributor. */ + len = (GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS) * + (d->arch.vgic.nr_regions + 1) * sizeof(__be32); + reg = xmalloc_bytes(len); + if ( reg == NULL ) + return -ENOMEM; + cells = reg; + dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, - GUEST_GICV3_GICR0_BASE, GUEST_GICV3_GICR0_SIZE); + vgic_dist_base(&d->arch.vgic), GUEST_GICV3_GICD_SIZE); - res = fdt_property(fdt, "reg", reg, sizeof(reg)); + for ( i = 0; i < d->arch.vgic.nr_regions; i++ ) + dt_child_set_range(&cells, + GUEST_ROOT_ADDRESS_CELLS, GUEST_ROOT_SIZE_CELLS, + d->arch.vgic.rdist_regions[i].base, + d->arch.vgic.rdist_regions[i].size); + + res = fdt_property(fdt, "reg", reg, len); + xfree(reg); if (res) return res; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index aabe942cde..c56f6e4398 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -31,6 +31,20 @@ enum domain_type { #define is_domain_direct_mapped(d) (d)->arch.directmap +/* + * Is the domain using the host memory layout? + * + * Direct-mapped domain will always have the RAM mapped with GFN == MFN. + * To avoid any trouble finding space, it is easier to force using the + * host memory layout. + * + * The hardware domain will use the host layout regardless of + * direct-mapped because some OS may rely on a specific address ranges + * for the devices. + */ +#define domain_use_host_layout(d) (is_domain_direct_mapped(d) || \ + is_hardware_domain(d)) + struct vtimer { struct vcpu *v; int irq; diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 65bb7991a6..e4ba9a6476 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -1640,14 +1640,15 @@ static inline unsigned int vgic_v3_max_rdist_count(struct domain *d) * Normally there is only one GICv3 redistributor region. * The GICv3 DT binding provisions for multiple regions, since there are * platforms out there which need those (multi-socket systems). - * For Dom0 we have to live with the MMIO layout the hardware provides, - * so we have to copy the multiple regions - as the first region may not - * provide enough space to hold all redistributors we need. - * However DomU get a constructed memory map, so we can go with - * the architected single redistributor region. + * For domain using the host memory layout, we have to live with the MMIO + * layout the hardware provides, so we have to copy the multiple regions + * - as the first region may not provide enough space to hold all + * redistributors we need. + * All the other domains will get a constructed memory map, so we can go + * with the architected single redistributor region. */ - return is_hardware_domain(d) ? vgic_v3_hw.nr_rdist_regions : - GUEST_GICV3_RDIST_REGIONS; + return domain_use_host_layout(d) ? vgic_v3_hw.nr_rdist_regions : + GUEST_GICV3_RDIST_REGIONS; } static int vgic_v3_domain_init(struct domain *d) @@ -1669,10 +1670,11 @@ static int vgic_v3_domain_init(struct domain *d) radix_tree_init(&d->arch.vgic.pend_lpi_tree); /* - * Domain 0 gets the hardware address. - * Guests get the virtual platform layout. + * For domain using the host memory layout, it gets the hardware + * address. + * Other domains get the virtual platform layout. */ - if ( is_hardware_domain(d) ) + if ( domain_use_host_layout(d) ) { unsigned int first_cpu = 0; @@ -1695,10 +1697,10 @@ static int vgic_v3_domain_init(struct domain *d) } /* - * The hardware domain may not use all the re-distributors - * regions (e.g when the number of vCPUs does not match the - * number of pCPUs). Update the number of regions to avoid - * exposing unused region as they will not get emulated. + * For domain using the host memory layout, it may not use all + * the re-distributors regions (e.g when the number of vCPUs does + * not match the number of pCPUs). Update the number of regions to + * avoid exposing unused region as they will not get emulated. */ d->arch.vgic.nr_regions = i + 1; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:12:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:12:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275291.471101 (Exim 4.92) (envelope-from ) id 1nL0Fe-0003Jj-Aj; Fri, 18 Feb 2022 10:12:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275291.471101; Fri, 18 Feb 2022 10:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fe-0003Jd-7n; Fri, 18 Feb 2022 10:12:34 +0000 Received: by outflank-mailman (input) for mailman id 275291; Fri, 18 Feb 2022 10:12:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fc-0003Im-I7 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fc-0006zf-HN for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0Fc-0008Bi-FO for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IP3ghl2RJZSEEx0vHlIMEHUIkNTYudsgiHVT0Svq+Dc=; b=IH1dliyC9LXhlIHYx+Fb9uiHLn jLl1Ai4oR6+X2hIb5Gvqea4Gog6T/yOSm4YhmTGhfx+vDObR6+/mRR/MRzTBJtvk0iitXuTosHe6u KQ2mMTWzhwRjA94FNw8UdcM7pH1P0T3RIpQ4t3AV3NYTEtniYCONjxYLkocLquEbBwt4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: if direct-map domain use native UART address and IRQ number for vPL011 Message-Id: Date: Fri, 18 Feb 2022 10:12:32 +0000 commit 3580c8b2dfc35d70b436430cbb14f72c64c2855a Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:55 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/arm: if direct-map domain use native UART address and IRQ number for vPL011 We always use a fix address to map the vPL011 to domains. The address could be a problem for direct-map domains. So, for domains that are directly mapped, reuse the address of the physical UART on the platform to avoid potential clashes. Do the same for the virtual IRQ number: instead of always using GUEST_VPL011_SPI, try to reuse the physical SPI number if possible. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Reviewed-by: Julien Grall Tested-by: Stefano Stabellini --- xen/arch/arm/domain_build.c | 44 +++++++++++++++++++++++----- xen/arch/arm/include/asm/vpl011.h | 2 ++ xen/arch/arm/vpl011.c | 60 ++++++++++++++++++++++++++++++++++----- 3 files changed, 92 insertions(+), 14 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index cff2cb93cc..8be01678de 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -30,6 +30,7 @@ #include #include +#include static unsigned int __initdata opt_dom0_max_vcpus; integer_param("dom0_max_vcpus", opt_dom0_max_vcpus); @@ -2415,8 +2416,12 @@ static int __init make_vpl011_uart_node(struct kernel_info *kinfo) gic_interrupt_t intr; __be32 reg[GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS]; __be32 *cells; + struct domain *d = kinfo->d; + /* Placeholder for sbsa-uart@ + a 64-bit number + \0 */ + char buf[27]; - res = fdt_begin_node(fdt, "sbsa-uart@"__stringify(GUEST_PL011_BASE)); + snprintf(buf, sizeof(buf), "sbsa-uart@%"PRIx64, d->arch.vpl011.base_addr); + res = fdt_begin_node(fdt, buf); if ( res ) return res; @@ -2426,14 +2431,14 @@ static int __init make_vpl011_uart_node(struct kernel_info *kinfo) cells = ®[0]; dt_child_set_range(&cells, GUEST_ROOT_ADDRESS_CELLS, - GUEST_ROOT_SIZE_CELLS, GUEST_PL011_BASE, + GUEST_ROOT_SIZE_CELLS, d->arch.vpl011.base_addr, GUEST_PL011_SIZE); res = fdt_property(fdt, "reg", reg, sizeof(reg)); if ( res ) return res; - set_interrupt(intr, GUEST_VPL011_SPI, 0xf, DT_IRQ_TYPE_LEVEL_HIGH); + set_interrupt(intr, d->arch.vpl011.virq, 0xf, DT_IRQ_TYPE_LEVEL_HIGH); res = fdt_property(fdt, "interrupts", intr, sizeof (intr)); if ( res ) @@ -3145,6 +3150,14 @@ static int __init construct_domU(struct domain *d, else assign_static_memory_11(d, &kinfo, node); + /* + * Base address and irq number are needed when creating vpl011 device + * tree node in prepare_dtb_domU, so initialization on related variables + * shall be done first. + */ + if ( kinfo.vpl011 ) + rc = domain_vpl011_init(d, NULL); + rc = prepare_dtb_domU(d, &kinfo); if ( rc < 0 ) return rc; @@ -3153,9 +3166,6 @@ static int __init construct_domU(struct domain *d, if ( rc < 0 ) return rc; - if ( kinfo.vpl011 ) - rc = domain_vpl011_init(d, NULL); - return rc; } @@ -3200,15 +3210,35 @@ void __init create_domUs(void) if ( !dt_property_read_u32(node, "nr_spis", &d_cfg.arch.nr_spis) ) { + unsigned int vpl011_virq = GUEST_VPL011_SPI; + d_cfg.arch.nr_spis = gic_number_lines() - 32; + /* + * The VPL011 virq is GUEST_VPL011_SPI, unless direct-map is + * set, in which case it'll match the hardware. + * + * Since the domain is not yet created, we can't use + * d->arch.vpl011.irq. So the logic to find the vIRQ has to + * be hardcoded. + * The logic here shall be consistent with the one in + * domain_vpl011_init(). + */ + if ( flags & CDF_directmap ) + { + vpl011_virq = serial_irq(SERHND_DTUART); + if ( vpl011_virq < 0 ) + panic("Error getting IRQ number for this serial port %d\n", + SERHND_DTUART); + } + /* * vpl011 uses one emulated SPI. If vpl011 is requested, make * sure that we allocate enough SPIs for it. */ if ( dt_property_read_bool(node, "vpl011") ) d_cfg.arch.nr_spis = MAX(d_cfg.arch.nr_spis, - GUEST_VPL011_SPI - 32 + 1); + vpl011_virq - 32 + 1); } /* diff --git a/xen/arch/arm/include/asm/vpl011.h b/xen/arch/arm/include/asm/vpl011.h index e6c7ab7381..c09abcd7a9 100644 --- a/xen/arch/arm/include/asm/vpl011.h +++ b/xen/arch/arm/include/asm/vpl011.h @@ -53,6 +53,8 @@ struct vpl011 { uint32_t uarticr; /* Interrupt clear register */ uint32_t uartris; /* Raw interrupt status register */ uint32_t shadow_uartmis; /* shadow masked interrupt register */ + paddr_t base_addr; + unsigned int virq; spinlock_t lock; evtchn_port_t evtchn; }; diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c index 895f436cc4..43522d48fd 100644 --- a/xen/arch/arm/vpl011.c +++ b/xen/arch/arm/vpl011.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -71,11 +72,11 @@ static void vpl011_update_interrupt_status(struct domain *d) * status bit has been set since the last time. */ if ( uartmis & ~vpl011->shadow_uartmis ) - vgic_inject_irq(d, NULL, GUEST_VPL011_SPI, true); + vgic_inject_irq(d, NULL, vpl011->virq, true); vpl011->shadow_uartmis = uartmis; #else - vgic_inject_irq(d, NULL, GUEST_VPL011_SPI, uartmis); + vgic_inject_irq(d, NULL, vpl011->virq, uartmis); #endif } @@ -347,7 +348,8 @@ static int vpl011_mmio_read(struct vcpu *v, void *priv) { struct hsr_dabt dabt = info->dabt; - uint32_t vpl011_reg = (uint32_t)(info->gpa - GUEST_PL011_BASE); + uint32_t vpl011_reg = (uint32_t)(info->gpa - + v->domain->arch.vpl011.base_addr); struct vpl011 *vpl011 = &v->domain->arch.vpl011; struct domain *d = v->domain; unsigned long flags; @@ -430,7 +432,8 @@ static int vpl011_mmio_write(struct vcpu *v, void *priv) { struct hsr_dabt dabt = info->dabt; - uint32_t vpl011_reg = (uint32_t)(info->gpa - GUEST_PL011_BASE); + uint32_t vpl011_reg = (uint32_t)(info->gpa - + v->domain->arch.vpl011.base_addr); struct vpl011 *vpl011 = &v->domain->arch.vpl011; struct domain *d = v->domain; unsigned long flags; @@ -626,6 +629,49 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) if ( vpl011->backend.dom.ring_buf ) return -EINVAL; + /* + * The VPL011 virq is GUEST_VPL011_SPI, except for direct-map domains + * where the hardware value shall be used. + * The logic here should stay in sync with the one in + * create_domUs(). + */ + if ( is_domain_direct_mapped(d) ) + { + const struct vuart_info *uart = serial_vuart_info(SERHND_DTUART); + int vpl011_irq = serial_irq(SERHND_DTUART); + + if ( (uart != NULL) && (vpl011_irq > 0) ) + { + vpl011->base_addr = uart->base_addr; + vpl011->virq = vpl011_irq; + } + else + { + printk(XENLOG_ERR + "vpl011: Unable to re-use the Xen UART information.\n"); + return -EINVAL; + } + + /* + * Since the PL011 we emulate for the guest requires a 4KB region, + * and on some Hardware (e.g. on some sunxi SoC), the UART MMIO + * region is less than 4KB, in which case, there may exist multiple + * devices within the same 4KB region, here adds the following check to + * prevent potential known pitfalls + */ + if ( uart->size < GUEST_PL011_SIZE ) + { + printk(XENLOG_ERR + "vpl011: Can't re-use the Xen UART MMIO region as it is too small.\n"); + return -EINVAL; + } + } + else + { + vpl011->base_addr = GUEST_PL011_BASE; + vpl011->virq = GUEST_VPL011_SPI; + } + /* * info is NULL when the backend is in Xen. * info is != NULL when the backend is in a domain. @@ -661,7 +707,7 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) } } - rc = vgic_reserve_virq(d, GUEST_VPL011_SPI); + rc = vgic_reserve_virq(d, vpl011->virq); if ( !rc ) { rc = -EINVAL; @@ -673,12 +719,12 @@ int domain_vpl011_init(struct domain *d, struct vpl011_init_info *info) spin_lock_init(&vpl011->lock); register_mmio_handler(d, &vpl011_mmio_handler, - GUEST_PL011_BASE, GUEST_PL011_SIZE, NULL); + vpl011->base_addr, GUEST_PL011_SIZE, NULL); return 0; out2: - vgic_free_virq(d, GUEST_VPL011_SPI); + vgic_free_virq(d, vpl011->virq); out1: if ( vpl011->backend_in_domain ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 10:12:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 10:12:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275293.471105 (Exim 4.92) (envelope-from ) id 1nL0Fo-0003TW-CG; Fri, 18 Feb 2022 10:12:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275293.471105; Fri, 18 Feb 2022 10:12:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fo-0003TP-9Q; Fri, 18 Feb 2022 10:12:44 +0000 Received: by outflank-mailman (input) for mailman id 275293; Fri, 18 Feb 2022 10:12:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fm-0003Rg-LM for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL0Fm-0006zq-KY for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL0Fm-0008CR-JV for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 10:12:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zzfxsl8X4zf/ggKd7MzcXqGLfnIu2AuHsEJL2TDXayc=; b=3SfQuUSQDYEj0N10p3puSDNDmq Zk/fE6O4V6xFnwbDn6it38kgEQ628FaYf1PJ1ApPj8WWPu5nZP+oyUkCkkTW2rNrAs064LWjIpOQL qrThi7ooH8/yQuS9y7wOXmxZTiPJjRDz2R8HAbd/Q6TE79Z0gFn+LKCXn+7roacrTVWE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/docs: Document how to do passthrough without IOMMU Message-Id: Date: Fri, 18 Feb 2022 10:12:42 +0000 commit 4ec51e87804bd9aad0d0b8e5dadb987b54c5adeb Author: Stefano Stabellini AuthorDate: Mon Feb 14 03:19:56 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 17 19:43:02 2022 +0000 xen/docs: Document how to do passthrough without IOMMU This commit creates a new doc to document how to do passthrough without IOMMU. Signed-off-by: Stefano Stabellini Signed-off-by: Penny Zheng Acked-by: Julien Grall Tested-by: Stefano Stabellini --- docs/misc/arm/passthrough-noiommu.txt | 52 +++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/docs/misc/arm/passthrough-noiommu.txt b/docs/misc/arm/passthrough-noiommu.txt new file mode 100644 index 0000000000..3e2ef21ad7 --- /dev/null +++ b/docs/misc/arm/passthrough-noiommu.txt @@ -0,0 +1,52 @@ +Request Device Assignment without IOMMU support +=============================================== + +*WARNING: +Users should be aware that it is not always secure to assign a device without +IOMMU protection. +When the device is not protected by the IOMMU, the administrator should make +sure that: + 1. The device is assigned to a trusted guest. + 2. Users have additional security mechanism on the platform. + +This document assumes that the IOMMU is absent from the system or it is +disabled (status = "disabled" in device tree). + +Add xen,force-assign-without-iommu; to the device tree snippet: + +ethernet: ethernet@ff0e0000 { + compatible = "cdns,zynqmp-gem"; + xen,path = "/amba/ethernet@ff0e0000"; + xen,reg = <0x0 0xff0e0000 0x1000 0x0 0xff0e0000>; + xen,force-assign-without-iommu; +}; + +Request 1:1 memory mapping for the domain on static allocation +============================================================== + +Add a direct-map property under the appropriate /chosen/domU node which +is also statically allocated with physical memory ranges through +xen,static-mem property as its guest RAM. + +Below is an example on how to specify the 1:1 memory mapping for the domain +on static allocation in the device-tree: + +/ { + chosen { + domU1 { + compatible = "xen,domain"; + #address-cells = <0x2>; + #size-cells = <0x2>; + cpus = <2>; + memory = <0x0 0x80000>; + #xen,static-mem-address-cells = <0x1>; + #xen,static-mem-size-cells = <0x1>; + xen,static-mem = <0x30000000 0x20000000>; + direct-map; + ... + }; + }; +}; + +Besides reserving a 512MB region starting at the host physical address +0x30000000 to DomU1, it also requests 1:1 memory mapping. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275409.471253 (Exim 4.92) (envelope-from ) id 1nL3D3-0003I9-Qn; Fri, 18 Feb 2022 13:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275409.471253; Fri, 18 Feb 2022 13:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3D3-0003I1-Nt; Fri, 18 Feb 2022 13:22:05 +0000 Received: by outflank-mailman (input) for mailman id 275409; Fri, 18 Feb 2022 13:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3D2-0003Hv-60 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3D2-000231-4x for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3D2-0006f7-41 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iD9DuILVJFwxX4EanANNiZp9NwXY5UfOZwwd6U29C88=; b=Cxognzqjua2s1xsj0a8uoLKgLr R5EityFG5XXoFlHh9EZ4tp0kPcNK1+CfXA3mNYjsQu6Ax4o5pJF4N/E/DXv0OjgTRJXXhXTY0U0Jg se9Xn846K8BeRVcR7qODOHf8RFE8tt3JiEiKcZiPQJpwICBY+z+EY9u0UYGDXgcsD/vg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d / x86: re-arrange cache syncing Message-Id: Date: Fri, 18 Feb 2022 13:22:04 +0000 commit 3330013e6739661fd21a518b7e85be2ebe08c354 Author: Jan Beulich AuthorDate: Fri Feb 18 14:18:01 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:18:01 2022 +0100 VT-d / x86: re-arrange cache syncing The actual function should always have lived in core x86 code; move it there, replacing get_cache_line_size() by readily available (except very early during boot; see the code comment) data. Also rename the function. Drop the respective IOMMU hook, (re)introducing a respective boolean instead. Replace a true and an almost open-coding instance of iommu_sync_cache(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/arch/x86/flushtlb.c | 52 ++++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/cache.h | 6 ++++ xen/arch/x86/include/asm/iommu.h | 14 +++++---- xen/drivers/passthrough/vtd/extern.h | 1 - xen/drivers/passthrough/vtd/iommu.c | 53 ++--------------------------------- xen/drivers/passthrough/vtd/x86/vtd.c | 5 ---- xen/drivers/passthrough/x86/iommu.c | 4 +-- xen/include/xen/iommu.h | 1 - 8 files changed, 70 insertions(+), 66 deletions(-) diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c index 25798df50f..735ce00316 100644 --- a/xen/arch/x86/flushtlb.c +++ b/xen/arch/x86/flushtlb.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -265,6 +266,57 @@ unsigned int flush_area_local(const void *va, unsigned int flags) return flags; } +void cache_writeback(const void *addr, unsigned int size) +{ + /* + * This function may be called before current_cpu_data is established. + * Hence a fallback is needed to prevent the loop below becoming infinite. + */ + unsigned int clflush_size = current_cpu_data.x86_clflush_size ?: 16; + const void *end = addr + size; + + addr -= (unsigned long)addr & (clflush_size - 1); + for ( ; addr < end; addr += clflush_size ) + { +/* + * The arguments to a macro must not include preprocessor directives. Doing so + * results in undefined behavior, so we have to create some defines here in + * order to avoid it. + */ +#if defined(HAVE_AS_CLWB) +# define CLWB_ENCODING "clwb %[p]" +#elif defined(HAVE_AS_XSAVEOPT) +# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ +#else +# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ +#endif + +#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) +#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) +# define INPUT BASE_INPUT +#else +# define INPUT(addr) "a" (addr), BASE_INPUT(addr) +#endif + /* + * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush + * + prefix than a clflush + nop, and hence the prefix is added instead + * of letting the alternative framework fill the gap by appending nops. + */ + alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", + "data16 clflush %[p]", /* clflushopt */ + X86_FEATURE_CLFLUSHOPT, + CLWB_ENCODING, + X86_FEATURE_CLWB, /* no outputs */, + INPUT(addr)); +#undef INPUT +#undef BASE_INPUT +#undef CLWB_ENCODING + } + + alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, + "sfence", X86_FEATURE_CLWB); +} + unsigned int guest_flush_tlb_flags(const struct domain *d) { bool shadow = paging_mode_shadow(d); diff --git a/xen/arch/x86/include/asm/cache.h b/xen/arch/x86/include/asm/cache.h index 1f7173d8c7..424dc5b7b9 100644 --- a/xen/arch/x86/include/asm/cache.h +++ b/xen/arch/x86/include/asm/cache.h @@ -11,4 +11,10 @@ #define __read_mostly __section(".data.read_mostly") +#ifndef __ASSEMBLY__ + +void cache_writeback(const void *addr, unsigned int size); + +#endif + #endif diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index de46149b40..8a96ba1f09 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -134,12 +135,13 @@ extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, const uint8_t gvec); -#define iommu_sync_cache(addr, size) ({ \ - const struct iommu_ops *ops = iommu_get_ops(); \ - \ - if ( ops->sync_cache ) \ - iommu_vcall(ops, sync_cache, addr, size); \ -}) +extern bool iommu_non_coherent; + +static inline void iommu_sync_cache(const void *addr, unsigned int size) +{ + if ( iommu_non_coherent ) + cache_writeback(addr, size); +} int __must_check iommu_free_pgtables(struct domain *d); struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f97883a780..5e9cc935c4 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -78,7 +78,6 @@ int __must_check qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, u16 did, u16 size, u64 addr); -unsigned int get_cache_line_size(void); void flush_all_cache(void); uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 34ea5f485d..698b09d070 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -240,54 +240,6 @@ domid_t did_to_domain_id(const struct vtd_iommu *iommu, unsigned int did) return iommu->domid_map[did]; } -static void sync_cache(const void *addr, unsigned int size) -{ - static unsigned long clflush_size = 0; - const void *end = addr + size; - - if ( clflush_size == 0 ) - clflush_size = get_cache_line_size(); - - addr -= (unsigned long)addr & (clflush_size - 1); - for ( ; addr < end; addr += clflush_size ) -/* - * The arguments to a macro must not include preprocessor directives. Doing so - * results in undefined behavior, so we have to create some defines here in - * order to avoid it. - */ -#if defined(HAVE_AS_CLWB) -# define CLWB_ENCODING "clwb %[p]" -#elif defined(HAVE_AS_XSAVEOPT) -# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ -#else -# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ -#endif - -#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) -#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) -# define INPUT BASE_INPUT -#else -# define INPUT(addr) "a" (addr), BASE_INPUT(addr) -#endif - /* - * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush - * + prefix than a clflush + nop, and hence the prefix is added instead - * of letting the alternative framework fill the gap by appending nops. - */ - alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", - "data16 clflush %[p]", /* clflushopt */ - X86_FEATURE_CLFLUSHOPT, - CLWB_ENCODING, - X86_FEATURE_CLWB, /* no outputs */, - INPUT(addr)); -#undef INPUT -#undef BASE_INPUT -#undef CLWB_ENCODING - - alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, - "sfence", X86_FEATURE_CLWB); -} - /* Allocate page table, return its machine address */ uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node) { @@ -306,8 +258,7 @@ uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node) clear_page(vaddr); - if ( (iommu_ops.init ? &iommu_ops : &vtd_ops)->sync_cache ) - sync_cache(vaddr, PAGE_SIZE); + iommu_sync_cache(vaddr, PAGE_SIZE); unmap_domain_page(vaddr); cur_pg++; } @@ -1327,7 +1278,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) iommu->nr_pt_levels = agaw_to_level(agaw); if ( !ecap_coherent(iommu->ecap) ) - vtd_ops.sync_cache = sync_cache; + iommu_non_coherent = true; nr_dom = cap_ndoms(iommu->cap); diff --git a/xen/drivers/passthrough/vtd/x86/vtd.c b/xen/drivers/passthrough/vtd/x86/vtd.c index 6681dccd69..55f0faa521 100644 --- a/xen/drivers/passthrough/vtd/x86/vtd.c +++ b/xen/drivers/passthrough/vtd/x86/vtd.c @@ -47,11 +47,6 @@ void unmap_vtd_domain_page(const void *va) unmap_domain_page(va); } -unsigned int get_cache_line_size(void) -{ - return ((cpuid_ebx(1) >> 8) & 0xff) * 8; -} - void flush_all_cache() { wbinvd(); diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 583abed9bd..ad5f44e13d 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -28,6 +28,7 @@ const struct iommu_init_ops *__initdata iommu_init_ops; struct iommu_ops __read_mostly iommu_ops; +bool __read_mostly iommu_non_coherent; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -438,8 +439,7 @@ struct page_info *iommu_alloc_pgtable(struct domain *d) p = __map_domain_page(pg); clear_page(p); - if ( hd->platform_ops->sync_cache ) - iommu_vcall(hd->platform_ops, sync_cache, p, PAGE_SIZE); + iommu_sync_cache(p, PAGE_SIZE); unmap_domain_page(p); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 6b2cdffa4a..b18e7760a2 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -268,7 +268,6 @@ struct iommu_ops { int (*setup_hpet_msi)(struct msi_desc *); int (*adjust_irq_affinities)(void); - void (*sync_cache)(const void *addr, unsigned int size); void (*clear_root_pgtable)(struct domain *d); int (*update_ire_from_msi)(struct msi_desc *msi_desc, struct msi_msg *msg); #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275410.471257 (Exim 4.92) (envelope-from ) id 1nL3DD-0003KX-SN; Fri, 18 Feb 2022 13:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275410.471257; Fri, 18 Feb 2022 13:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DD-0003KP-PT; Fri, 18 Feb 2022 13:22:15 +0000 Received: by outflank-mailman (input) for mailman id 275410; Fri, 18 Feb 2022 13:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DC-0003KF-91 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DC-000236-8D for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3DC-0006fm-79 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4asMniFLth+eZqPD7S0co5JxgSKJVLsNMWWCww9aNSA=; b=Ne0z0i0fNszN/2QKH9Fp4BUFp0 A9ZCtSZK3jV96x2ZM9tM2WuYf6eWH0VoweuztWb6W5AJBNqABGXGmVEJafFu/JUVSw84y83YK/8N3 ANBBDibYjfnDaydc8UdzlxK+STBwkbT5GGymnIXLoAM2JSFy6Nj00q2Z3/9zPSSP+6A0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VT-d: replace flush_all_cache() Message-Id: Date: Fri, 18 Feb 2022 13:22:14 +0000 commit 89d5b779a854068a3194170b505f5e1f418ec082 Author: Jan Beulich AuthorDate: Fri Feb 18 14:18:51 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:18:51 2022 +0100 VT-d: replace flush_all_cache() Let's use infrastructure we have available instead of an open-coded wbinvd() invocation. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/extern.h | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 ++- xen/drivers/passthrough/vtd/x86/vtd.c | 5 ----- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 5e9cc935c4..52b82f7132 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -78,8 +78,6 @@ int __must_check qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, u16 did, u16 size, u64 addr); -void flush_all_cache(void); - uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node); void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 698b09d070..566b0e2a7e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -623,7 +623,8 @@ static int __must_check iommu_flush_all(void) bool_t flush_dev_iotlb; int rc = 0; - flush_all_cache(); + flush_local(FLUSH_CACHE); + for_each_drhd_unit ( drhd ) { int context_rc, iotlb_rc; diff --git a/xen/drivers/passthrough/vtd/x86/vtd.c b/xen/drivers/passthrough/vtd/x86/vtd.c index 55f0faa521..76f12adc23 100644 --- a/xen/drivers/passthrough/vtd/x86/vtd.c +++ b/xen/drivers/passthrough/vtd/x86/vtd.c @@ -46,8 +46,3 @@ void unmap_vtd_domain_page(const void *va) { unmap_domain_page(va); } - -void flush_all_cache() -{ - wbinvd(); -} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:22:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275411.471261 (Exim 4.92) (envelope-from ) id 1nL3DN-0003Nh-Tr; Fri, 18 Feb 2022 13:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275411.471261; Fri, 18 Feb 2022 13:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DN-0003NZ-Qy; Fri, 18 Feb 2022 13:22:25 +0000 Received: by outflank-mailman (input) for mailman id 275411; Fri, 18 Feb 2022 13:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DM-0003NO-C8 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3DM-00023N-BN for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3DM-0006gX-AU for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0IOEOn8eDM4aO/aPs6kzwXI6wsRx1sg9EqMxLn5wBg8=; b=3i4jR9oXzqXrfdmIO8FKUPpv77 RO5i8PCZ2cpYH0CaOzLT9vHYfqlynFWvp6M46TIxPs49h2betQRWBnDn6W7cf6pzq/HDI2JiTuoZk ztdh9NDzhzEzw5WHg2Smf23G1QWhKtT9YWxUvXGcVa9IyC41cglKB8Qai/O3xtmuMzNc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/PCI: propagate get_device_group_id() failure Message-Id: Date: Fri, 18 Feb 2022 13:22:24 +0000 commit 8518f96f13fb0ac2dd9791014bfb0d1b01f34e4c Author: Jan Beulich AuthorDate: Fri Feb 18 14:19:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:19:42 2022 +0100 IOMMU/PCI: propagate get_device_group_id() failure The VT-d hook can indicate an error, which shouldn't be ignored. Convert the hook's return value to a proper error code, and let that bubble up. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/pci.c | 13 ++++++++++--- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index e8b09d77d8..70b6684981 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1532,6 +1532,8 @@ static int iommu_get_device_group( return 0; group_id = iommu_call(ops, get_device_group_id, seg, bus, devfn); + if ( group_id < 0 ) + return group_id; pcidevs_lock(); for_each_pdev( d, pdev ) @@ -1546,6 +1548,12 @@ static int iommu_get_device_group( continue; sdev_id = iommu_call(ops, get_device_group_id, seg, b, df); + if ( sdev_id < 0 ) + { + pcidevs_unlock(); + return sdev_id; + } + if ( (sdev_id == group_id) && (i < max_sdevs) ) { bdf = (b << 16) | (df << 8); @@ -1553,7 +1561,7 @@ static int iommu_get_device_group( if ( unlikely(copy_to_guest_offset(buf, i, &bdf, 1)) ) { pcidevs_unlock(); - return -1; + return -EFAULT; } i++; } @@ -1621,8 +1629,7 @@ int iommu_do_pci_domctl( ret = iommu_get_device_group(d, seg, bus, devfn, sdevs, max_sdevs); if ( ret < 0 ) { - dprintk(XENLOG_ERR, "iommu_get_device_group() failed!\n"); - ret = -EFAULT; + dprintk(XENLOG_ERR, "iommu_get_device_group() failed: %d\n", ret); domctl->u.get_device_group.num_sdevs = 0; } else diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 566b0e2a7e..0fc818fd27 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2564,10 +2564,11 @@ static int intel_iommu_assign_device( static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) { u8 secbus; + if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 0 ) - return -1; - else - return PCI_BDF2(bus, devfn); + return -ENODEV; + + return PCI_BDF2(bus, devfn); } static int __must_check vtd_suspend(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275469.471342 (Exim 4.92) (envelope-from ) id 1nL3j0-0001z3-4E; Fri, 18 Feb 2022 13:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275469.471342; Fri, 18 Feb 2022 13:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3j0-0001yv-1O; Fri, 18 Feb 2022 13:55:06 +0000 Received: by outflank-mailman (input) for mailman id 275469; Fri, 18 Feb 2022 13:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3iy-0001yp-S1 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3iy-0002eC-RB for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3iy-0000gf-QA for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JB00V90BTilBkG862/Jh0Lj4rC51QCHf0QPONCBQfhg=; b=wi1i+Fks+5c01FsuiyopksUHzk wD4b9ny0nOrclUy3klBJYIHowmT+QI9iGXXHBhOQw4jnUkUN9OgPbmMU1jz4ILhLYN1LiRx7IDdGS T9Gu99lwA68kBKB5k/8N9pC0Ydfqb8u7ah+j6DwRhtJ70pOgt7VW9iaoEH/em3kvYiz0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: introduce ioremap_wc() Message-Id: Date: Fri, 18 Feb 2022 13:55:04 +0000 commit 81d195c6c0e2ee1b706d19dbbb57f73bbf6b81b4 Author: Jan Beulich AuthorDate: Fri Feb 18 14:42:39 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:42:39 2022 +0100 x86: introduce ioremap_wc() In order for a to-be-introduced ERMS form of memcpy() to not regress boot performance on certain systems when video output is active, we first need to arrange for avoiding further dependency on firmware setting up MTRRs in a way we can actually further modify. On many systems, due to the continuously growing amounts of installed memory, MTRRs get configured with at least one huge WB range, and with MMIO ranges below 4Gb then forced to UC via overlapping MTRRs. mtrr_add(), as it is today, can't deal with such a setup. Hence on such systems we presently leave the frame buffer mapped UC, leading to significantly reduced performance when using REP STOSB / REP MOVSB. On post-PentiumII hardware (i.e. any that's capable of running 64-bit code), an effective memory type of WC can be achieved without MTRRs, by simply referencing the respective PAT entry from the PTEs. While this will leave the switch to ERMS forms of memset() and memcpy() with largely unchanged performance, the change here on its own improves performance on affected systems quite significantly: Measuring just the individual affected memcpy() invocations yielded a speedup by a factor of over 250 on my initial (Skylake) test system. memset() isn't getting improved by as much there, but still by a factor of about 20. While adding {__,}PAGE_HYPERVISOR_WC, also add {__,}PAGE_HYPERVISOR_WT to, at the very least, make clear what PTE flags this memory type uses. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/mm.h | 2 ++ xen/arch/x86/include/asm/page.h | 2 ++ xen/arch/x86/include/asm/x86_64/page.h | 4 ++++ xen/arch/x86/mm.c | 14 ++++++++++++++ xen/drivers/video/vesa.c | 7 +++---- xen/drivers/video/vga.c | 6 +++++- 6 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index 9b9de4c6be..bdde24d2ce 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -602,6 +602,8 @@ void destroy_perdomain_mapping(struct domain *, unsigned long va, unsigned int nr); void free_perdomain_mappings(struct domain *); +void __iomem *ioremap_wc(paddr_t, size_t); + extern int memory_add(unsigned long spfn, unsigned long epfn, unsigned int pxm); void domain_set_alloc_bitsize(struct domain *d); diff --git a/xen/arch/x86/include/asm/page.h b/xen/arch/x86/include/asm/page.h index 1d080cffbe..447491cd09 100644 --- a/xen/arch/x86/include/asm/page.h +++ b/xen/arch/x86/include/asm/page.h @@ -349,8 +349,10 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t); #define __PAGE_HYPERVISOR_RX (_PAGE_PRESENT | _PAGE_ACCESSED) #define __PAGE_HYPERVISOR (__PAGE_HYPERVISOR_RX | \ _PAGE_DIRTY | _PAGE_RW) +#define __PAGE_HYPERVISOR_WT (__PAGE_HYPERVISOR | _PAGE_PWT) #define __PAGE_HYPERVISOR_UCMINUS (__PAGE_HYPERVISOR | _PAGE_PCD) #define __PAGE_HYPERVISOR_UC (__PAGE_HYPERVISOR | _PAGE_PCD | _PAGE_PWT) +#define __PAGE_HYPERVISOR_WC (__PAGE_HYPERVISOR | _PAGE_PAT) #define __PAGE_HYPERVISOR_SHSTK (__PAGE_HYPERVISOR_RO | _PAGE_DIRTY) #define MAP_SMALL_PAGES _PAGE_AVAIL0 /* don't use superpages mappings */ diff --git a/xen/arch/x86/include/asm/x86_64/page.h b/xen/arch/x86/include/asm/x86_64/page.h index cb1db107c4..26bdb4b19b 100644 --- a/xen/arch/x86/include/asm/x86_64/page.h +++ b/xen/arch/x86/include/asm/x86_64/page.h @@ -152,6 +152,10 @@ static inline intpte_t put_pte_flags(unsigned int x) _PAGE_GLOBAL | _PAGE_NX) #define PAGE_HYPERVISOR_UC (__PAGE_HYPERVISOR_UC | \ _PAGE_GLOBAL | _PAGE_NX) +#define PAGE_HYPERVISOR_WC (__PAGE_HYPERVISOR_WC | \ + _PAGE_GLOBAL | _PAGE_NX) +#define PAGE_HYPERVISOR_WT (__PAGE_HYPERVISOR_WT | \ + _PAGE_GLOBAL | _PAGE_NX) #endif /* __X86_64_PAGE_H__ */ diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b80e4ab9c5..9c7c616253 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5895,6 +5895,20 @@ void __iomem *ioremap(paddr_t pa, size_t len) return (void __force __iomem *)va; } +void __iomem *__init ioremap_wc(paddr_t pa, size_t len) +{ + mfn_t mfn = _mfn(PFN_DOWN(pa)); + unsigned int offs = pa & (PAGE_SIZE - 1); + unsigned int nr = PFN_UP(offs + len); + void *va; + + WARN_ON(page_is_ram_type(mfn_x(mfn), RAM_TYPE_CONVENTIONAL)); + + va = __vmap(&mfn, nr, 1, 1, PAGE_HYPERVISOR_WC, VMAP_DEFAULT); + + return (void __force __iomem *)(va + offs); +} + int create_perdomain_mapping(struct domain *d, unsigned long va, unsigned int nr, l1_pgentry_t **pl1tab, struct page_info **ppg) diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 2c1bbd9278..f9169f701f 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -9,9 +9,9 @@ #include #include #include +#include #include #include -#include #include "font.h" #include "lfb.h" @@ -103,7 +103,7 @@ void __init vesa_init(void) lfbp.text_columns = vlfb_info.width / font->width; lfbp.text_rows = vlfb_info.height / font->height; - lfbp.lfb = lfb = ioremap(lfb_base(), vram_remap); + lfbp.lfb = lfb = ioremap_wc(lfb_base(), vram_remap); if ( !lfb ) return; @@ -179,8 +179,7 @@ void __init vesa_mtrr_init(void) static void lfb_flush(void) { - if ( vesa_mtrr == 3 ) - __asm__ __volatile__ ("sfence" : : : "memory"); + __asm__ __volatile__ ("sfence" : : : "memory"); } void __init vesa_endboot(bool_t keep) diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index b7f04d0d97..5e58f83c97 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -79,7 +79,7 @@ void __init video_init(void) { case XEN_VGATYPE_TEXT_MODE_3: if ( page_is_ram_type(paddr_to_pfn(0xB8000), RAM_TYPE_CONVENTIONAL) || - ((video = ioremap(0xB8000, 0x8000)) == NULL) ) + ((video = ioremap_wc(0xB8000, 0x8000)) == NULL) ) return; outw(0x200a, 0x3d4); /* disable cursor */ columns = vga_console_info.u.text_mode_3.columns; @@ -164,7 +164,11 @@ void __init video_endboot(void) { case XEN_VGATYPE_TEXT_MODE_3: if ( !vgacon_keep ) + { memset(video, 0, columns * lines * 2); + iounmap(video); + video = ZERO_BLOCK_PTR; + } break; case XEN_VGATYPE_VESA_LFB: case XEN_VGATYPE_EFI_LFB: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275470.471347 (Exim 4.92) (envelope-from ) id 1nL3jA-000226-7P; Fri, 18 Feb 2022 13:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275470.471347; Fri, 18 Feb 2022 13:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jA-00021y-4C; Fri, 18 Feb 2022 13:55:16 +0000 Received: by outflank-mailman (input) for mailman id 275470; Fri, 18 Feb 2022 13:55:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3j8-00021m-Uy for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3j8-0002ft-U9 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3j8-0000hP-TC for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Upj2VHapaqkGAyIy094T/e4dFgD33xf70BLCOy/sG/4=; b=2JHdCfAxcDfCQbaRmVAsd0olqI lGufy8dW1FNDRrvTxNEIebuTcOzDQv9dSOOsA8XdWgos3X4IouhcqdLTxHcvWBv0bgi/WSacpV1g4 FroC5jz7PtuWpTzxfC0twvqRcYGiG8OIzBwJRQvN1u2dVGdFW2+0rmCvS4DR9Uw4nw5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: move .text.kexec Message-Id: Date: Fri, 18 Feb 2022 13:55:14 +0000 commit 0e07d47048e4de9894a52e55972fc86714c4bf16 Author: Jan Beulich AuthorDate: Fri Feb 18 14:43:58 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:43:58 2022 +0100 x86: move .text.kexec The source file requests page alignment - avoid a padding hole by placing it right after .text.entry. On average this yields a .text size reduction of 2k. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/xen.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index ca22e984f8..82ad8feb6e 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -83,10 +83,11 @@ SECTIONS . = ALIGN(PAGE_SIZE); _etextentry = .; + *(.text.kexec) /* Page aligned in the object file. */ + *(.text.cold) *(.text.unlikely) *(.fixup) - *(.text.kexec) *(.gnu.warning) _etext = .; /* End of text section */ } PHDR(text) = 0x9090 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275471.471350 (Exim 4.92) (envelope-from ) id 1nL3jK-00025P-8o; Fri, 18 Feb 2022 13:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275471.471350; Fri, 18 Feb 2022 13:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jK-00025H-5d; Fri, 18 Feb 2022 13:55:26 +0000 Received: by outflank-mailman (input) for mailman id 275471; Fri, 18 Feb 2022 13:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jJ-00024t-35 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jJ-0002gA-2G for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3jI-0000i7-WE for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gfovMFKrA9aV9FI9iRuQF752O73qlZRoUvRlM/ToNVM=; b=ZJ7PQo/1O8t7qSJIL43PFIRt7q BaVqURxk167MfJSSG/UBL7i+qsxfbrlx74VXMtdZTAzqYjrtV+9OeNCjzBZ0RPIz9Yw9RSw447VYY gkN3IZMwGhfQnfcvPjLDdsbKBjyMVZAT3CzVt91meo1CGs+Qm+x/Yu/B/iaLhf5lQXW4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] video/vesa: unmap frame buffer when relinquishing console Message-Id: Date: Fri, 18 Feb 2022 13:55:24 +0000 commit f627a39c5e7539502624648aeb69e9ff0de2b8e5 Author: Jan Beulich AuthorDate: Fri Feb 18 14:44:32 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:44:32 2022 +0100 video/vesa: unmap frame buffer when relinquishing console There's no point in keeping the VA space occupied when no further output will occur. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/drivers/video/lfb.c | 1 + xen/drivers/video/vesa.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/xen/drivers/video/lfb.c b/xen/drivers/video/lfb.c index 75b749b330..9254b5e902 100644 --- a/xen/drivers/video/lfb.c +++ b/xen/drivers/video/lfb.c @@ -168,4 +168,5 @@ void lfb_free(void) xfree(lfb.lbuf); xfree(lfb.text_buf); xfree(lfb.line_len); + lfb.lfbp.lfb = ZERO_BLOCK_PTR; } diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index f9169f701f..b9bdfc1670 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -197,5 +197,7 @@ void __init vesa_endboot(bool_t keep) vlfb_info.width * bpp); lfb_flush(); lfb_free(); + iounmap(lfb); + lfb = ZERO_BLOCK_PTR; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275472.471353 (Exim 4.92) (envelope-from ) id 1nL3jU-00028G-A5; Fri, 18 Feb 2022 13:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275472.471353; Fri, 18 Feb 2022 13:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jU-000288-7G; Fri, 18 Feb 2022 13:55:36 +0000 Received: by outflank-mailman (input) for mailman id 275472; Fri, 18 Feb 2022 13:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jT-00027x-6T for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jT-0002gf-5e for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3jT-0000jJ-4l for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PYNX4A1mVW5uRalLuMwzkLST957n9MctPLz29MW3zIs=; b=D/+7HlqRUwRdD1/ayqNf2M7w69 KVfkSlZbrlrk1tNAVYLePkIhl+aoCUpiQIWNEZMjUiyDpPtZeNKsO0bBBzgNd5jsa6eLvRQPmb+Sv RwRcxObN8j/WqF2PGv5ldyb0QAoSDkr+QnGl51zBJ18crunN3c8YwtOm9re4vHo2FFcE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] video/vesa: drop "vesa-mtrr" command line option Message-Id: Date: Fri, 18 Feb 2022 13:55:35 +0000 commit 6ba701064227c6a4baa64d377e1ad869452f7fb6 Author: Jan Beulich AuthorDate: Fri Feb 18 14:45:14 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:45:14 2022 +0100 video/vesa: drop "vesa-mtrr" command line option Now that we use ioremap_wc() for mapping the frame buffer, there's no need for this option anymore. As noted in the change introducing the use of ioremap_wc(), mtrr_add() didn't work in certain cases anyway. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- CHANGELOG.md | 3 +++ docs/misc/xen-command-line.pandoc | 3 --- xen/arch/x86/include/asm/setup.h | 2 -- xen/arch/x86/setup.c | 2 -- xen/drivers/video/vesa.c | 32 -------------------------------- 5 files changed, 3 insertions(+), 39 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c0cd88cdf..9f596eac3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD +### Removed / support downgraded + - dropped support for the (x86-only) "vesa-mtrr" command line option + ## [4.16.0](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - 2021-12-02 ### Removed diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1ca817f5e1..a64aa5e841 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2492,9 +2492,6 @@ cache-warming. 1ms (1000) has been measured as a good value. ### vesa-map > `= ` -### vesa-mtrr -> `= ` - ### vesa-ram > `= ` diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index 7dc03b6b8d..21037b7f31 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -28,10 +28,8 @@ void init_IRQ(void); #ifdef CONFIG_VIDEO void vesa_init(void); -void vesa_mtrr_init(void); #else static inline void vesa_init(void) {}; -static inline void vesa_mtrr_init(void) {}; #endif int construct_dom0( diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 624b53ded4..2f6e10d0cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1808,8 +1808,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) local_irq_enable(); - vesa_mtrr_init(); - early_msi_init(); iommu_setup(); /* setup iommu if available */ diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index b9bdfc1670..5cc37f0171 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -145,38 +145,6 @@ void __init vesa_init(void) video_puts = lfb_redraw_puts; } -#include - -static unsigned int vesa_mtrr; -integer_param("vesa-mtrr", vesa_mtrr); - -void __init vesa_mtrr_init(void) -{ - static const int mtrr_types[] = { - 0, MTRR_TYPE_UNCACHABLE, MTRR_TYPE_WRBACK, - MTRR_TYPE_WRCOMB, MTRR_TYPE_WRTHROUGH }; - unsigned int size_total; - int rc, type; - - if ( !lfb || (vesa_mtrr == 0) || (vesa_mtrr >= ARRAY_SIZE(mtrr_types)) ) - return; - - type = mtrr_types[vesa_mtrr]; - if ( !type ) - return; - - /* Find the largest power-of-two */ - size_total = vram_total; - while ( size_total & (size_total - 1) ) - size_total &= size_total - 1; - - /* Try and find a power of two to add */ - do { - rc = mtrr_add(lfb_base(), size_total, type, 1); - size_total >>= 1; - } while ( (size_total >= PAGE_SIZE) && (rc == -EINVAL) ); -} - static void lfb_flush(void) { __asm__ __volatile__ ("sfence" : : : "memory"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275473.471357 (Exim 4.92) (envelope-from ) id 1nL3je-0002An-Bo; Fri, 18 Feb 2022 13:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275473.471357; Fri, 18 Feb 2022 13:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3je-0002Af-8p; Fri, 18 Feb 2022 13:55:46 +0000 Received: by outflank-mailman (input) for mailman id 275473; Fri, 18 Feb 2022 13:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jd-0002AQ-9e for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jd-0002gp-8o for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3jd-0000ju-7r for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p29eRrLzUgt/hjpZXRXOuRc0BDZrEKKg+uKgjoqewS0=; b=BoZ/L7mOqsYfGkgVB2w0LRxws/ vq1IPwgEBFYMxQ9BEP8z+vqW2IOxB7P0ds7yZ9Tb3suA3IPfVFCsIHJE/IsC7r00yFEt8D0pnELs3 XwjXitfPBtRsBxuc2c3b6n+hxjvcaP6KJOMDS9KplxaZ8m8ApmqFPIbKyWg5aauXN22E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] video/vesa: drop "vesa-remap" command line option Message-Id: Date: Fri, 18 Feb 2022 13:55:45 +0000 commit 7f7e55b85fce2155d83dedabd6537b47e2ea0ec7 Author: Jan Beulich AuthorDate: Fri Feb 18 14:45:45 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:45:45 2022 +0100 video/vesa: drop "vesa-remap" command line option If we get mode dimensions wrong, having the remapping size controllable via command line option isn't going to help much. Drop the option. While adjusting this also - add __initdata to the variable, - use ROUNDUP() instead of open-coding it. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- CHANGELOG.md | 2 +- docs/misc/xen-command-line.pandoc | 3 --- xen/drivers/video/vesa.c | 11 +++-------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f596eac3e..83d85fad5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD ### Removed / support downgraded - - dropped support for the (x86-only) "vesa-mtrr" command line option + - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options ## [4.16.0](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - 2021-12-02 diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a64aa5e841..ba5164eb64 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2489,9 +2489,6 @@ PCPUs when using the credit1 scheduler. This prevents rapid fluttering of a VCPU between CPUs, and reduces the implicit overheads such as cache-warming. 1ms (1000) has been measured as a good value. -### vesa-map -> `= ` - ### vesa-ram > `= ` diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 5cc37f0171..8ff1b1d4ea 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -26,8 +26,7 @@ static bool_t vga_compat; static unsigned int vram_total; integer_param("vesa-ram", vram_total); -static unsigned int vram_remap; -integer_param("vesa-map", vram_remap); +static unsigned int __initdata vram_remap; static int font_height; static int __init parse_font_height(const char *s) @@ -79,12 +78,8 @@ void __init vesa_early_init(void) * use for vesafb. With modern cards it is no * option to simply use vram_total as that * wastes plenty of kernel address space. */ - vram_remap = (vram_remap ? - (vram_remap << 20) : - ((vram_vmode + (1 << L2_PAGETABLE_SHIFT) - 1) & - ~((1 << L2_PAGETABLE_SHIFT) - 1))); - vram_remap = max_t(unsigned int, vram_remap, vram_vmode); - vram_remap = min_t(unsigned int, vram_remap, vram_total); + vram_remap = ROUNDUP(vram_vmode, 1 << L2_PAGETABLE_SHIFT); + vram_remap = min(vram_remap, vram_total); } void __init vesa_init(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275474.471362 (Exim 4.92) (envelope-from ) id 1nL3jo-0002Dq-DU; Fri, 18 Feb 2022 13:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275474.471362; Fri, 18 Feb 2022 13:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jo-0002Di-AG; Fri, 18 Feb 2022 13:55:56 +0000 Received: by outflank-mailman (input) for mailman id 275474; Fri, 18 Feb 2022 13:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jn-0002DN-CM for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jn-0002gz-Bh for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3jn-0000kZ-B0 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8gCAgG4mnCi+5HqU0CYE02aE3CtiPmsOCGrDbyGWYXg=; b=SQydrEedQhWULrWuhD3bn6+QsR MNyr645y0GCmU5qtSkI4TC/L5biL+uDTzcd1vcz40/KaZSnUhc6cbo0NAQJyCZGju5+eMzXGeYh+R yDMY8pA/n45U3ZaOt15LyXKW0Qj4VcAJhDfKzNgfGSMluJZG9w2/RJ3hS4ObkRu3Eu0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] video/vesa: adjust (not just) command line option handling Message-Id: Date: Fri, 18 Feb 2022 13:55:55 +0000 commit ea140035d01afe28b896b6cb9848f2b2824d1bd2 Author: Jan Beulich AuthorDate: Fri Feb 18 14:46:27 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:46:27 2022 +0100 video/vesa: adjust (not just) command line option handling Document the remaining option. Add section annotation to the variable holding the parsed value as well as a few adjacent ones. Adjust the types of font_height and vga_compat. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- docs/misc/xen-command-line.pandoc | 5 +++++ xen/drivers/video/vesa.c | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index ba5164eb64..321a9abfc1 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2492,6 +2492,11 @@ cache-warming. 1ms (1000) has been measured as a good value. ### vesa-ram > `= ` +> Default: `0` + +This allows to override the amount of video RAM, in MiB, determined to be +present. + ### vga > `= ( ask | current | text-80x | gfx-xx | mode- )[,keep]` diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 8ff1b1d4ea..0342a3dede 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -19,16 +19,16 @@ static void lfb_flush(void); -static unsigned char *lfb; -static const struct font_desc *font; -static bool_t vga_compat; +static unsigned char *__read_mostly lfb; +static const struct font_desc *__initdata font; +static bool __initdata vga_compat; -static unsigned int vram_total; +static unsigned int __initdata vram_total; integer_param("vesa-ram", vram_total); static unsigned int __initdata vram_remap; -static int font_height; +static unsigned int __initdata font_height; static int __init parse_font_height(const char *s) { if ( simple_strtoul(s, &s, 10) == 8 && (*s++ == 'x') ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 13:56:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 13:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275476.471366 (Exim 4.92) (envelope-from ) id 1nL3jy-0002GP-FA; Fri, 18 Feb 2022 13:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275476.471366; Fri, 18 Feb 2022 13:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jy-0002GH-C1; Fri, 18 Feb 2022 13:56:06 +0000 Received: by outflank-mailman (input) for mailman id 275476; Fri, 18 Feb 2022 13:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jx-0002G7-Fk for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL3jx-0002hO-F0 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL3jx-0000li-E5 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 13:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rqcCQgl/N0ARP1enxWPyY4KR/CQLfwWNkt70DXBQTdg=; b=HGfRZ64vSiurm+MG9DL2oDOXzS bBXlxmXv7pkOTdvgOay04bLeJPXUaiGtd+3RaVJDQo/Aw0fVOcp0nt9a5gcf95n3yWRopV/UNVP/z g+AlQZ7NmtD3iPT4DW4BMNefhK5LyU0SC7+Rty1sdwSCSLyRWbTkPjC8SzqAYbYGuUzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: replace a few do_div() uses Message-Id: Date: Fri, 18 Feb 2022 13:56:05 +0000 commit 8dc44294806c83456794ba9488b4b440aa6193c2 Author: Jan Beulich AuthorDate: Fri Feb 18 14:47:25 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:47:25 2022 +0100 x86: replace a few do_div() uses When the macro's "return value" is not used, the macro use can be replaced by a simply division, avoiding some obfuscation. According to my observations, no change to generated code. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/cpu/intel.c | 3 +-- xen/arch/x86/hpet.c | 5 +---- xen/arch/x86/nmi.c | 5 ++--- xen/arch/x86/time.c | 6 ++---- 4 files changed, 6 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index d7c6e2bd7d..eb5fba35ca 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -424,9 +424,8 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) unsigned long long val = ecx; val *= ebx; - do_div(val, eax); printk("CPU%u: TSC: %u Hz * %u / %u = %Lu Hz\n", - smp_processor_id(), ecx, ebx, eax, val); + smp_processor_id(), ecx, ebx, eax, val / eax); } else if ( ecx | eax | ebx ) { diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index afe104dc93..2fe8b005a5 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -105,10 +105,7 @@ custom_param("hpet", parse_hpet_param); static inline unsigned long div_sc(unsigned long ticks, unsigned long nsec, int shift) { - uint64_t tmp = ((uint64_t)ticks) << shift; - - do_div(tmp, nsec); - return (unsigned long) tmp; + return ((uint64_t)ticks << shift) / nsec; } /* diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index ab94a96c4d..c515de6336 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -292,10 +292,9 @@ static void clear_msr_range(unsigned int base, unsigned int n) static inline void write_watchdog_counter(const char *descr) { - u64 count = (u64)cpu_khz * 1000; + uint64_t count = cpu_khz * 1000ULL / nmi_hz; - do_div(count, nmi_hz); - if(descr) + if ( descr ) Dprintk("setting %s to -%#"PRIx64"\n", descr, count); wrmsrl(nmi_perfctr_msr, 0 - count); } diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 17f64a6ccd..bc41a3aa37 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -615,8 +615,7 @@ static uint64_t xen_timer_cpu_frequency(void) struct vcpu_time_info *info = &this_cpu(vcpu_info)->time; uint64_t freq; - freq = 1000000000ULL << 32; - do_div(freq, info->tsc_to_system_mul); + freq = (1000000000ULL << 32) / info->tsc_to_system_mul; if ( info->tsc_shift < 0 ) freq <<= -info->tsc_shift; else @@ -2178,8 +2177,7 @@ void __init early_time_init(void) set_time_scale(&t->tsc_scale, tmp); t->stamp.local_tsc = boot_tsc_stamp; - do_div(tmp, 1000); - cpu_khz = (unsigned long)tmp; + cpu_khz = tmp / 1000; printk("Detected %lu.%03lu MHz processor.\n", cpu_khz / 1000, cpu_khz % 1000); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 17:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 17:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275584.471525 (Exim 4.92) (envelope-from ) id 1nL6mg-0004Mm-8n; Fri, 18 Feb 2022 17:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275584.471525; Fri, 18 Feb 2022 17:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mg-0004Me-58; Fri, 18 Feb 2022 17:11:06 +0000 Received: by outflank-mailman (input) for mailman id 275584; Fri, 18 Feb 2022 17:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mf-0004MY-3t for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mf-0006po-0l for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL6me-0003kd-Vr for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zN4ek5OoXltJpeFHr5qUlk+PN6d/jpNWrB/1OItkE50=; b=A6xMVNxo3jYa4t76IySDbSfYXU 7MEIze5QrElGTyE1pG26qVXsioT68p8+oV8cXqT4NZiHxy+aUPVipna+umD23Vcfag/QU2Mkq8una 7F5k2g5xDaYeq7WHXY7vQuTPVMVgKVuONMoVNSGVz9rr49Bc8MqUyNgGM6fSPSxgOFyk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI: Add gnu grep to alpine containers Message-Id: Date: Fri, 18 Feb 2022 17:11:04 +0000 commit 47052d8cca272efe262d58cb9f861e71be1e6fc2 Author: Andrew Cooper AuthorDate: Tue Feb 15 20:49:10 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: Add gnu grep to alpine containers A forthcoming change is going to want more support than busybox's grep can provide. Signed-off-by: Andrew Cooper Reviewed-by: Anthony PERARD --- automation/build/alpine/3.12.dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/automation/build/alpine/3.12.dockerfile b/automation/build/alpine/3.12.dockerfile index 4ee3ddc12e..4cce7ab926 100644 --- a/automation/build/alpine/3.12.dockerfile +++ b/automation/build/alpine/3.12.dockerfile @@ -26,6 +26,7 @@ RUN \ # gettext for Xen < 4.13 apk add gettext && \ apk add git && \ + apk add grep && \ apk add iasl && \ apk add libaio-dev && \ apk add linux-headers && \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 17:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 17:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275585.471527 (Exim 4.92) (envelope-from ) id 1nL6mq-0004PE-Al; Fri, 18 Feb 2022 17:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275585.471527; Fri, 18 Feb 2022 17:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mq-0004P6-7v; Fri, 18 Feb 2022 17:11:16 +0000 Received: by outflank-mailman (input) for mailman id 275585; Fri, 18 Feb 2022 17:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mp-0004Oy-5M for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mp-0006ps-4Z for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL6mp-0003lX-2u for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7l8YFJi8e7ajBE2fE5dgNez7GMKQVG6oZy/egASPifc=; b=vnX37xSmPYXeHqxOoTHAvPRvUd AVlUbZ792Ar2W1vxCF74Q1jW8Se/HGNJ8VGCWThV1MkGaEGlh3xjPx8IkuNgWZKHxqPpSY+pgn8Dv GDR6PNeRucbn1TFseuxXVd4ByzRAPKIZacsf5tI3Iog0/QrsmzsMJuwiOnrqU6NajQaY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI: Clean up alpine containers Message-Id: Date: Fri, 18 Feb 2022 17:11:15 +0000 commit 76ce1cb1e32fad3ef493e081a0081931b56186b9 Author: Andrew Cooper AuthorDate: Thu Feb 17 21:16:35 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: Clean up alpine containers * `apk --no-cache` is the preferred way of setting up containers, and it does shrink the image by a few MB. * Neither container needs curl-dev or automake. * Flex and bison are needed for Xen, so move to the Xen block. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Anthony PERARD --- automation/build/alpine/3.12-arm64v8.dockerfile | 68 ++++++++++------------- automation/build/alpine/3.12.dockerfile | 74 +++++++++++-------------- 2 files changed, 63 insertions(+), 79 deletions(-) diff --git a/automation/build/alpine/3.12-arm64v8.dockerfile b/automation/build/alpine/3.12-arm64v8.dockerfile index a1ac960595..f8d3927ee3 100644 --- a/automation/build/alpine/3.12-arm64v8.dockerfile +++ b/automation/build/alpine/3.12-arm64v8.dockerfile @@ -8,46 +8,38 @@ RUN mkdir /build WORKDIR /build # build depends -RUN \ - # apk - apk update && \ +RUN apk --no-cache add \ \ # xen build deps - apk add argp-standalone && \ - apk add autoconf && \ - apk add automake && \ - apk add bash && \ - apk add curl && \ - apk add curl-dev && \ - apk add dev86 && \ - apk add dtc-dev && \ - apk add gcc && \ + argp-standalone \ + autoconf \ + bash \ + bison \ + curl \ + dev86 \ + dtc-dev \ + flex \ + gcc \ # gettext for Xen < 4.13 - apk add gettext && \ - apk add git && \ - apk add iasl && \ - apk add libaio-dev && \ - apk add libfdt && \ - apk add linux-headers && \ - apk add make && \ - apk add musl-dev && \ - apk add ncurses-dev && \ - apk add patch && \ - apk add python3-dev && \ - apk add texinfo && \ - apk add util-linux-dev && \ - apk add xz-dev && \ - apk add yajl-dev && \ - apk add zlib-dev && \ + gettext \ + git \ + iasl \ + libaio-dev \ + libfdt \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + patch \ + python3-dev \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ \ # qemu build deps - apk add bison && \ - apk add flex && \ - apk add glib-dev && \ - apk add libattr && \ - apk add libcap-ng-dev && \ - apk add pixman-dev && \ - \ - # cleanup - rm -rf /tmp/* && \ - rm -f /var/cache/apk/* + glib-dev \ + libattr \ + libcap-ng-dev \ + pixman-dev \ diff --git a/automation/build/alpine/3.12.dockerfile b/automation/build/alpine/3.12.dockerfile index 4cce7ab926..fbf4aa4d3d 100644 --- a/automation/build/alpine/3.12.dockerfile +++ b/automation/build/alpine/3.12.dockerfile @@ -8,49 +8,41 @@ RUN mkdir /build WORKDIR /build # build depends -RUN \ - # apk - apk update && \ +RUN apk --no-cache add \ \ # xen build deps - apk add argp-standalone && \ - apk add autoconf && \ - apk add automake && \ - apk add bash && \ - apk add curl && \ - apk add curl-dev && \ - apk add dev86 && \ - apk add gcc && \ - apk add g++ && \ - apk add clang && \ + argp-standalone \ + autoconf \ + bash \ + bison \ + clang \ + curl \ + dev86 \ + flex \ + g++ \ + gcc \ # gettext for Xen < 4.13 - apk add gettext && \ - apk add git && \ - apk add grep && \ - apk add iasl && \ - apk add libaio-dev && \ - apk add linux-headers && \ - apk add make && \ - apk add musl-dev && \ - apk add libc6-compat && \ - apk add ncurses-dev && \ - apk add patch && \ - apk add python3-dev && \ - apk add texinfo && \ - apk add util-linux-dev && \ - apk add xz-dev && \ - apk add yajl-dev && \ - apk add zlib-dev && \ + gettext \ + git \ + grep \ + iasl \ + libaio-dev \ + libc6-compat \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + patch \ + python3-dev \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ \ # qemu build deps - apk add bison && \ - apk add flex && \ - apk add glib-dev && \ - apk add libattr && \ - apk add libcap-ng-dev && \ - apk add ninja && \ - apk add pixman-dev && \ - \ - # cleanup - rm -rf /tmp/* && \ - rm -f /var/cache/apk/* + glib-dev \ + libattr \ + libcap-ng-dev \ + ninja \ + pixman-dev \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 17:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 17:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275586.471532 (Exim 4.92) (envelope-from ) id 1nL6n0-0004Rm-CJ; Fri, 18 Feb 2022 17:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275586.471532; Fri, 18 Feb 2022 17:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6n0-0004Re-9I; Fri, 18 Feb 2022 17:11:26 +0000 Received: by outflank-mailman (input) for mailman id 275586; Fri, 18 Feb 2022 17:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mz-0004RR-8m for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6mz-0006q9-83 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL6mz-0003md-6v for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/TJgmbU86US+uSPWs4xBB75E7q7vbx4uGojvFj1diVI=; b=vevyAd5g+aSnNechu61vMZmcH9 ER40WBLqYymMTVoGeInnCe0I7CZe191Kgb7EJcNhlHZTunDzRYBX7ZqKGiOSmGUkmBUAtOPThho13 /R0vo/1uaz/u5wd1Z/z6HYif3nnddLKkaSEUV3MqY/zNZdaHbKBobIKKERmoaO+jKarI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI: add github workflow to run Coverity scans Message-Id: Date: Fri, 18 Feb 2022 17:11:25 +0000 commit f05a7fa20808b8ffae7348612ca80d795e348ea0 Author: Roger Pau Monne AuthorDate: Fri Feb 18 13:00:41 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: add github workflow to run Coverity scans Add a workflow that performs a build like it's done by osstest Coverity flight and uploads the result to Coverity for analysis. The build process is exactly the same as the one currently used in osstest, and it's also run at the same time (bi-weekly). This has one big benefit over using osstest: we no longer have to care about keeping the Coverity tools up to date in osstest. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .github/workflows/coverity.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000000..8f7ef4d718 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,41 @@ +name: Coverity Scan + +# We only want to test official release code, not every pull request. +on: + schedule: + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC + +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - name: Install build dependencies + run: | + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ + ocaml-findlib xz-utils libyajl-dev libpixman-1-dev \ + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ + libtool libfuse-dev liblzma-dev ninja-build \ + kpartx python3-dev golang python-dev libsystemd-dev + + - uses: actions/checkout@v2 + with: + ref: staging + + - name: Configure Xen + run: | + ./configure + + - name: Pre build stuff + run: | + make -C tools/firmware/etherboot all && make mini-os-dir + + - uses: vapier/coverity-scan-action@v1 + with: + command: make xen tools && make -C extras/mini-os/ + project: XenProject + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + token: ${{ secrets.COVERITY_SCAN_TOKEN }} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 18 17:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Feb 2022 17:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275587.471536 (Exim 4.92) (envelope-from ) id 1nL6nA-0004Uv-Do; Fri, 18 Feb 2022 17:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275587.471536; Fri, 18 Feb 2022 17:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6nA-0004Un-Al; Fri, 18 Feb 2022 17:11:36 +0000 Received: by outflank-mailman (input) for mailman id 275587; Fri, 18 Feb 2022 17:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6n9-0004US-Bm for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nL6n9-0006qd-Aw for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nL6n9-0003nV-A6 for xen-changelog@lists.xenproject.org; Fri, 18 Feb 2022 17:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3jnFbEJdpmBGSO8UKaBl7gFrvuWrhrZ+PGq171R1nc8=; b=I+jHxBIaMou1kAPo36OYr5lRJe aJkFQ3CyjZd8Ka295PiiO9/8Y3X26pd68APWAiS7U+hE+xUaRF/CQFqVfDamgWgD4DPhWTgZJ++CH dluMJGIgOpijDDoWW8FAfVI60LZ3QojR/UfMcqYDKVWrEhse6gIR5lXmFst+F+VEvq3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI/Coverity: Do not build QEMU, SeaBIOS or OVMF Message-Id: Date: Fri, 18 Feb 2022 17:11:35 +0000 commit 686f13cfce1d95464ff39fb59ac1f85163cea03b Author: Roger Pau Monne AuthorDate: Fri Feb 18 13:00:42 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI/Coverity: Do not build QEMU, SeaBIOS or OVMF Such external projects should have their own Coverity runs, and there's not much point in also making them part of our scan (apart from greatly increasing the amount of code scanned). Trim the dependencies now that QEMU is not built. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .github/workflows/coverity.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 8f7ef4d718..9d04b56fd3 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -11,15 +11,13 @@ jobs: steps: - name: Install build dependencies run: | - sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ - iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ - make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ - libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ - libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ - ocaml-findlib xz-utils libyajl-dev libpixman-1-dev \ - libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ - libtool libfuse-dev liblzma-dev ninja-build \ - kpartx python3-dev golang python-dev libsystemd-dev + sudo apt-get install -y wget git gawk bridge-utils \ + iproute2 bzip2 build-essential \ + make gcc zlib1g-dev libncurses5-dev iasl \ + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml \ + ocaml-findlib xz-utils libyajl-dev \ + autoconf libtool liblzma-dev \ + python3-dev golang python-dev libsystemd-dev - uses: actions/checkout@v2 with: @@ -27,11 +25,13 @@ jobs: - name: Configure Xen run: | - ./configure + ./configure --with-system-qemu=/bin/true \ + --with-system-seabios=/bin/true \ + --with-system-ovmf=/bin/true - name: Pre build stuff run: | - make -C tools/firmware/etherboot all && make mini-os-dir + make mini-os-dir - uses: vapier/coverity-scan-action@v1 with: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275697.471667 (Exim 4.92) (envelope-from ) id 1nLJ87-0001tQ-8B; Sat, 19 Feb 2022 06:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275697.471667; Sat, 19 Feb 2022 06:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ87-0001tI-4w; Sat, 19 Feb 2022 06:22:03 +0000 Received: by outflank-mailman (input) for mailman id 275697; Sat, 19 Feb 2022 06:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ86-0001t9-6b for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ86-0007rq-5k for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ86-0005YG-3N for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+FpORjBv+C1KWkA3lS4PnRWN4pfoQ7/d5JS83dkTXYk=; b=jbh16KFZItvPoMHdptXFS+Gq3P XagDuDpSwb6JGMe528ofrGSWhxkGMC48isCANvY7smAShvLnOnxSkwUt8i630UnscrA7TadZ5m1Ul zaUynOwaF/NTsU9dqMk5sunUbG7gP+W/++DFPgnnFEuke1RBBAtgGPcPP6H6fn7WrCNs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile Message-Id: Date: Sat, 19 Feb 2022 06:22:02 +0000 commit 8fd1aeb8f486523af218632b19cac7519d923f45 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:57:03 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:57:03 2022 +0100 build: set ALL_OBJS in main Makefile; move prelink.o to main Makefile This is to avoid arch/$arch/Makefile having to recurse into parents directories. This avoid duplication of the logic to build prelink.o between arches. In order to do that, we cut the $(TARGET) target in the main Makefile in two, there is a "prepare" phase/target runned before starting to build "prelink.o" which will prepare "include/" among other things, then all the $(ALL_OBJS) will be generated in order to build "prelink.o" and finally $(TARGET) will be generated by calling into "arch/*/" to make $(TARGET). Now we don't need to prefix $(ALL_OBJS) with $(BASEDIR) as it is now only used from the main Makefile. Other changes is to use "$<" instead of spelling "prelink.o" in the target "$(TARGET)" in both arch/*/Makefile. Beside "prelink.o" been at a different location, no other functional change intended. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 12 +++++++++++- xen/Rules.mk | 13 ------------- xen/arch/arm/Makefile | 31 ++++--------------------------- xen/arch/arm/Rules.mk | 4 ++++ xen/arch/arm/arch.mk | 2 ++ xen/arch/x86/Makefile | 29 ++++++----------------------- xen/arch/x86/arch.mk | 2 ++ xen/build.mk | 18 ++++++++++++++++++ 8 files changed, 47 insertions(+), 64 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index fb37043d08..0dc44ddd27 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -285,6 +285,16 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +# Note that link order matters! +ALL_OBJS-y := common/built_in.o +ALL_OBJS-y += drivers/built_in.o +ALL_OBJS-y += lib/built_in.o +ALL_OBJS-y += xsm/built_in.o +ALL_OBJS-y += arch/$(TARGET_ARCH)/built_in.o +ALL_OBJS-$(CONFIG_CRYPTO) += crypto/built_in.o + +ALL_LIBS-y := lib/lib.a + include $(BASEDIR)/arch/$(TARGET_ARCH)/arch.mk # define new variables to avoid the ones defined in Config.mk @@ -407,7 +417,7 @@ $(TARGET): FORCE $(MAKE) -f $(BASEDIR)/Rules.mk -C include $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) include $(MAKE) -f $(BASEDIR)/Rules.mk arch/$(TARGET_ARCH)/include/asm/asm-offsets.h - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) MKRELOC=$(MKRELOC) $@ + $(MAKE) -f $(BASEDIR)/Rules.mk MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ SUBDIRS = xsm arch/$(TARGET_ARCH) common drivers lib test define all_sources diff --git a/xen/Rules.mk b/xen/Rules.mk index 7b8b9047cf..77d359beda 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -8,25 +8,12 @@ include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include -# Note that link order matters! -ALL_OBJS-y += $(BASEDIR)/common/built_in.o -ALL_OBJS-y += $(BASEDIR)/drivers/built_in.o -ALL_OBJS-y += $(BASEDIR)/lib/built_in.o -ALL_OBJS-y += $(BASEDIR)/xsm/built_in.o -ALL_OBJS-y += $(BASEDIR)/arch/$(TARGET_ARCH)/built_in.o -ALL_OBJS-$(CONFIG_CRYPTO) += $(BASEDIR)/crypto/built_in.o - -ALL_LIBS-y := $(BASEDIR)/lib/lib.a - # Initialise some variables lib-y := targets := CFLAGS-y := AFLAGS-y := -ALL_OBJS := $(ALL_OBJS-y) -ALL_LIBS := $(ALL_LIBS-y) - SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach w,1 2 4, \ rodata.str$(w).$(a)) \ diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index d0dee10102..1495227577 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -75,14 +75,6 @@ ifneq ($(CONFIG_DTB_FILE),"") obj-y += dtb.o endif -ALL_OBJS := $(TARGET_SUBARCH)/head.o $(ALL_OBJS) - -# head.o is built by descending into the sub-directory, depends on the part of -# $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and build -# head.o -$(TARGET_SUBARCH)/head.o: $(BASEDIR)/arch/arm/built_in.o -$(TARGET_SUBARCH)/head.o: ; - ifdef CONFIG_LIVEPATCH all_symbols = --all-symbols ifdef CONFIG_FAST_SYMBOL_LOOKUP @@ -98,33 +90,18 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -ifeq ($(CONFIG_LTO),y) -# Gather all LTO objects together -prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) - $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group - -# Link it with all the binary objects -prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o - $(call if_changed,ld) -else -prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE - $(call if_changed,ld) -endif - -targets += prelink.o - -$(TARGET)-syms: prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o \ +$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ diff --git a/xen/arch/arm/Rules.mk b/xen/arch/arm/Rules.mk index e69de29bb2..c6463a433e 100644 --- a/xen/arch/arm/Rules.mk +++ b/xen/arch/arm/Rules.mk @@ -0,0 +1,4 @@ +# head.o is built by descending into arch/arm/$(TARGET_SUBARCH), depends on the +# part of $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and +# build head.o +arch/arm/$(TARGET_SUBARCH)/head.o: arch/arm/built_in.o ; diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index c3ac443b37..ba3f140e2e 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -26,3 +26,5 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) LDFLAGS += --fix-cortex-a53-843419 endif endif + +ALL_OBJS-y := arch/arm/$(TARGET_SUBARCH)/head.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9fc884813c..a830b5791e 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -123,37 +123,20 @@ $(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -ALL_OBJS := $(BASEDIR)/arch/x86/boot/built_in.o $(BASEDIR)/arch/x86/efi/built_in.o $(ALL_OBJS) - -ifeq ($(CONFIG_LTO),y) -# Gather all LTO objects together -prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) - $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group - -# Link it with all the binary objects -prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o FORCE - $(call if_changed,ld) -else -prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE - $(call if_changed,ld) -endif - -targets += prelink.o - -$(TARGET)-syms: prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ +$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N prelink.o $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ @@ -206,7 +189,7 @@ note_file_option ?= $(note_file) ifeq ($(XEN_BUILD_PE),y) extra-y += efi.lds -$(TARGET).efi: prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc +$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif @@ -235,7 +218,7 @@ $(TARGET).efi: FORCE echo '$(if $(filter y,$(XEN_BUILD_EFI)),xen.efi generation,EFI support) disabled' endif -efi/buildid.o efi/relocs-dummy.o: $(BASEDIR)/arch/x86/efi/built_in.o +# These should already have been rebuilt when building the prerequisite of "prelink.o" efi/buildid.o efi/relocs-dummy.o: ; .PHONY: include diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index fa7cf38443..bfd5eaa35f 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -104,3 +104,5 @@ endif # Set up the assembler include path properly for older toolchains. CFLAGS += -Wa,-I$(BASEDIR)/include + +ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/build.mk b/xen/build.mk index 3d7a91df22..af1b283113 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -59,3 +59,21 @@ arch/$(TARGET_ARCH)/include/asm/asm-offsets.h: asm-offsets.s sed -rne "/^[^#].*==>/{s:.*==>(.*)<==.*:\1:; s: [\$$#]: :; p;}"; \ echo ""; \ echo "#endif") <$< >$@ + +ifeq ($(CONFIG_LTO),y) +# Gather all LTO objects together +prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) + $(LD_LTO) -r -o $@ $(filter-out %.a,$^) --start-group $(filter %.a,$^) --end-group + +# Link it with all the binary objects +prelink.o: $(patsubst %/built_in.o,%/built_in_bin.o,$(ALL_OBJS)) prelink_lto.o FORCE + $(call if_changed,ld) +else +prelink.o: $(ALL_OBJS) $(ALL_LIBS) FORCE + $(call if_changed,ld) +endif + +targets += prelink.o + +$(TARGET): prelink.o FORCE + $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) $@ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275699.471671 (Exim 4.92) (envelope-from ) id 1nLJ8H-0001vn-AO; Sat, 19 Feb 2022 06:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275699.471671; Sat, 19 Feb 2022 06:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8H-0001vg-6g; Sat, 19 Feb 2022 06:22:13 +0000 Received: by outflank-mailman (input) for mailman id 275699; Sat, 19 Feb 2022 06:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8G-0001vP-A5 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8G-0007ru-9G for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ8G-0005Yz-8A for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GopwfXWTuMZ3tEQT1KNJaEnepUH2ev5Muv8EorIUEdQ=; b=l0U08BJ5VnrnwHwpH85Nak7LUz J4U1nVeajDCMF1gq10MouhHqCKIRGl23dIFiZDPQNKjXb9fDMpz0Iq4SyOQB2laIaf+XxmKN65Gc3 YRQpJNVAB9YzejiatsKVSQ1SHyB3mctCREtJJoJAppo0ot93QtlugG5KXZTzshAzEedY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: prepare to always invoke $(MAKE) from xen/, use $(obj) Message-Id: Date: Sat, 19 Feb 2022 06:22:12 +0000 commit 14b9b35b4ea35835309d4a0d5a59cc3cbd7fdb82 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:58:01 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:58:01 2022 +0100 build: prepare to always invoke $(MAKE) from xen/, use $(obj) In a future patch, when building a subdirectory, we will set "obj=$subdir" rather than change directory. Before that, we add "$(obj)" and "$(src)" in as many places as possible where we will need to know which subdirectory is been built. "$(obj)" is for files been generated during the build, and "$(src)" is for files present in the source tree. For now, we set both to "." in Rules.mk and Makefile.clean. A few places don't tolerate the addition of "./", this is because make remove the leading "./" in targets and dependencies in rules, so these will be change later. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Reviewed-by: Daniel P. Smith # XSM --- xen/Rules.mk | 5 +++- xen/arch/arm/Makefile | 14 +++++----- xen/arch/x86/Makefile | 48 ++++++++++++++++----------------- xen/arch/x86/boot/Makefile | 14 +++++----- xen/arch/x86/efi/Makefile | 6 ++--- xen/common/Makefile | 8 +++--- xen/common/libelf/Makefile | 4 +-- xen/common/libfdt/Makefile | 6 ++--- xen/include/Makefile | 44 +++++++++++++++--------------- xen/scripts/Makefile.clean | 5 +++- xen/xsm/flask/Makefile | 36 ++++++++++++------------- xen/xsm/flask/policy/mkaccess_vector.sh | 7 +++-- 12 files changed, 103 insertions(+), 94 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 77d359beda..60d1d6c4f5 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -3,6 +3,9 @@ # Makefile and are consumed by Rules.mk # +obj := . +src := $(obj) + -include $(BASEDIR)/include/config/auto.conf include $(XEN_ROOT)/Config.mk @@ -21,7 +24,7 @@ SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach r,rel rel.ro,data.$(r).local) # The filename build.mk has precedence over Makefile -include $(firstword $(wildcard build.mk) Makefile) +include $(firstword $(wildcard $(src)/build.mk) $(src)/Makefile) # Linking # --------------------------------------------------------------------------- diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 1495227577..c993ce72a3 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -90,18 +90,18 @@ ifeq ($(CONFIG_ARM_64),y) ln -sf $(@F) $@.efi endif -$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ +$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ @@ -111,13 +111,13 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds .PHONY: include include: -xen.lds: xen.lds.S FORCE +$(obj)/xen.lds: $(src)/xen.lds.S FORCE $(call if_changed,cpp_lds_S) -dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) +$(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) .PHONY: clean clean:: - rm -f xen.lds + rm -f $(obj)/xen.lds rm -f $(BASEDIR)/.xen-syms.[0-9]* rm -f $(TARGET).efi diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index a830b5791e..db97ae8c07 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -81,7 +81,7 @@ extra-y += asm-macros.i extra-y += xen.lds ifneq ($(CONFIG_HVM),y) -x86_emulate.o: CFLAGS-y += -Wno-unused-label +$(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif efi-y := $(shell if [ ! -r $(BASEDIR)/include/xen/compile.h -o \ @@ -112,8 +112,8 @@ syms-warn-dup-$(CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS) := syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) := --error-dup $(TARGET): TMP = $(@D)/.$(@F).elf32 -$(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 - ./boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ +$(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 + $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ `$(NM) $(TARGET)-syms | sed -ne 's/^\([^ ]*\) . __2M_rwdata_end$$/0x\1/p'` od -t x4 -N 8192 $(TMP) | grep 1badb002 > /dev/null || \ { echo "No Multiboot1 header found" >&2; false; } @@ -123,27 +123,27 @@ $(TARGET): $(TARGET)-syms $(efi-y) boot/mkelf32 CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI -$(TARGET)-syms: $(BASEDIR)/prelink.o xen.lds - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ +$(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o - $(LD) $(XEN_LDFLAGS) -T xen.lds -N $< $(build_id_linker) \ + $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* -note.o: $(TARGET)-syms +$(obj)/note.o: $(TARGET)-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 \ --rename-section=.data=.note.gnu.build-id -S $@.bin $@ @@ -162,25 +162,25 @@ ifdef SOURCE_DATE_EPOCH EFI_LDFLAGS += --no-insert-timestamp endif -$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') +$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) $(obj)/efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') ifeq ($(MKRELOC),:) relocs-dummy := $(TARGET).efi: ALT_BASE := else -relocs-dummy := efi/relocs-dummy.o -$(TARGET).efi: ALT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A ALT_START$$,,p') +relocs-dummy := $(obj)/efi/relocs-dummy.o +$(TARGET).efi: ALT_BASE = 0x$(shell $(NM) $(obj)/efi/relocs-dummy.o | sed -n 's, A ALT_START$$,,p') endif ifneq ($(build_id_linker),) ifeq ($(call ld-ver-build-id,$(LD) $(filter -m%,$(EFI_LDFLAGS))),y) CFLAGS-y += -DBUILD_ID_EFI EFI_LDFLAGS += $(build_id_linker) -note_file := efi/buildid.o +note_file := $(obj)/efi/buildid.o # NB: this must be the last input in the linker call, because inputs following # the -b option will all be treated as being in the specified format. note_file_option := -b pe-x86-64 $(note_file) else -note_file := note.o +note_file := $(obj)/note.o endif else note_file := @@ -189,25 +189,25 @@ note_file_option ?= $(note_file) ifeq ($(XEN_BUILD_PE),y) extra-y += efi.lds -$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc +$(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" endif $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ - $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< $(relocs-dummy) \ + $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< $(relocs-dummy) \ $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ - $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ + $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o - $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ + $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map @@ -219,14 +219,14 @@ $(TARGET).efi: FORCE endif # These should already have been rebuilt when building the prerequisite of "prelink.o" -efi/buildid.o efi/relocs-dummy.o: ; +$(obj)/efi/buildid.o $(obj)/efi/relocs-dummy.o: ; .PHONY: include include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h -asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P +$(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P -$(BASEDIR)/arch/x86/include/asm/asm-macros.h: asm-macros.i Makefile +$(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile echo '#if 0' >$@.new echo '.if 0' >>$@.new echo '#endif' >>$@.new @@ -240,14 +240,14 @@ $(BASEDIR)/arch/x86/include/asm/asm-macros.h: asm-macros.i Makefile echo '#endif' >>$@.new $(call move-if-changed,$@.new,$@) -efi.lds: AFLAGS-y += -DEFI -xen.lds efi.lds: xen.lds.S FORCE +$(obj)/efi.lds: AFLAGS-y += -DEFI +$(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE $(call if_changed,cpp_lds_S) -boot/mkelf32: boot/mkelf32.c +$(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< -efi/mkreloc: efi/mkreloc.c +$(obj)/efi/mkreloc: $(src)/efi/mkreloc.c $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< .PHONY: clean diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d2eb277d42..0aec8a4643 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,8 +1,8 @@ obj-bin-y += head.o -DEFS_H_DEPS = defs.h $(BASEDIR)/include/xen/stdbool.h +DEFS_H_DEPS = $(src)/defs.h $(BASEDIR)/include/xen/stdbool.h -CMDLINE_DEPS = $(DEFS_H_DEPS) video.h \ +CMDLINE_DEPS = $(DEFS_H_DEPS) $(src)/video.h \ $(BASEDIR)/include/xen/kconfig.h \ $(BASEDIR)/include/generated/autoconf.h @@ -14,10 +14,10 @@ RELOC_DEPS = $(DEFS_H_DEPS) \ $(BASEDIR)/include/xen/const.h \ $(BASEDIR)/include/public/arch-x86/hvm/start_info.h -head.o: cmdline.S reloc.S +$(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S -cmdline.S: cmdline.c $(CMDLINE_DEPS) build32.lds - $(MAKE) -f build32.mk $@ CMDLINE_DEPS="$(CMDLINE_DEPS)" +$(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds + $(MAKE) -f build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" -reloc.S: reloc.c $(RELOC_DEPS) build32.lds - $(MAKE) -f build32.mk $@ RELOC_DEPS="$(RELOC_DEPS)" +$(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds + $(MAKE) -f build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" diff --git a/xen/arch/x86/efi/Makefile b/xen/arch/x86/efi/Makefile index abae493bf3..e08b4d8e48 100644 --- a/xen/arch/x86/efi/Makefile +++ b/xen/arch/x86/efi/Makefile @@ -3,16 +3,16 @@ CFLAGS-y += -fshort-wchar quiet_cmd_objcopy_o_ihex = OBJCOPY $@ cmd_objcopy_o_ihex = $(OBJCOPY) -I ihex -O binary $< $@ -%.o: %.ihex FORCE +$(obj)/%.o: $(src)/%.ihex FORCE $(call if_changed,objcopy_o_ihex) -boot.init.o: buildid.o +$(obj)/boot.init.o: $(obj)/buildid.o EFIOBJ-y := boot.init.o pe.init.o ebmalloc.o runtime.o EFIOBJ-$(CONFIG_COMPAT) += compat.o $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) -$(EFIOBJ-y): CFLAGS_stack_boundary := $(cflags-stack-boundary) +$(addprefix $(obj)/,$(EFIOBJ-y)): CFLAGS_stack_boundary := $(cflags-stack-boundary) obj-y := stub.o obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ-y)) diff --git a/xen/common/Makefile b/xen/common/Makefile index 141d7d40d3..ca839118e4 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -75,13 +75,13 @@ obj-$(CONFIG_NEEDS_LIBELF) += libelf/ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(BASEDIR)/)$(KCONFIG_CONFIG) -config.gz: $(CONF_FILE) +$(obj)/config.gz: $(CONF_FILE) gzip -n -c $< >$@ -config_data.o: config.gz +$(obj)/config_data.o: $(obj)/config.gz -config_data.S: $(BASEDIR)/tools/binfile FORCE - $(call if_changed,binfile,config.gz xen_config_data) +$(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE + $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S clean:: diff --git a/xen/common/libelf/Makefile b/xen/common/libelf/Makefile index a92326c982..8a4522e4e1 100644 --- a/xen/common/libelf/Makefile +++ b/xen/common/libelf/Makefile @@ -7,10 +7,10 @@ OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) CFLAGS-y += -Wno-pointer-sign -libelf.o: libelf-temp.o FORCE +$(obj)/libelf.o: $(obj)/libelf-temp.o FORCE $(call if_changed,objcopy) -libelf-temp.o: $(libelf-objs) FORCE +$(obj)/libelf-temp.o: $(addprefix $(obj)/,$(libelf-objs)) FORCE $(call if_changed,ld) extra-y += libelf-temp.o $(libelf-objs) diff --git a/xen/common/libfdt/Makefile b/xen/common/libfdt/Makefile index 6bd207cf8f..6708af12e5 100644 --- a/xen/common/libfdt/Makefile +++ b/xen/common/libfdt/Makefile @@ -1,4 +1,4 @@ -include Makefile.libfdt +include $(src)/Makefile.libfdt SECTIONS := text data $(SPECIAL_DATA_SECTIONS) OBJCOPYFLAGS := $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) @@ -8,10 +8,10 @@ nocov-y += libfdt.o CFLAGS-y += -I$(BASEDIR)/include/xen/libfdt/ -libfdt.o: libfdt-temp.o FORCE +$(obj)/libfdt.o: $(obj)/libfdt-temp.o FORCE $(call if_changed,objcopy) -libfdt-temp.o: $(LIBFDT_OBJS) FORCE +$(obj)/libfdt-temp.o: $(addprefix $(obj)/,$(LIBFDT_OBJS)) FORCE $(call if_changed,ld) extra-y += libfdt-temp.o $(LIBFDT_OBJS) diff --git a/xen/include/Makefile b/xen/include/Makefile index 95daa8a289..d2f5a956a1 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -39,57 +39,57 @@ cppflags-$(CONFIG_X86) += -m32 endif -public-$(CONFIG_X86) := $(wildcard public/arch-x86/*.h public/arch-x86/*/*.h) -public-$(CONFIG_ARM) := $(wildcard public/arch-arm/*.h public/arch-arm/*/*.h) +public-$(CONFIG_X86) := $(wildcard $(src)/public/arch-x86/*.h $(src)/public/arch-x86/*/*.h) +public-$(CONFIG_ARM) := $(wildcard $(src)/public/arch-arm/*.h $(src)/public/arch-arm/*/*.h) .PHONY: all -all: $(headers-y) +all: $(addprefix $(obj)/,$(headers-y)) -compat/%.h: compat/%.i Makefile $(BASEDIR)/tools/compat-build-header.py - $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $@ >>$@.new; \ +$(obj)/compat/%.h: $(obj)/compat/%.i $(src)/Makefile $(BASEDIR)/tools/compat-build-header.py + $(PYTHON) $(BASEDIR)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ mv -f $@.new $@ -compat/%.i: compat/%.c Makefile +$(obj)/compat/%.i: $(obj)/compat/%.c $(src)/Makefile $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< -compat/%.c: public/%.h xlat.lst Makefile $(BASEDIR)/tools/compat-build-source.py +$(obj)/compat/%.c: $(src)/public/%.h $(src)/xlat.lst $(src)/Makefile $(BASEDIR)/tools/compat-build-source.py mkdir -p $(@D) - $(PYTHON) $(BASEDIR)/tools/compat-build-source.py xlat.lst <$< >$@.new + $(PYTHON) $(BASEDIR)/tools/compat-build-source.py $(src)/xlat.lst <$< >$@.new mv -f $@.new $@ -compat/.xlat/%.h: compat/%.h compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh Makefile +$(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/tools/get-fields.sh $(src)/Makefile export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ done <$(patsubst compat/%,compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ -.PRECIOUS: compat/.xlat/%.lst -compat/.xlat/%.lst: xlat.lst Makefile +.PRECIOUS: $(obj)/compat/.xlat/%.lst +$(obj)/compat/.xlat/%.lst: $(src)/xlat.lst $(src)/Makefile mkdir -p $(@D) grep -v '^[[:blank:]]*#' $< | sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,[[:blank:]]+$*\.h[[:blank:]]*$$,,p' >$@.new $(call move-if-changed,$@.new,$@) -xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' xlat.lst | uniq) +xlat-y := $(shell sed -ne 's,@arch@,$(compat-arch-y),g' -re 's,^[?!][[:blank:]]+[^[:blank:]]+[[:blank:]]+,,p' $(src)/xlat.lst | uniq) xlat-y := $(filter $(patsubst compat/%,%,$(headers-y)),$(xlat-y)) -compat/xlat.h: $(addprefix compat/.xlat/,$(xlat-y)) config/auto.conf Makefile +$(obj)/compat/xlat.h: $(addprefix $(obj)/compat/.xlat/,$(xlat-y)) $(obj)/config/auto.conf $(src)/Makefile cat $(filter %.h,$^) >$@.new mv -f $@.new $@ ifeq ($(XEN_TARGET_ARCH),$(XEN_COMPILE_ARCH)) -all: headers.chk headers99.chk headers++.chk +all: $(obj)/headers.chk $(obj)/headers99.chk $(obj)/headers++.chk -PUBLIC_HEADERS := $(filter-out public/arch-% public/dom0_ops.h, $(wildcard public/*.h public/*/*.h) $(public-y)) +PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $(wildcard $(src)/public/*.h $(src)/public/*/*.h) $(public-y)) -PUBLIC_C99_HEADERS := public/io/9pfs.h public/io/pvcalls.h -PUBLIC_ANSI_HEADERS := $(filter-out public/%ctl.h public/xsm/% public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) +PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h +PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) public/io/9pfs.h-prereq := string public/io/pvcalls.h-prereq := string -headers.chk: $(PUBLIC_ANSI_HEADERS) Makefile +$(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile for i in $(filter %.h,$^); do \ $(CC) -x c -ansi -Wall -Werror -include stdint.h \ -S -o /dev/null $$i || exit 1; \ @@ -97,7 +97,7 @@ headers.chk: $(PUBLIC_ANSI_HEADERS) Makefile done >$@.new mv $@.new $@ -headers99.chk: $(PUBLIC_C99_HEADERS) Makefile +$(obj)/headers99.chk: $(PUBLIC_C99_HEADERS) $(src)/Makefile rm -f $@.new $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ @@ -107,7 +107,7 @@ headers99.chk: $(PUBLIC_C99_HEADERS) Makefile || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ -headers++.chk: $(PUBLIC_HEADERS) Makefile +$(obj)/headers++.chk: $(PUBLIC_HEADERS) $(src)/Makefile rm -f $@.new if ! $(CXX) -v >/dev/null 2>&1; then \ touch $@.new; \ @@ -116,7 +116,7 @@ headers++.chk: $(PUBLIC_HEADERS) Makefile $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ | $(CXX) -x c++ -std=gnu++98 -Wall -Werror -D__XEN_TOOLS__ \ - -include stdint.h -include public/xen.h \ + -include stdint.h -include $(src)/public/xen.h \ $(foreach j, $($(i)-prereq), -include c$(j)) -S -o /dev/null - \ || exit $$?; echo $(i) >> $@.new;) mv $@.new $@ @@ -126,7 +126,7 @@ endif ifeq ($(XEN_TARGET_ARCH),x86_64) .PHONY: lib-x86-all lib-x86-all: - $(MAKE) -C xen/lib/x86 all + $(MAKE) -C $(obj)/xen/lib/x86 all all: lib-x86-all endif diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 8582ec35e4..c3b0681611 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -3,11 +3,14 @@ # Cleaning up # ========================================================================== +obj := . +src := $(obj) + clean:: include $(BASEDIR)/scripts/Kbuild.include -include Makefile +include $(src)/Makefile # Figure out what we need to clean from the various variables # ========================================================================== diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 11c530dcf4..51fd37f6c4 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -4,46 +4,46 @@ obj-y += flask_op.o obj-y += ss/ -CFLAGS-y += -I./include +CFLAGS-y += -I$(obj)/include AWK = awk -FLASK_H_DEPEND = policy/security_classes policy/initial_sids -AV_H_DEPEND = policy/access_vectors +FLASK_H_DEPEND := $(addprefix $(src)/policy/,security_classes initial_sids) +AV_H_DEPEND = $(src)/policy/access_vectors -FLASK_H_FILES = include/flask.h include/class_to_string.h include/initial_sid_to_string.h -AV_H_FILES = include/av_perm_to_string.h include/av_permissions.h -ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES) +FLASK_H_FILES := flask.h class_to_string.h initial_sid_to_string.h +AV_H_FILES := av_perm_to_string.h av_permissions.h +ALL_H_FILES := $(addprefix include/,$(FLASK_H_FILES) $(AV_H_FILES)) -$(obj-y) ss/built_in.o: $(ALL_H_FILES) +$(addprefix $(obj)/,$(obj-y)) $(obj)/ss/built_in.o: $(addprefix $(obj)/,$(ALL_H_FILES)) extra-y += $(ALL_H_FILES) -mkflask := policy/mkflask.sh +mkflask := $(src)/policy/mkflask.sh quiet_cmd_mkflask = MKFLASK $@ -cmd_mkflask = $(SHELL) $(mkflask) $(AWK) include $(FLASK_H_DEPEND) +cmd_mkflask = $(SHELL) $(mkflask) $(AWK) $(obj)/include $(FLASK_H_DEPEND) -$(subst include/,%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE +$(addprefix $(obj)/%/,$(FLASK_H_FILES)): $(FLASK_H_DEPEND) $(mkflask) FORCE $(call if_changed,mkflask) -mkaccess := policy/mkaccess_vector.sh +mkaccess := $(src)/policy/mkaccess_vector.sh quiet_cmd_mkaccess = MKACCESS VECTOR $@ -cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(AV_H_DEPEND) +cmd_mkaccess = $(SHELL) $(mkaccess) $(AWK) $(obj)/include $(AV_H_DEPEND) -$(subst include/,%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE +$(addprefix $(obj)/%/,$(AV_H_FILES)): $(AV_H_DEPEND) $(mkaccess) FORCE $(call if_changed,mkaccess) obj-bin-$(CONFIG_XSM_FLASK_POLICY) += flask-policy.o -flask-policy.o: policy.bin +$(obj)/flask-policy.o: $(obj)/policy.bin -flask-policy.S: BINFILE_FLAGS := -i -flask-policy.S: $(BASEDIR)/tools/binfile FORCE - $(call if_changed,binfile,policy.bin xsm_flask_init_policy) +$(obj)/flask-policy.S: BINFILE_FLAGS := -i +$(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE + $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S FLASK_BUILD_DIR := $(CURDIR) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) -policy.bin: FORCE +$(obj)/policy.bin: FORCE $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common \ -C $(XEN_ROOT)/tools/flask/policy \ FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) diff --git a/xen/xsm/flask/policy/mkaccess_vector.sh b/xen/xsm/flask/policy/mkaccess_vector.sh index 942ede4713..ad9772193b 100755 --- a/xen/xsm/flask/policy/mkaccess_vector.sh +++ b/xen/xsm/flask/policy/mkaccess_vector.sh @@ -8,9 +8,12 @@ set -e awk=$1 shift +output_dir=$1 +shift + # output files -av_permissions="include/av_permissions.h" -av_perm_to_string="include/av_perm_to_string.h" +av_permissions="$output_dir/av_permissions.h" +av_perm_to_string="$output_dir/av_perm_to_string.h" cat $* | $awk " BEGIN { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275700.471675 (Exim 4.92) (envelope-from ) id 1nLJ8R-0001zn-De; Sat, 19 Feb 2022 06:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275700.471675; Sat, 19 Feb 2022 06:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8R-0001zf-Ak; Sat, 19 Feb 2022 06:22:23 +0000 Received: by outflank-mailman (input) for mailman id 275700; Sat, 19 Feb 2022 06:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8Q-0001zS-Dr for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8Q-0007sB-D1 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ8Q-0005Ze-Bg for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PIpe9OE8AZAJZxz/gC2Q55dboahXaCwLnI2X79EgKqc=; b=xMmFW4Rkr6plz7zUUKvUiTytOF mGL4En8eKq8A6msjGfT/36aqAYy6OG12BYQjko6SGpPY9fbBjOxdmqx1+HhBKIp7nVCm2Aqnht1Am 3FErwh1okTIkKvgTgKNY4uiL83IE1vqqF8chAEtXGxeloi7a6iK/LZJz4bn17RDauWic=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework cloc recipe Message-Id: Date: Sat, 19 Feb 2022 06:22:22 +0000 commit 83a0353f49373c58fb92fc74626d7ab13c0399a3 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:58:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:58:52 2022 +0100 build: rework cloc recipe We are going to make other modifications to the cloc recipe, so this patch prepare make those modification easier. We replace the Makefile meta programming by just a shell script which should be easier to read and is actually faster to execute. Instead of looking for files in "$(BASEDIR)", we use "." which is give the same result overall. We also avoid the need for a temporary file as cloc can read the list of files from stdin. No change intended to the output of `cloc`. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 0dc44ddd27..6e4ea200aa 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -473,14 +473,12 @@ _MAP: .PHONY: cloc cloc: - $(eval tmpfile := $(shell mktemp)) - $(foreach f, $(shell find $(BASEDIR) -name *.o.d), \ - $(eval path := $(dir $(f))) \ - $(eval names := $(shell grep -o "[a-zA-Z0-9_/-]*\.[cS]" $(f))) \ - $(foreach sf, $(names), \ - $(shell if test -f $(path)/$(sf) ; then echo $(path)/$(sf) >> $(tmpfile); fi;))) - cloc --list-file=$(tmpfile) - rm $(tmpfile) + find . -name '*.o.d' | while read f; do \ + for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ + sf="$$(dirname $$f)/$$sf"; \ + test -f "$$sf" && echo "$$sf"; \ + done; \ + done | cloc --list-file=- endif #config-build -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275701.471678 (Exim 4.92) (envelope-from ) id 1nLJ8b-00023W-FH; Sat, 19 Feb 2022 06:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275701.471678; Sat, 19 Feb 2022 06:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8b-00023O-CM; Sat, 19 Feb 2022 06:22:33 +0000 Received: by outflank-mailman (input) for mailman id 275701; Sat, 19 Feb 2022 06:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8a-00023B-H7 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8a-0007sN-GG for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ8a-0005af-FG for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lh8mwooxNPCnjBopUzhVhQ+nfE0Clr1dPVk4lxe5JHc=; b=Lbfasrr9tGr3SEmlUiYkcoSiTy IMN7mJp+OzvjyQfzsJFf/fom7SczIJ8Dm08Vz9ARugVvoZlcQioCSI0MaGHVbzMDHe8P4KuJFwSrB 2VxQX/buibW5115VmEBemAj0g1O4freX7CKm2zhB4jiaRjKvR+D9FrAVm1T+o7LgXzI8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: fix enforce unique symbols for recent clang version Message-Id: Date: Sat, 19 Feb 2022 06:22:32 +0000 commit 035ab75d8e37b63729886d7cb760b085ffde9977 Author: Anthony PERARD AuthorDate: Fri Feb 18 08:59:03 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 08:59:03 2022 +0100 build: fix enforce unique symbols for recent clang version clang 6.0 and newer behave like gcc in regards for the FILE symbol, so only the filename rather than the full path to the source file. clang 3.8.1-24 (in our debian:stretch container) and 3.5.0-10 (in our debian:jessie container) do store the full path to the source file in the FILE symbol. Also we have commit 81ecb38b83 ("build: provide option to disambiguate symbol names") which were using clang 5, and LLVM's commit f5040b9685a7 [1] ("Make .file directive to have basename only") which is part of "llvmorg-6.0.0" tag but not "release/5.x" branch. Both suggest that clang change of behavior happened with clang 6.0. This means that we also need to check clang version to figure out which command we need to use to redefine symbol. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich [1] https://github.com/llvm/llvm-project/commit/f5040b9685a760e584c576e9185295e54635d51e --- xen/Rules.mk | 2 +- xen/scripts/Kbuild.include | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 60d1d6c4f5..1e7f47a3d8 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -166,7 +166,7 @@ SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@ - ifeq ($(CONFIG_CC_IS_CLANG),y) + ifeq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(dot-target).tmp $@ else cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $( Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275702.471683 (Exim 4.92) (envelope-from ) id 1nLJ8l-00026l-Go; Sat, 19 Feb 2022 06:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275702.471683; Sat, 19 Feb 2022 06:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8l-00026d-Dr; Sat, 19 Feb 2022 06:22:43 +0000 Received: by outflank-mailman (input) for mailman id 275702; Sat, 19 Feb 2022 06:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8k-00026O-KJ for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8k-0007sk-JX for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ8k-0005bS-If for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QG9Yykea5fnYRwRUg04yUYwjcKZi4/Fx8j5uiogiLY4=; b=nWy897UKGiQMpy9pW/MJRUsbWz qqUO1VRRReQIEoJ5lS6QAocUshyFL6lwt3GitN62oO8chuny7Cov4k73M4s/nifUvqoqGSMW5I7yD n/yi2WZ5VLtu+5qoxD8X3ymkKYTTnLn+RWuNcpm7I0/htm8NnAIeP2NI6cgmRtxBo150=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Intel: re-indent family 6 switch() in intel_log_freq() Message-Id: Date: Sat, 19 Feb 2022 06:22:42 +0000 commit 3e548a6379bc0b1b79a20d12aeb4faed2833a4a7 Author: Jan Beulich AuthorDate: Fri Feb 18 09:00:10 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:00:10 2022 +0100 x86/Intel: re-indent family 6 switch() in intel_log_freq() This was left at its previous indentation by e6e3cf191d37 ("x86/Intel: also display CPU freq for family 0xf") to ease review. Remove the now unnecessary level of indentation. No functional change. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/intel.c | 54 +++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 699add6a4a..d7c6e2bd7d 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -468,35 +468,33 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) if ( !max_ratio ) return; + switch ( c->x86_model ) { - switch ( c->x86_model ) - { - case 0x0e: /* Core */ - case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ - /* - * PLATFORM_INFO, while not documented for these, appears to - * exist in at least some cases, but what it holds doesn't - * match the scheme used by newer CPUs. At a guess, the min - * and max fields look to be reversed, while the scaling - * factor is encoded in FSB_FREQ. - */ - if ( min_ratio > max_ratio ) - SWAP(min_ratio, max_ratio); - if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || - (msrval &= 7) >= ARRAY_SIZE(core_factors) ) - return; - factor = core_factors[msrval]; - break; - - case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ - case 0x25: case 0x2c: case 0x2f: /* Westmere */ - factor = 13333; - break; - - default: - factor = 10000; - break; - } + case 0x0e: /* Core */ + case 0x0f: case 0x16: case 0x17: case 0x1d: /* Core2 */ + /* + * PLATFORM_INFO, while not documented for these, appears to exist + * in at least some cases, but what it holds doesn't match the + * scheme used by newer CPUs. At a guess, the min and max fields + * look to be reversed, while the scaling factor is encoded in + * FSB_FREQ. + */ + if ( min_ratio > max_ratio ) + SWAP(min_ratio, max_ratio); + if ( rdmsr_safe(MSR_FSB_FREQ, msrval) || + (msrval &= 7) >= ARRAY_SIZE(core_factors) ) + return; + factor = core_factors[msrval]; + break; + + case 0x1a: case 0x1e: case 0x1f: case 0x2e: /* Nehalem */ + case 0x25: case 0x2c: case 0x2f: /* Westmere */ + factor = 13333; + break; + + default: + factor = 10000; + break; } break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275704.471688 (Exim 4.92) (envelope-from ) id 1nLJ8v-00029L-Io; Sat, 19 Feb 2022 06:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275704.471688; Sat, 19 Feb 2022 06:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8v-000299-FO; Sat, 19 Feb 2022 06:22:53 +0000 Received: by outflank-mailman (input) for mailman id 275704; Sat, 19 Feb 2022 06:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8u-00028x-NA for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ8u-0007t4-MP for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ8u-0005cM-Lc for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m7htEqg6wmbI5xyz2XsUwvZrD+vp2zyD/Ykwq84TjV0=; b=n/aZX8/e3F+GkXfSoouVhWLRFW pGjkOqZ0lH0ihd+nko2054U7LxREnpv13V9r3iBKt1rpVQ/oTjptpIenKMP8g3OlRllkrGKEMa7Lx /Bn7bz8g9SgfU2QzQZGOT0q0jOaEZkMR5MBBzDpVXQCmhieyA9nezA6uSKi3GFhzEIQ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] rwlock: remove unneeded subtraction Message-Id: Date: Sat, 19 Feb 2022 06:22:52 +0000 commit 26f8eead2b8d19396bb57d00144bb19ae25f8f27 Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:01:27 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:01:27 2022 +0100 rwlock: remove unneeded subtraction There's no need to subtract _QR_BIAS from the lock value for storing in the local cnts variable in the read lock slow path: the users of the value in cnts only care about the writer-related bits and use a mask to get the value. Note that further setting of cnts in rspin_until_writer_unlock already do not subtract _QR_BIAS. Originally _QR_BIAS was subtracted from the result of atomic_add_return_acquire in order to prevent GCC from emitting an unneeded ADD instruction. This being in the lock slow path such optimizations don't seem likely to make any relevant performance difference. Also modern GCC and CLANG versions will already avoid emitting the ADD instruction. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Luca Fancellu --- xen/common/rwlock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/rwlock.c b/xen/common/rwlock.c index dadab372b5..aa15529bbe 100644 --- a/xen/common/rwlock.c +++ b/xen/common/rwlock.c @@ -47,7 +47,7 @@ void queue_read_lock_slowpath(rwlock_t *lock) while ( atomic_read(&lock->cnts) & _QW_WMASK ) cpu_relax(); - cnts = atomic_add_return(_QR_BIAS, &lock->cnts) - _QR_BIAS; + cnts = atomic_add_return(_QR_BIAS, &lock->cnts); rspin_until_writer_unlock(lock, cnts); /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275705.471692 (Exim 4.92) (envelope-from ) id 1nLJ95-0002CT-Kw; Sat, 19 Feb 2022 06:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275705.471692; Sat, 19 Feb 2022 06:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ95-0002CL-HE; Sat, 19 Feb 2022 06:23:03 +0000 Received: by outflank-mailman (input) for mailman id 275705; Sat, 19 Feb 2022 06:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ94-0002CA-Q8 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ94-0007tO-PP for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ94-0005dK-OY for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tPILa9dYiSTJ64D3cIYh++jQmLz109baibEholiJhYE=; b=jX6E78FCdbuQZLXzc60y8LF5do Dt8bk5M8GBKt0qhOrxYI17g0ERxnJGgVCYkzL1VmW5lyqEOF5EOPB1AAhcSDjLLlFQTGse2iyHRfs oRTxy8fqnR+lgKZeMqyGR/1cAEdCjI4KRm8GT1tSlgRcnyFOipUctZP19B9VXlIkZhhg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/console: process softirqs between warning prints Message-Id: Date: Sat, 19 Feb 2022 06:23:02 +0000 commit 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:02:16 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:02:16 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275706.471695 (Exim 4.92) (envelope-from ) id 1nLJ9F-0002FZ-MB; Sat, 19 Feb 2022 06:23:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275706.471695; Sat, 19 Feb 2022 06:23:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9F-0002FR-Iq; Sat, 19 Feb 2022 06:23:13 +0000 Received: by outflank-mailman (input) for mailman id 275706; Sat, 19 Feb 2022 06:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9E-0002FH-TQ for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9E-0007tS-Sg for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ9E-0005eA-Rn for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hRKXHh+ePD+Bxn/3UGl+/AKjDmfEvdQAMgQOTdKGVbg=; b=IamlWhHIS6KzmP4CwpnYRq+0fK FOem2XIoaNhYxwdAf+Ttk/Xx+i0Yd/xyKqnbcdgaYGiPQ+bGZpd+EUJwK2a2bSEGs7kjx3GVcXas0 +yTv5QlAsvEV5uLgce2yRrJ0I90fdz7Fsk2pKdJGTw3CaOjse0WaiQkQqAruY6iV7sdk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/xenstore: add error indicator to ring page Message-Id: Date: Sat, 19 Feb 2022 06:23:12 +0000 commit aeaed47023377a20d0f77c82e54f504e99468fb6 Author: Juergen Gross AuthorDate: Fri Feb 18 09:02:48 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:02:48 2022 +0100 tools/xenstore: add error indicator to ring page In case Xenstore is detecting a malicious ring page modification (e.g. an invalid producer or consumer index set by a guest) it will ignore the connection of that guest in future. Add a new error field to the ring page indicating that case. Add a new feature bit in order to signal the presence of that error field. Move the ignore_connection() function to xenstored_domain.c in order to be able to access the ring page for setting the error indicator. Signed-off-by: Juergen Gross Reviewed-by: Anthony PERARD --- docs/misc/xenstore-ring.txt | 35 +++++++++++++++++++++++++++++++ tools/xenstore/xenstored_core.c | 43 +++++++++------------------------------ tools/xenstore/xenstored_core.h | 1 - tools/xenstore/xenstored_domain.c | 34 ++++++++++++++++++++++++++++++- tools/xenstore/xenstored_domain.h | 1 + xen/include/public/io/xs_wire.h | 9 ++++++++ 6 files changed, 88 insertions(+), 35 deletions(-) diff --git a/docs/misc/xenstore-ring.txt b/docs/misc/xenstore-ring.txt index 16b4d0f5ac..b338b21b19 100644 --- a/docs/misc/xenstore-ring.txt +++ b/docs/misc/xenstore-ring.txt @@ -22,6 +22,7 @@ Offset Length Description 2060 4 Output producer offset 2064 4 Server feature bitmap 2068 4 Connection state +2072 4 Connection error indicator The Input data and Output data are circular buffers. Each buffer is associated with a pair of free-running offsets labelled "consumer" and @@ -66,6 +67,7 @@ The following features are defined: Mask Description ----------------------------------------------------------------- 1 Ring reconnection (see the ring reconnection feature below) +2 Connection error indicator (see connection error feature below) The "Connection state" field is used to request a ring close and reconnect. The "Connection state" field only contains valid data if the server has @@ -78,6 +80,19 @@ Value Description 1 Ring close and reconnect is in progress (see the "ring reconnection feature" described below) +The "Connection error indicator" is used to let the server indicate it has +detected some error that led to deactivation of the connection by the server. +If the feature has been advertised then the "Connection error indicator" may +take the following values (new values might be added in future without them +being advertised as a new feature): + +Value Description +----------------------------------------------------------------- +0 No error, connection is valid +1 Communication problems (event channel not functional) +2 Inconsistent producer or consumer offset +3 Protocol violation (client data package too long) + The ring reconnection feature ============================= @@ -114,3 +129,23 @@ packet boundary. Note that only the guest may set the Connection state to 1 and only the server may set it back to 0. + +The connection error feature +============================ + +The connection error feature allows the server to signal error conditions +leading to a stop of the communication with the client. In case such an error +condition has occurred, the server will set the appropriate error condition in +the Connection error indicator and will stop communication with the client. + +Any value different from 0 is indicating an error. The value used is meant +just for diagnostic purposes. A client reading the error value should be +prepared to see values not described here, as new error cases might be added +in future. + +The server will discard any already read or written packets, in-flight +requests, watches and transactions associated with the connection. + +Depending on the error cause it might be possible that a reconnect via the +ring reconnection feature (if present) can be performed. There is no guarantee +this will succeed. diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 91d3adccb1..6e4022e5da 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1455,35 +1455,6 @@ static struct { [XS_DIRECTORY_PART] = { "DIRECTORY_PART", send_directory_part }, }; -/* - * Keep the connection alive but stop processing any new request or sending - * reponse. This is to allow sending @releaseDomain watch event at the correct - * moment and/or to allow the connection to restart (not yet implemented). - * - * All watches, transactions, buffers will be freed. - */ -void ignore_connection(struct connection *conn) -{ - struct buffered_data *out, *tmp; - - trace("CONN %p ignored\n", conn); - - conn->is_ignored = true; - conn_delete_all_watches(conn); - conn_delete_all_transactions(conn); - - list_for_each_entry_safe(out, tmp, &conn->out_list, list) { - list_del(&out->list); - talloc_free(out); - } - - talloc_free(conn->in); - conn->in = NULL; - /* if this is a socket connection, drop it now */ - if (conn->fd >= 0) - talloc_free(conn); -} - static const char *sockmsg_string(enum xsd_sockmsg_type type) { if ((unsigned int)type < ARRAY_SIZE(wire_funcs) && wire_funcs[type].str) @@ -1598,6 +1569,7 @@ static void handle_input(struct connection *conn) { int bytes; struct buffered_data *in; + unsigned int err; if (!conn->in) { conn->in = new_buffer(conn); @@ -1612,8 +1584,10 @@ static void handle_input(struct connection *conn) if (in->used != sizeof(in->hdr)) { bytes = conn->funcs->read(conn, in->hdr.raw + in->used, sizeof(in->hdr) - in->used); - if (bytes < 0) + if (bytes < 0) { + err = XENSTORE_ERROR_RINGIDX; goto bad_client; + } in->used += bytes; if (in->used != sizeof(in->hdr)) return; @@ -1621,6 +1595,7 @@ static void handle_input(struct connection *conn) if (in->hdr.msg.len > XENSTORE_PAYLOAD_MAX) { syslog(LOG_ERR, "Client tried to feed us %i", in->hdr.msg.len); + err = XENSTORE_ERROR_PROTO; goto bad_client; } } @@ -1638,8 +1613,10 @@ static void handle_input(struct connection *conn) bytes = conn->funcs->read(conn, in->buffer + in->used, in->hdr.msg.len - in->used); - if (bytes < 0) + if (bytes < 0) { + err = XENSTORE_ERROR_RINGIDX; goto bad_client; + } in->used += bytes; if (in->used != in->hdr.msg.len) @@ -1649,14 +1626,14 @@ static void handle_input(struct connection *conn) return; bad_client: - ignore_connection(conn); + ignore_connection(conn, err); } static void handle_output(struct connection *conn) { /* Ignore the connection if an error occured */ if (!write_messages(conn)) - ignore_connection(conn); + ignore_connection(conn, XENSTORE_ERROR_RINGIDX); } struct connection *new_connection(const struct interface_funcs *funcs) diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h index 190d2447cd..742812a974 100644 --- a/tools/xenstore/xenstored_core.h +++ b/tools/xenstore/xenstored_core.h @@ -206,7 +206,6 @@ struct node *read_node(struct connection *conn, const void *ctx, struct connection *new_connection(const struct interface_funcs *funcs); struct connection *get_connection_by_id(unsigned int conn_id); -void ignore_connection(struct connection *conn); void check_store(void); void corrupt(struct connection *conn, const char *fmt, ...); diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index d03c7d93a9..ae065fcbee 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -427,6 +427,38 @@ static void domain_conn_reset(struct domain *domain) domain->interface->rsp_cons = domain->interface->rsp_prod = 0; } +/* + * Keep the connection alive but stop processing any new request or sending + * reponse. This is to allow sending @releaseDomain watch event at the correct + * moment and/or to allow the connection to restart (not yet implemented). + * + * All watches, transactions, buffers will be freed. + */ +void ignore_connection(struct connection *conn, unsigned int err) +{ + struct buffered_data *out, *tmp; + + trace("CONN %p ignored, reason %u\n", conn, err); + + if (conn->domain && conn->domain->interface) + conn->domain->interface->error = err; + + conn->is_ignored = true; + conn_delete_all_watches(conn); + conn_delete_all_transactions(conn); + + list_for_each_entry_safe(out, tmp, &conn->out_list, list) { + list_del(&out->list); + talloc_free(out); + } + + talloc_free(conn->in); + conn->in = NULL; + /* if this is a socket connection, drop it now */ + if (conn->fd >= 0) + talloc_free(conn); +} + static struct domain *introduce_domain(const void *ctx, unsigned int domid, evtchn_port_t port, bool restore) @@ -1305,7 +1337,7 @@ void read_state_connection(const void *ctx, const void *state) * dead. So mark it as ignored. */ if (!domain->port || !domain->interface) - ignore_connection(conn); + ignore_connection(conn, XENSTORE_ERROR_COMM); if (sc->spec.ring.tdomid != DOMID_INVALID) { tdomain = find_or_alloc_domain(ctx, diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h index 1e929b8f8c..4a37de67a0 100644 --- a/tools/xenstore/xenstored_domain.h +++ b/tools/xenstore/xenstored_domain.h @@ -47,6 +47,7 @@ int do_reset_watches(struct connection *conn, struct buffered_data *in); void domain_init(int evtfd); void dom0_init(void); void domain_deinit(void); +void ignore_connection(struct connection *conn, unsigned int err); /* Returns the implicit path of a connection (only domains have this) */ const char *get_implicit_path(const struct connection *conn); diff --git a/xen/include/public/io/xs_wire.h b/xen/include/public/io/xs_wire.h index 4dd6632669..953a0050a3 100644 --- a/xen/include/public/io/xs_wire.h +++ b/xen/include/public/io/xs_wire.h @@ -124,6 +124,7 @@ struct xenstore_domain_interface { XENSTORE_RING_IDX rsp_cons, rsp_prod; uint32_t server_features; /* Bitmap of features supported by the server */ uint32_t connection; + uint32_t error; }; /* Violating this is very bad. See docs/misc/xenstore.txt. */ @@ -135,11 +136,19 @@ struct xenstore_domain_interface { /* The ability to reconnect a ring */ #define XENSTORE_SERVER_FEATURE_RECONNECTION 1 +/* The presence of the "error" field in the ring page */ +#define XENSTORE_SERVER_FEATURE_ERROR 2 /* Valid values for the connection field */ #define XENSTORE_CONNECTED 0 /* the steady-state */ #define XENSTORE_RECONNECT 1 /* guest has initiated a reconnect */ +/* Valid values for the error field */ +#define XENSTORE_ERROR_NONE 0 /* No error */ +#define XENSTORE_ERROR_COMM 1 /* Communication problem */ +#define XENSTORE_ERROR_RINGIDX 2 /* Invalid ring index */ +#define XENSTORE_ERROR_PROTO 3 /* Protocol violation (payload too long) */ + #endif /* _XS_WIRE_H */ /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275707.471699 (Exim 4.92) (envelope-from ) id 1nLJ9P-0002JC-PP; Sat, 19 Feb 2022 06:23:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275707.471699; Sat, 19 Feb 2022 06:23:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9P-0002J3-M5; Sat, 19 Feb 2022 06:23:23 +0000 Received: by outflank-mailman (input) for mailman id 275707; Sat, 19 Feb 2022 06:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9P-0002Ix-0Q for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9O-0007td-Vs for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ9O-0005es-Uz for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n8Bx94+lWNIFJv+fhxeOxXDdlRQSyc8vBbDVGwc7C1o=; b=TYYOP084BZHn1lLqG7wNfYaYzA NPJMXacm/l+D0SXsjNZBgjCDFMeEAJAvwDpicWN4tSAWb7OItheaSKRs3E/pDp7awZ1l6i+qxAcLM zumB4VerbQGvqxaxfxSxZ6lGnyGbZt35QsiyxNl9rDcxd2g00m84RcvqWnoWQH3QjIro=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Sat, 19 Feb 2022 06:23:22 +0000 commit 07449ecfa42532495156fa342af2112e3e31dd3f Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:03:08 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:03:08 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index d7a40d7550..15ed021f41 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1160,17 +1160,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275708.471703 (Exim 4.92) (envelope-from ) id 1nLJ9a-0002Me-Qx; Sat, 19 Feb 2022 06:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275708.471703; Sat, 19 Feb 2022 06:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9a-0002MW-Ny; Sat, 19 Feb 2022 06:23:34 +0000 Received: by outflank-mailman (input) for mailman id 275708; Sat, 19 Feb 2022 06:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9Z-0002MI-3J for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9Z-0007tk-2Z for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ9Z-0005fk-1q for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5udH12Xf+MdZ/qb2gmjx6qTBSJTDO8bP/eM9gIc1l0s=; b=XVwi4PqFH5ez8qjcF+73GVZvSX sfnaJyDoIZ55lhCmBwAKEODoG21QjjxHAprSMwwlP1rCnv8QOFSaqfO6mv43QiTg+hOnRp6hafOiP +eosrwoL//460aaMWeUGwcsd9+vdMpStyAXqv+7spLcyOri9Ryc29d7bwduofRw3ro68=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: add CPUID flag for Extended Destination ID support Message-Id: Date: Sat, 19 Feb 2022 06:23:33 +0000 commit f5592322062f7912dc45b30606f20691f6e1c3ee Author: Roger Pau Monné AuthorDate: Fri Feb 18 09:17:47 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 09:17:47 2022 +0100 x86/cpuid: add CPUID flag for Extended Destination ID support Introduce the CPUID flag to be used in order to signal the support for using an extended destination ID in IO-APIC RTEs and MSI address fields. Such format expands the maximum target APIC ID from 255 to 32768 without requiring the usage of interrupt remapping. The design document describing the feature can be found at: http://david.woodhou.se/15-bit-msi.pdf Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/include/public/arch-x86/cpuid.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/public/arch-x86/cpuid.h b/xen/include/public/arch-x86/cpuid.h index ce46305bee..f2b2b3632c 100644 --- a/xen/include/public/arch-x86/cpuid.h +++ b/xen/include/public/arch-x86/cpuid.h @@ -102,6 +102,13 @@ #define XEN_HVM_CPUID_IOMMU_MAPPINGS (1u << 2) #define XEN_HVM_CPUID_VCPU_ID_PRESENT (1u << 3) /* vcpu id is present in EBX */ #define XEN_HVM_CPUID_DOMID_PRESENT (1u << 4) /* domid is present in ECX */ +/* + * With interrupt format set to 0 (non-remappable) bits 55:49 from the + * IO-APIC RTE and bits 11:5 from the MSI address can be used to store + * high bits for the Destination ID. This expands the Destination ID + * field from 8 to 15 bits, allowing to target APIC IDs up 32768. + */ +#define XEN_HVM_CPUID_EXT_DEST_ID (1u << 5) /* * Leaf 6 (0x40000x05) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275709.471707 (Exim 4.92) (envelope-from ) id 1nLJ9k-0002PJ-SY; Sat, 19 Feb 2022 06:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275709.471707; Sat, 19 Feb 2022 06:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9k-0002P9-PQ; Sat, 19 Feb 2022 06:23:44 +0000 Received: by outflank-mailman (input) for mailman id 275709; Sat, 19 Feb 2022 06:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9j-0002Oj-71 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9j-0007uG-69 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ9j-0005gV-56 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BohauORzQmhXluxcVtsRCAFDCK8KkPuV2FFXe7lTfDs=; b=1HaaQK6wUJQeyLffSeG4QpaYWU ZD1hhG1D7d5i3eZ3t9byDEIl5fyGsqIfgm8C+EosuvYkGOfjeOwZ+cfKQPi4yRgI1Tj9L/baUIK3l wt93SSggnn4ny0jGtYsLPEj6a8ETmN44PDIuF4RTgJ0derorPHZ6FUQGVnWY3RA0dn4M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d / x86: re-arrange cache syncing Message-Id: Date: Sat, 19 Feb 2022 06:23:43 +0000 commit 3330013e6739661fd21a518b7e85be2ebe08c354 Author: Jan Beulich AuthorDate: Fri Feb 18 14:18:01 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:18:01 2022 +0100 VT-d / x86: re-arrange cache syncing The actual function should always have lived in core x86 code; move it there, replacing get_cache_line_size() by readily available (except very early during boot; see the code comment) data. Also rename the function. Drop the respective IOMMU hook, (re)introducing a respective boolean instead. Replace a true and an almost open-coding instance of iommu_sync_cache(). Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/arch/x86/flushtlb.c | 52 ++++++++++++++++++++++++++++++++++ xen/arch/x86/include/asm/cache.h | 6 ++++ xen/arch/x86/include/asm/iommu.h | 14 +++++---- xen/drivers/passthrough/vtd/extern.h | 1 - xen/drivers/passthrough/vtd/iommu.c | 53 ++--------------------------------- xen/drivers/passthrough/vtd/x86/vtd.c | 5 ---- xen/drivers/passthrough/x86/iommu.c | 4 +-- xen/include/xen/iommu.h | 1 - 8 files changed, 70 insertions(+), 66 deletions(-) diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c index 25798df50f..735ce00316 100644 --- a/xen/arch/x86/flushtlb.c +++ b/xen/arch/x86/flushtlb.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -265,6 +266,57 @@ unsigned int flush_area_local(const void *va, unsigned int flags) return flags; } +void cache_writeback(const void *addr, unsigned int size) +{ + /* + * This function may be called before current_cpu_data is established. + * Hence a fallback is needed to prevent the loop below becoming infinite. + */ + unsigned int clflush_size = current_cpu_data.x86_clflush_size ?: 16; + const void *end = addr + size; + + addr -= (unsigned long)addr & (clflush_size - 1); + for ( ; addr < end; addr += clflush_size ) + { +/* + * The arguments to a macro must not include preprocessor directives. Doing so + * results in undefined behavior, so we have to create some defines here in + * order to avoid it. + */ +#if defined(HAVE_AS_CLWB) +# define CLWB_ENCODING "clwb %[p]" +#elif defined(HAVE_AS_XSAVEOPT) +# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ +#else +# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ +#endif + +#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) +#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) +# define INPUT BASE_INPUT +#else +# define INPUT(addr) "a" (addr), BASE_INPUT(addr) +#endif + /* + * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush + * + prefix than a clflush + nop, and hence the prefix is added instead + * of letting the alternative framework fill the gap by appending nops. + */ + alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", + "data16 clflush %[p]", /* clflushopt */ + X86_FEATURE_CLFLUSHOPT, + CLWB_ENCODING, + X86_FEATURE_CLWB, /* no outputs */, + INPUT(addr)); +#undef INPUT +#undef BASE_INPUT +#undef CLWB_ENCODING + } + + alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, + "sfence", X86_FEATURE_CLWB); +} + unsigned int guest_flush_tlb_flags(const struct domain *d) { bool shadow = paging_mode_shadow(d); diff --git a/xen/arch/x86/include/asm/cache.h b/xen/arch/x86/include/asm/cache.h index 1f7173d8c7..424dc5b7b9 100644 --- a/xen/arch/x86/include/asm/cache.h +++ b/xen/arch/x86/include/asm/cache.h @@ -11,4 +11,10 @@ #define __read_mostly __section(".data.read_mostly") +#ifndef __ASSEMBLY__ + +void cache_writeback(const void *addr, unsigned int size); + +#endif + #endif diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index de46149b40..8a96ba1f09 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -134,12 +135,13 @@ extern bool untrusted_msi; int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, const uint8_t gvec); -#define iommu_sync_cache(addr, size) ({ \ - const struct iommu_ops *ops = iommu_get_ops(); \ - \ - if ( ops->sync_cache ) \ - iommu_vcall(ops, sync_cache, addr, size); \ -}) +extern bool iommu_non_coherent; + +static inline void iommu_sync_cache(const void *addr, unsigned int size) +{ + if ( iommu_non_coherent ) + cache_writeback(addr, size); +} int __must_check iommu_free_pgtables(struct domain *d); struct page_info *__must_check iommu_alloc_pgtable(struct domain *d); diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index f97883a780..5e9cc935c4 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -78,7 +78,6 @@ int __must_check qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, u16 did, u16 size, u64 addr); -unsigned int get_cache_line_size(void); void flush_all_cache(void); uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 34ea5f485d..698b09d070 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -240,54 +240,6 @@ domid_t did_to_domain_id(const struct vtd_iommu *iommu, unsigned int did) return iommu->domid_map[did]; } -static void sync_cache(const void *addr, unsigned int size) -{ - static unsigned long clflush_size = 0; - const void *end = addr + size; - - if ( clflush_size == 0 ) - clflush_size = get_cache_line_size(); - - addr -= (unsigned long)addr & (clflush_size - 1); - for ( ; addr < end; addr += clflush_size ) -/* - * The arguments to a macro must not include preprocessor directives. Doing so - * results in undefined behavior, so we have to create some defines here in - * order to avoid it. - */ -#if defined(HAVE_AS_CLWB) -# define CLWB_ENCODING "clwb %[p]" -#elif defined(HAVE_AS_XSAVEOPT) -# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ -#else -# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ -#endif - -#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) -#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) -# define INPUT BASE_INPUT -#else -# define INPUT(addr) "a" (addr), BASE_INPUT(addr) -#endif - /* - * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush - * + prefix than a clflush + nop, and hence the prefix is added instead - * of letting the alternative framework fill the gap by appending nops. - */ - alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", - "data16 clflush %[p]", /* clflushopt */ - X86_FEATURE_CLFLUSHOPT, - CLWB_ENCODING, - X86_FEATURE_CLWB, /* no outputs */, - INPUT(addr)); -#undef INPUT -#undef BASE_INPUT -#undef CLWB_ENCODING - - alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, - "sfence", X86_FEATURE_CLWB); -} - /* Allocate page table, return its machine address */ uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node) { @@ -306,8 +258,7 @@ uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node) clear_page(vaddr); - if ( (iommu_ops.init ? &iommu_ops : &vtd_ops)->sync_cache ) - sync_cache(vaddr, PAGE_SIZE); + iommu_sync_cache(vaddr, PAGE_SIZE); unmap_domain_page(vaddr); cur_pg++; } @@ -1327,7 +1278,7 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) iommu->nr_pt_levels = agaw_to_level(agaw); if ( !ecap_coherent(iommu->ecap) ) - vtd_ops.sync_cache = sync_cache; + iommu_non_coherent = true; nr_dom = cap_ndoms(iommu->cap); diff --git a/xen/drivers/passthrough/vtd/x86/vtd.c b/xen/drivers/passthrough/vtd/x86/vtd.c index 6681dccd69..55f0faa521 100644 --- a/xen/drivers/passthrough/vtd/x86/vtd.c +++ b/xen/drivers/passthrough/vtd/x86/vtd.c @@ -47,11 +47,6 @@ void unmap_vtd_domain_page(const void *va) unmap_domain_page(va); } -unsigned int get_cache_line_size(void) -{ - return ((cpuid_ebx(1) >> 8) & 0xff) * 8; -} - void flush_all_cache() { wbinvd(); diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 583abed9bd..ad5f44e13d 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -28,6 +28,7 @@ const struct iommu_init_ops *__initdata iommu_init_ops; struct iommu_ops __read_mostly iommu_ops; +bool __read_mostly iommu_non_coherent; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -438,8 +439,7 @@ struct page_info *iommu_alloc_pgtable(struct domain *d) p = __map_domain_page(pg); clear_page(p); - if ( hd->platform_ops->sync_cache ) - iommu_vcall(hd->platform_ops, sync_cache, p, PAGE_SIZE); + iommu_sync_cache(p, PAGE_SIZE); unmap_domain_page(p); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 6b2cdffa4a..b18e7760a2 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -268,7 +268,6 @@ struct iommu_ops { int (*setup_hpet_msi)(struct msi_desc *); int (*adjust_irq_affinities)(void); - void (*sync_cache)(const void *addr, unsigned int size); void (*clear_root_pgtable)(struct domain *d); int (*update_ire_from_msi)(struct msi_desc *msi_desc, struct msi_msg *msg); #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:23:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:23:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275710.471711 (Exim 4.92) (envelope-from ) id 1nLJ9u-0002SN-U0; Sat, 19 Feb 2022 06:23:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275710.471711; Sat, 19 Feb 2022 06:23:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9u-0002SF-R2; Sat, 19 Feb 2022 06:23:54 +0000 Received: by outflank-mailman (input) for mailman id 275710; Sat, 19 Feb 2022 06:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9t-0002Rj-9w for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJ9t-0007uQ-9H for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJ9t-0005iw-8R for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OHlhyMHzNkxnin0tgjT7TJOFMtG7j8xVjGhZCCKEnLo=; b=vOHv1xmv9z/3VYZC/Z/2uwEAXW FV4TmFU5lK0lviFuxjWYCWI3XGTIB99jeQbaD52fJB/EZMbFPzqSBCsRiLKF5hjG5jDttcEUqGodz WMWEfwce7npc+CHEtZudUZYzVIBcpTmrMso/Tkbjgzq/1CWRAIg48RssBOJ5zvGB/mXI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VT-d: replace flush_all_cache() Message-Id: Date: Sat, 19 Feb 2022 06:23:53 +0000 commit 89d5b779a854068a3194170b505f5e1f418ec082 Author: Jan Beulich AuthorDate: Fri Feb 18 14:18:51 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:18:51 2022 +0100 VT-d: replace flush_all_cache() Let's use infrastructure we have available instead of an open-coded wbinvd() invocation. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/vtd/extern.h | 2 -- xen/drivers/passthrough/vtd/iommu.c | 3 ++- xen/drivers/passthrough/vtd/x86/vtd.c | 5 ----- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 5e9cc935c4..52b82f7132 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -78,8 +78,6 @@ int __must_check qinval_device_iotlb_sync(struct vtd_iommu *iommu, struct pci_dev *pdev, u16 did, u16 size, u64 addr); -void flush_all_cache(void); - uint64_t alloc_pgtable_maddr(unsigned long npages, nodeid_t node); void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 698b09d070..566b0e2a7e 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -623,7 +623,8 @@ static int __must_check iommu_flush_all(void) bool_t flush_dev_iotlb; int rc = 0; - flush_all_cache(); + flush_local(FLUSH_CACHE); + for_each_drhd_unit ( drhd ) { int context_rc, iotlb_rc; diff --git a/xen/drivers/passthrough/vtd/x86/vtd.c b/xen/drivers/passthrough/vtd/x86/vtd.c index 55f0faa521..76f12adc23 100644 --- a/xen/drivers/passthrough/vtd/x86/vtd.c +++ b/xen/drivers/passthrough/vtd/x86/vtd.c @@ -46,8 +46,3 @@ void unmap_vtd_domain_page(const void *va) { unmap_domain_page(va); } - -void flush_all_cache() -{ - wbinvd(); -} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275711.471714 (Exim 4.92) (envelope-from ) id 1nLJA4-0002VY-VU; Sat, 19 Feb 2022 06:24:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275711.471714; Sat, 19 Feb 2022 06:24:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJA4-0002VQ-Sc; Sat, 19 Feb 2022 06:24:04 +0000 Received: by outflank-mailman (input) for mailman id 275711; Sat, 19 Feb 2022 06:24:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJA3-0002VA-DM for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJA3-0007uh-Ce for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJA3-0005k2-Bg for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E753vzA7OC7EDau2nHwWC5BYaUccV6cXh9HDDWI6KcE=; b=kiJXMBEkGlsYEEb7a0na+7vNN1 j8Ltzj8r2HR8YALlRLTmbsLCn2qCZTXHTyOVlXjE7g7Iea+oFlhtEPuihAGZP/5gAPd2yq5EdqPDC h+b3L55LIF5M0wbyM1M/0T57cprXhiPPhsPRg4dz1bNURMprJwsTj0d8bpWwXYskNFag=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/PCI: propagate get_device_group_id() failure Message-Id: Date: Sat, 19 Feb 2022 06:24:03 +0000 commit 8518f96f13fb0ac2dd9791014bfb0d1b01f34e4c Author: Jan Beulich AuthorDate: Fri Feb 18 14:19:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:19:42 2022 +0100 IOMMU/PCI: propagate get_device_group_id() failure The VT-d hook can indicate an error, which shouldn't be ignored. Convert the hook's return value to a proper error code, and let that bubble up. Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Reviewed-by: Kevin Tian --- xen/drivers/passthrough/pci.c | 13 ++++++++++--- xen/drivers/passthrough/vtd/iommu.c | 7 ++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index e8b09d77d8..70b6684981 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1532,6 +1532,8 @@ static int iommu_get_device_group( return 0; group_id = iommu_call(ops, get_device_group_id, seg, bus, devfn); + if ( group_id < 0 ) + return group_id; pcidevs_lock(); for_each_pdev( d, pdev ) @@ -1546,6 +1548,12 @@ static int iommu_get_device_group( continue; sdev_id = iommu_call(ops, get_device_group_id, seg, b, df); + if ( sdev_id < 0 ) + { + pcidevs_unlock(); + return sdev_id; + } + if ( (sdev_id == group_id) && (i < max_sdevs) ) { bdf = (b << 16) | (df << 8); @@ -1553,7 +1561,7 @@ static int iommu_get_device_group( if ( unlikely(copy_to_guest_offset(buf, i, &bdf, 1)) ) { pcidevs_unlock(); - return -1; + return -EFAULT; } i++; } @@ -1621,8 +1629,7 @@ int iommu_do_pci_domctl( ret = iommu_get_device_group(d, seg, bus, devfn, sdevs, max_sdevs); if ( ret < 0 ) { - dprintk(XENLOG_ERR, "iommu_get_device_group() failed!\n"); - ret = -EFAULT; + dprintk(XENLOG_ERR, "iommu_get_device_group() failed: %d\n", ret); domctl->u.get_device_group.num_sdevs = 0; } else diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 566b0e2a7e..0fc818fd27 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2564,10 +2564,11 @@ static int intel_iommu_assign_device( static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) { u8 secbus; + if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 0 ) - return -1; - else - return PCI_BDF2(bus, devfn); + return -ENODEV; + + return PCI_BDF2(bus, devfn); } static int __must_check vtd_suspend(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275712.471720 (Exim 4.92) (envelope-from ) id 1nLJAF-0002YS-1L; Sat, 19 Feb 2022 06:24:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275712.471720; Sat, 19 Feb 2022 06:24:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAE-0002YK-UD; Sat, 19 Feb 2022 06:24:14 +0000 Received: by outflank-mailman (input) for mailman id 275712; Sat, 19 Feb 2022 06:24:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAD-0002Y7-GY for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAD-0007uu-Fu for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJAD-0005lE-FA for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ga2H93cUpox0ncZkict1s3NK5pOyUwAP3B6aH4fv/2E=; b=bNXIbUenY0WAeyk9LEPESUpcFm nWrmSorXVFrraT8WY4O5+F8TavMJcK0Ojfcy+acV2MjKBGnK/RDUkZ2fVyGr3vsNmeRA2+Sh2Utxh 8LquCABXBjhA4UNJfyt9lAUKVRclCTiFXSOfWFChhjFs3qsBKaS5fssRQDouAYU+2P3o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: introduce ioremap_wc() Message-Id: Date: Sat, 19 Feb 2022 06:24:13 +0000 commit 81d195c6c0e2ee1b706d19dbbb57f73bbf6b81b4 Author: Jan Beulich AuthorDate: Fri Feb 18 14:42:39 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:42:39 2022 +0100 x86: introduce ioremap_wc() In order for a to-be-introduced ERMS form of memcpy() to not regress boot performance on certain systems when video output is active, we first need to arrange for avoiding further dependency on firmware setting up MTRRs in a way we can actually further modify. On many systems, due to the continuously growing amounts of installed memory, MTRRs get configured with at least one huge WB range, and with MMIO ranges below 4Gb then forced to UC via overlapping MTRRs. mtrr_add(), as it is today, can't deal with such a setup. Hence on such systems we presently leave the frame buffer mapped UC, leading to significantly reduced performance when using REP STOSB / REP MOVSB. On post-PentiumII hardware (i.e. any that's capable of running 64-bit code), an effective memory type of WC can be achieved without MTRRs, by simply referencing the respective PAT entry from the PTEs. While this will leave the switch to ERMS forms of memset() and memcpy() with largely unchanged performance, the change here on its own improves performance on affected systems quite significantly: Measuring just the individual affected memcpy() invocations yielded a speedup by a factor of over 250 on my initial (Skylake) test system. memset() isn't getting improved by as much there, but still by a factor of about 20. While adding {__,}PAGE_HYPERVISOR_WC, also add {__,}PAGE_HYPERVISOR_WT to, at the very least, make clear what PTE flags this memory type uses. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/mm.h | 2 ++ xen/arch/x86/include/asm/page.h | 2 ++ xen/arch/x86/include/asm/x86_64/page.h | 4 ++++ xen/arch/x86/mm.c | 14 ++++++++++++++ xen/drivers/video/vesa.c | 7 +++---- xen/drivers/video/vga.c | 6 +++++- 6 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index 9b9de4c6be..bdde24d2ce 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -602,6 +602,8 @@ void destroy_perdomain_mapping(struct domain *, unsigned long va, unsigned int nr); void free_perdomain_mappings(struct domain *); +void __iomem *ioremap_wc(paddr_t, size_t); + extern int memory_add(unsigned long spfn, unsigned long epfn, unsigned int pxm); void domain_set_alloc_bitsize(struct domain *d); diff --git a/xen/arch/x86/include/asm/page.h b/xen/arch/x86/include/asm/page.h index 1d080cffbe..447491cd09 100644 --- a/xen/arch/x86/include/asm/page.h +++ b/xen/arch/x86/include/asm/page.h @@ -349,8 +349,10 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t); #define __PAGE_HYPERVISOR_RX (_PAGE_PRESENT | _PAGE_ACCESSED) #define __PAGE_HYPERVISOR (__PAGE_HYPERVISOR_RX | \ _PAGE_DIRTY | _PAGE_RW) +#define __PAGE_HYPERVISOR_WT (__PAGE_HYPERVISOR | _PAGE_PWT) #define __PAGE_HYPERVISOR_UCMINUS (__PAGE_HYPERVISOR | _PAGE_PCD) #define __PAGE_HYPERVISOR_UC (__PAGE_HYPERVISOR | _PAGE_PCD | _PAGE_PWT) +#define __PAGE_HYPERVISOR_WC (__PAGE_HYPERVISOR | _PAGE_PAT) #define __PAGE_HYPERVISOR_SHSTK (__PAGE_HYPERVISOR_RO | _PAGE_DIRTY) #define MAP_SMALL_PAGES _PAGE_AVAIL0 /* don't use superpages mappings */ diff --git a/xen/arch/x86/include/asm/x86_64/page.h b/xen/arch/x86/include/asm/x86_64/page.h index cb1db107c4..26bdb4b19b 100644 --- a/xen/arch/x86/include/asm/x86_64/page.h +++ b/xen/arch/x86/include/asm/x86_64/page.h @@ -152,6 +152,10 @@ static inline intpte_t put_pte_flags(unsigned int x) _PAGE_GLOBAL | _PAGE_NX) #define PAGE_HYPERVISOR_UC (__PAGE_HYPERVISOR_UC | \ _PAGE_GLOBAL | _PAGE_NX) +#define PAGE_HYPERVISOR_WC (__PAGE_HYPERVISOR_WC | \ + _PAGE_GLOBAL | _PAGE_NX) +#define PAGE_HYPERVISOR_WT (__PAGE_HYPERVISOR_WT | \ + _PAGE_GLOBAL | _PAGE_NX) #endif /* __X86_64_PAGE_H__ */ diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b80e4ab9c5..9c7c616253 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5895,6 +5895,20 @@ void __iomem *ioremap(paddr_t pa, size_t len) return (void __force __iomem *)va; } +void __iomem *__init ioremap_wc(paddr_t pa, size_t len) +{ + mfn_t mfn = _mfn(PFN_DOWN(pa)); + unsigned int offs = pa & (PAGE_SIZE - 1); + unsigned int nr = PFN_UP(offs + len); + void *va; + + WARN_ON(page_is_ram_type(mfn_x(mfn), RAM_TYPE_CONVENTIONAL)); + + va = __vmap(&mfn, nr, 1, 1, PAGE_HYPERVISOR_WC, VMAP_DEFAULT); + + return (void __force __iomem *)(va + offs); +} + int create_perdomain_mapping(struct domain *d, unsigned long va, unsigned int nr, l1_pgentry_t **pl1tab, struct page_info **ppg) diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 2c1bbd9278..f9169f701f 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -9,9 +9,9 @@ #include #include #include +#include #include #include -#include #include "font.h" #include "lfb.h" @@ -103,7 +103,7 @@ void __init vesa_init(void) lfbp.text_columns = vlfb_info.width / font->width; lfbp.text_rows = vlfb_info.height / font->height; - lfbp.lfb = lfb = ioremap(lfb_base(), vram_remap); + lfbp.lfb = lfb = ioremap_wc(lfb_base(), vram_remap); if ( !lfb ) return; @@ -179,8 +179,7 @@ void __init vesa_mtrr_init(void) static void lfb_flush(void) { - if ( vesa_mtrr == 3 ) - __asm__ __volatile__ ("sfence" : : : "memory"); + __asm__ __volatile__ ("sfence" : : : "memory"); } void __init vesa_endboot(bool_t keep) diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index b7f04d0d97..5e58f83c97 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -79,7 +79,7 @@ void __init video_init(void) { case XEN_VGATYPE_TEXT_MODE_3: if ( page_is_ram_type(paddr_to_pfn(0xB8000), RAM_TYPE_CONVENTIONAL) || - ((video = ioremap(0xB8000, 0x8000)) == NULL) ) + ((video = ioremap_wc(0xB8000, 0x8000)) == NULL) ) return; outw(0x200a, 0x3d4); /* disable cursor */ columns = vga_console_info.u.text_mode_3.columns; @@ -164,7 +164,11 @@ void __init video_endboot(void) { case XEN_VGATYPE_TEXT_MODE_3: if ( !vgacon_keep ) + { memset(video, 0, columns * lines * 2); + iounmap(video); + video = ZERO_BLOCK_PTR; + } break; case XEN_VGATYPE_VESA_LFB: case XEN_VGATYPE_EFI_LFB: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275713.471724 (Exim 4.92) (envelope-from ) id 1nLJAP-0002cB-5b; Sat, 19 Feb 2022 06:24:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275713.471724; Sat, 19 Feb 2022 06:24:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAP-0002c3-1X; Sat, 19 Feb 2022 06:24:25 +0000 Received: by outflank-mailman (input) for mailman id 275713; Sat, 19 Feb 2022 06:24:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAN-0002bn-Jp for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAN-0007v7-J2 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJAN-0005mW-IA for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6JF+fa+FTJ+Y2w3CvP0WEoKSuqSGN9O3W0v5V5eAIMs=; b=ZArqF8juf+S7S699SOrzcTrwW1 Cug08DIgoftywMKwTPv5LKDeNF7Ylk7AO/a9e2EDNx4GTMMUuK4W8jz6h7HLY+SqCkSI2qPt/n+sx sRQQ/fMjAj01iTu87JblYfxDrSDbOdGc26EagyLkJaZkkrCNH8iIIzCwuj5Kf8Zw0m2I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: move .text.kexec Message-Id: Date: Sat, 19 Feb 2022 06:24:23 +0000 commit 0e07d47048e4de9894a52e55972fc86714c4bf16 Author: Jan Beulich AuthorDate: Fri Feb 18 14:43:58 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:43:58 2022 +0100 x86: move .text.kexec The source file requests page alignment - avoid a padding hole by placing it right after .text.entry. On average this yields a .text size reduction of 2k. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/xen.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index ca22e984f8..82ad8feb6e 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -83,10 +83,11 @@ SECTIONS . = ALIGN(PAGE_SIZE); _etextentry = .; + *(.text.kexec) /* Page aligned in the object file. */ + *(.text.cold) *(.text.unlikely) *(.fixup) - *(.text.kexec) *(.gnu.warning) _etext = .; /* End of text section */ } PHDR(text) = 0x9090 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275714.471727 (Exim 4.92) (envelope-from ) id 1nLJAZ-0002f9-6M; Sat, 19 Feb 2022 06:24:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275714.471727; Sat, 19 Feb 2022 06:24:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAZ-0002f1-39; Sat, 19 Feb 2022 06:24:35 +0000 Received: by outflank-mailman (input) for mailman id 275714; Sat, 19 Feb 2022 06:24:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAX-0002eo-Ml for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAX-0007vH-M1 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJAX-0005nl-LD for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1JSCATjbX4pJzmP5/Ks9nUE/qwHMa4PT6p2VVHguerk=; b=H3abVe8zVF9Mr279TsY2NGfBU8 8E9HgidzGg0mf2WKZgdLTbIv5YWVwCyUhBw6qhV3ZW+Rqi0BD1Rc/DotlMz9IBzVgQjjQgtAdhbJJ XifqhkZMhGM9gdln0zkZ8SIpzjllnHOG5+sI9Zh0Zca+EF1MA/UapD+XUuNSZo7BPz8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] video/vesa: unmap frame buffer when relinquishing console Message-Id: Date: Sat, 19 Feb 2022 06:24:33 +0000 commit f627a39c5e7539502624648aeb69e9ff0de2b8e5 Author: Jan Beulich AuthorDate: Fri Feb 18 14:44:32 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:44:32 2022 +0100 video/vesa: unmap frame buffer when relinquishing console There's no point in keeping the VA space occupied when no further output will occur. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/drivers/video/lfb.c | 1 + xen/drivers/video/vesa.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/xen/drivers/video/lfb.c b/xen/drivers/video/lfb.c index 75b749b330..9254b5e902 100644 --- a/xen/drivers/video/lfb.c +++ b/xen/drivers/video/lfb.c @@ -168,4 +168,5 @@ void lfb_free(void) xfree(lfb.lbuf); xfree(lfb.text_buf); xfree(lfb.line_len); + lfb.lfbp.lfb = ZERO_BLOCK_PTR; } diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index f9169f701f..b9bdfc1670 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -197,5 +197,7 @@ void __init vesa_endboot(bool_t keep) vlfb_info.width * bpp); lfb_flush(); lfb_free(); + iounmap(lfb); + lfb = ZERO_BLOCK_PTR; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275715.471732 (Exim 4.92) (envelope-from ) id 1nLJAj-0002hs-7p; Sat, 19 Feb 2022 06:24:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275715.471732; Sat, 19 Feb 2022 06:24:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAj-0002hg-4c; Sat, 19 Feb 2022 06:24:45 +0000 Received: by outflank-mailman (input) for mailman id 275715; Sat, 19 Feb 2022 06:24:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAh-0002hI-Q0 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAh-0007vd-PG for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJAh-0005p5-OV for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fGbeRHKO+FQgNz5gWHOP0o2sqeuPf/0N+Y0dIk1kRcI=; b=olWHw+O2cStW55W4TI6ssYrwEG BAhFP9yle38hZIaLDjzrLpW8fExqXmQd0Mm0GxY/qtkRUh3QLbQiNW4TxVebTHAAxnZ+VL5oWbo/1 7F50J4y0yYy8iVmMoVO/M6LAMWIhcNA93qI2JxDmcpKUh08AzptwU0sVDVrImjmEEcR4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] video/vesa: drop "vesa-mtrr" command line option Message-Id: Date: Sat, 19 Feb 2022 06:24:43 +0000 commit 6ba701064227c6a4baa64d377e1ad869452f7fb6 Author: Jan Beulich AuthorDate: Fri Feb 18 14:45:14 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:45:14 2022 +0100 video/vesa: drop "vesa-mtrr" command line option Now that we use ioremap_wc() for mapping the frame buffer, there's no need for this option anymore. As noted in the change introducing the use of ioremap_wc(), mtrr_add() didn't work in certain cases anyway. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- CHANGELOG.md | 3 +++ docs/misc/xen-command-line.pandoc | 3 --- xen/arch/x86/include/asm/setup.h | 2 -- xen/arch/x86/setup.c | 2 -- xen/drivers/video/vesa.c | 32 -------------------------------- 5 files changed, 3 insertions(+), 39 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c0cd88cdf..9f596eac3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD +### Removed / support downgraded + - dropped support for the (x86-only) "vesa-mtrr" command line option + ## [4.16.0](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - 2021-12-02 ### Removed diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 1ca817f5e1..a64aa5e841 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2492,9 +2492,6 @@ cache-warming. 1ms (1000) has been measured as a good value. ### vesa-map > `= ` -### vesa-mtrr -> `= ` - ### vesa-ram > `= ` diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h index 7dc03b6b8d..21037b7f31 100644 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -28,10 +28,8 @@ void init_IRQ(void); #ifdef CONFIG_VIDEO void vesa_init(void); -void vesa_mtrr_init(void); #else static inline void vesa_init(void) {}; -static inline void vesa_mtrr_init(void) {}; #endif int construct_dom0( diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 624b53ded4..2f6e10d0cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1808,8 +1808,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) local_irq_enable(); - vesa_mtrr_init(); - early_msi_init(); iommu_setup(); /* setup iommu if available */ diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index b9bdfc1670..5cc37f0171 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -145,38 +145,6 @@ void __init vesa_init(void) video_puts = lfb_redraw_puts; } -#include - -static unsigned int vesa_mtrr; -integer_param("vesa-mtrr", vesa_mtrr); - -void __init vesa_mtrr_init(void) -{ - static const int mtrr_types[] = { - 0, MTRR_TYPE_UNCACHABLE, MTRR_TYPE_WRBACK, - MTRR_TYPE_WRCOMB, MTRR_TYPE_WRTHROUGH }; - unsigned int size_total; - int rc, type; - - if ( !lfb || (vesa_mtrr == 0) || (vesa_mtrr >= ARRAY_SIZE(mtrr_types)) ) - return; - - type = mtrr_types[vesa_mtrr]; - if ( !type ) - return; - - /* Find the largest power-of-two */ - size_total = vram_total; - while ( size_total & (size_total - 1) ) - size_total &= size_total - 1; - - /* Try and find a power of two to add */ - do { - rc = mtrr_add(lfb_base(), size_total, type, 1); - size_total >>= 1; - } while ( (size_total >= PAGE_SIZE) && (rc == -EINVAL) ); -} - static void lfb_flush(void) { __asm__ __volatile__ ("sfence" : : : "memory"); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:24:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:24:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275716.471734 (Exim 4.92) (envelope-from ) id 1nLJAt-0002kh-8w; Sat, 19 Feb 2022 06:24:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275716.471734; Sat, 19 Feb 2022 06:24:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAt-0002kX-5z; Sat, 19 Feb 2022 06:24:55 +0000 Received: by outflank-mailman (input) for mailman id 275716; Sat, 19 Feb 2022 06:24:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAr-0002kJ-T3 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJAr-0007vj-SP for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJAr-0005qA-Rh for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:24:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DwF0pjeL0eMnRKrn7NfCyMGGEWvd5UTOtfHiD6akCck=; b=QJJqWQqDzk2fTrshcJz1XzTf8G CoZ7ZzZ1FHQEo8E8amQBsLU1qAxwIVl1HGRjl8unEwtnfuIa/fHaWvS2/E6Al2iatXm9x6/qdKQYW A4KMBc/VPLo5cGOXT583NPFeW36yqsHw1U/yO2kKyFoOlkXPb3hhZIUKc6dabpQZX3as=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] video/vesa: drop "vesa-remap" command line option Message-Id: Date: Sat, 19 Feb 2022 06:24:53 +0000 commit 7f7e55b85fce2155d83dedabd6537b47e2ea0ec7 Author: Jan Beulich AuthorDate: Fri Feb 18 14:45:45 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:45:45 2022 +0100 video/vesa: drop "vesa-remap" command line option If we get mode dimensions wrong, having the remapping size controllable via command line option isn't going to help much. Drop the option. While adjusting this also - add __initdata to the variable, - use ROUNDUP() instead of open-coding it. Requested-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- CHANGELOG.md | 2 +- docs/misc/xen-command-line.pandoc | 3 --- xen/drivers/video/vesa.c | 11 +++-------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f596eac3e..83d85fad5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [unstable UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD ### Removed / support downgraded - - dropped support for the (x86-only) "vesa-mtrr" command line option + - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options ## [4.16.0](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) - 2021-12-02 diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index a64aa5e841..ba5164eb64 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2489,9 +2489,6 @@ PCPUs when using the credit1 scheduler. This prevents rapid fluttering of a VCPU between CPUs, and reduces the implicit overheads such as cache-warming. 1ms (1000) has been measured as a good value. -### vesa-map -> `= ` - ### vesa-ram > `= ` diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 5cc37f0171..8ff1b1d4ea 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -26,8 +26,7 @@ static bool_t vga_compat; static unsigned int vram_total; integer_param("vesa-ram", vram_total); -static unsigned int vram_remap; -integer_param("vesa-map", vram_remap); +static unsigned int __initdata vram_remap; static int font_height; static int __init parse_font_height(const char *s) @@ -79,12 +78,8 @@ void __init vesa_early_init(void) * use for vesafb. With modern cards it is no * option to simply use vram_total as that * wastes plenty of kernel address space. */ - vram_remap = (vram_remap ? - (vram_remap << 20) : - ((vram_vmode + (1 << L2_PAGETABLE_SHIFT) - 1) & - ~((1 << L2_PAGETABLE_SHIFT) - 1))); - vram_remap = max_t(unsigned int, vram_remap, vram_vmode); - vram_remap = min_t(unsigned int, vram_remap, vram_total); + vram_remap = ROUNDUP(vram_vmode, 1 << L2_PAGETABLE_SHIFT); + vram_remap = min(vram_remap, vram_total); } void __init vesa_init(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:25:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:25:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275717.471738 (Exim 4.92) (envelope-from ) id 1nLJB3-0002p2-Ag; Sat, 19 Feb 2022 06:25:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275717.471738; Sat, 19 Feb 2022 06:25:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJB3-0002oq-7W; Sat, 19 Feb 2022 06:25:05 +0000 Received: by outflank-mailman (input) for mailman id 275717; Sat, 19 Feb 2022 06:25:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJB2-0002oO-04 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJB1-0007w3-Vd for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJB1-0005rZ-Ur for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aSICl3Raw0EbSvodaRRMYrAqEtLAduAkMPoB1h7YNIU=; b=3Bf9DhY6oZqf9vS16BN5+ftftM B42XZHsVyYo4bFoCsYdIe1IeEsXR8abR7QLLRwRSaYInMObvkUl2kMPnO2lE2htH3ejo6p1k7436B bP/WOELjT7TYvfupOoqhva4M1RuiWlbo7C9St2yUUXsKXovKNSqIAZ+f6YBMzHG3qqJo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] video/vesa: adjust (not just) command line option handling Message-Id: Date: Sat, 19 Feb 2022 06:25:03 +0000 commit ea140035d01afe28b896b6cb9848f2b2824d1bd2 Author: Jan Beulich AuthorDate: Fri Feb 18 14:46:27 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:46:27 2022 +0100 video/vesa: adjust (not just) command line option handling Document the remaining option. Add section annotation to the variable holding the parsed value as well as a few adjacent ones. Adjust the types of font_height and vga_compat. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- docs/misc/xen-command-line.pandoc | 5 +++++ xen/drivers/video/vesa.c | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index ba5164eb64..321a9abfc1 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2492,6 +2492,11 @@ cache-warming. 1ms (1000) has been measured as a good value. ### vesa-ram > `= ` +> Default: `0` + +This allows to override the amount of video RAM, in MiB, determined to be +present. + ### vga > `= ( ask | current | text-80x | gfx-xx | mode- )[,keep]` diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 8ff1b1d4ea..0342a3dede 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -19,16 +19,16 @@ static void lfb_flush(void); -static unsigned char *lfb; -static const struct font_desc *font; -static bool_t vga_compat; +static unsigned char *__read_mostly lfb; +static const struct font_desc *__initdata font; +static bool __initdata vga_compat; -static unsigned int vram_total; +static unsigned int __initdata vram_total; integer_param("vesa-ram", vram_total); static unsigned int __initdata vram_remap; -static int font_height; +static unsigned int __initdata font_height; static int __init parse_font_height(const char *s) { if ( simple_strtoul(s, &s, 10) == 8 && (*s++ == 'x') ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 06:25:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 06:25:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275718.471744 (Exim 4.92) (envelope-from ) id 1nLJBD-0002s8-Co; Sat, 19 Feb 2022 06:25:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275718.471744; Sat, 19 Feb 2022 06:25:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJBD-0002rx-9W; Sat, 19 Feb 2022 06:25:15 +0000 Received: by outflank-mailman (input) for mailman id 275718; Sat, 19 Feb 2022 06:25:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJBC-0002ro-3P for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLJBC-0007xj-2k for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLJBC-0005so-1x for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 06:25:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1CLcFQzJRnRmQ6B87/cUVTAWR804S5QVWlLnGLiPdx0=; b=v5FGYbT9XTj6qEQajMy7ELsXhO PSTYnzqFILEZLfM9S/tkZIssx6z4231UESY0cf3tisznTSEM4B4Kf8GwCK+fdHodpncMu3DzAUXoD J7NlpX0NhUoK74IjwUx7Vq7n3tTrDmrbYLZcl9r5mCSWgkxlB5QPPd9ctb0oRv3lQeok=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: replace a few do_div() uses Message-Id: Date: Sat, 19 Feb 2022 06:25:14 +0000 commit 8dc44294806c83456794ba9488b4b440aa6193c2 Author: Jan Beulich AuthorDate: Fri Feb 18 14:47:25 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 18 14:47:25 2022 +0100 x86: replace a few do_div() uses When the macro's "return value" is not used, the macro use can be replaced by a simply division, avoiding some obfuscation. According to my observations, no change to generated code. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/cpu/intel.c | 3 +-- xen/arch/x86/hpet.c | 5 +---- xen/arch/x86/nmi.c | 5 ++--- xen/arch/x86/time.c | 6 ++---- 4 files changed, 6 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index d7c6e2bd7d..eb5fba35ca 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -424,9 +424,8 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) unsigned long long val = ecx; val *= ebx; - do_div(val, eax); printk("CPU%u: TSC: %u Hz * %u / %u = %Lu Hz\n", - smp_processor_id(), ecx, ebx, eax, val); + smp_processor_id(), ecx, ebx, eax, val / eax); } else if ( ecx | eax | ebx ) { diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index afe104dc93..2fe8b005a5 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -105,10 +105,7 @@ custom_param("hpet", parse_hpet_param); static inline unsigned long div_sc(unsigned long ticks, unsigned long nsec, int shift) { - uint64_t tmp = ((uint64_t)ticks) << shift; - - do_div(tmp, nsec); - return (unsigned long) tmp; + return ((uint64_t)ticks << shift) / nsec; } /* diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index ab94a96c4d..c515de6336 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -292,10 +292,9 @@ static void clear_msr_range(unsigned int base, unsigned int n) static inline void write_watchdog_counter(const char *descr) { - u64 count = (u64)cpu_khz * 1000; + uint64_t count = cpu_khz * 1000ULL / nmi_hz; - do_div(count, nmi_hz); - if(descr) + if ( descr ) Dprintk("setting %s to -%#"PRIx64"\n", descr, count); wrmsrl(nmi_perfctr_msr, 0 - count); } diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 17f64a6ccd..bc41a3aa37 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -615,8 +615,7 @@ static uint64_t xen_timer_cpu_frequency(void) struct vcpu_time_info *info = &this_cpu(vcpu_info)->time; uint64_t freq; - freq = 1000000000ULL << 32; - do_div(freq, info->tsc_to_system_mul); + freq = (1000000000ULL << 32) / info->tsc_to_system_mul; if ( info->tsc_shift < 0 ) freq <<= -info->tsc_shift; else @@ -2178,8 +2177,7 @@ void __init early_time_init(void) set_time_scale(&t->tsc_scale, tmp); t->stamp.local_tsc = boot_tsc_stamp; - do_div(tmp, 1000); - cpu_khz = (unsigned long)tmp; + cpu_khz = tmp / 1000; printk("Detected %lu.%03lu MHz processor.\n", cpu_khz / 1000, cpu_khz % 1000); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 15:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 15:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275770.471784 (Exim 4.92) (envelope-from ) id 1nLRDZ-0001zh-Cr; Sat, 19 Feb 2022 15:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275770.471784; Sat, 19 Feb 2022 15:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDZ-0001zZ-A2; Sat, 19 Feb 2022 15:00:13 +0000 Received: by outflank-mailman (input) for mailman id 275770; Sat, 19 Feb 2022 15:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDY-0001zO-9q for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDY-0001HY-91 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLRDY-0002cS-80 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TTbgFWgdwd4k/S++w1IitaqOIWRAWpcqs55H+afXM0M=; b=SXEpQ3bbohGfaOrpzVmGjfk05r pfWisL4CKfATlfG084QXd98DM8WsSlj4kp5w53Pzv43idRY8exzxj9AR00hPhiiTuNyG4Lvgos1wm BLtkTrdROeJ233gGFy4qGMWTms9k9LPyTiHRWOwcwafrwQnEEpq2iO9yORd6xdJWgdv4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI: Clean up alpine containers Message-Id: Date: Sat, 19 Feb 2022 15:00:12 +0000 commit 76ce1cb1e32fad3ef493e081a0081931b56186b9 Author: Andrew Cooper AuthorDate: Thu Feb 17 21:16:35 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: Clean up alpine containers * `apk --no-cache` is the preferred way of setting up containers, and it does shrink the image by a few MB. * Neither container needs curl-dev or automake. * Flex and bison are needed for Xen, so move to the Xen block. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Anthony PERARD --- automation/build/alpine/3.12-arm64v8.dockerfile | 68 ++++++++++------------- automation/build/alpine/3.12.dockerfile | 74 +++++++++++-------------- 2 files changed, 63 insertions(+), 79 deletions(-) diff --git a/automation/build/alpine/3.12-arm64v8.dockerfile b/automation/build/alpine/3.12-arm64v8.dockerfile index a1ac960595..f8d3927ee3 100644 --- a/automation/build/alpine/3.12-arm64v8.dockerfile +++ b/automation/build/alpine/3.12-arm64v8.dockerfile @@ -8,46 +8,38 @@ RUN mkdir /build WORKDIR /build # build depends -RUN \ - # apk - apk update && \ +RUN apk --no-cache add \ \ # xen build deps - apk add argp-standalone && \ - apk add autoconf && \ - apk add automake && \ - apk add bash && \ - apk add curl && \ - apk add curl-dev && \ - apk add dev86 && \ - apk add dtc-dev && \ - apk add gcc && \ + argp-standalone \ + autoconf \ + bash \ + bison \ + curl \ + dev86 \ + dtc-dev \ + flex \ + gcc \ # gettext for Xen < 4.13 - apk add gettext && \ - apk add git && \ - apk add iasl && \ - apk add libaio-dev && \ - apk add libfdt && \ - apk add linux-headers && \ - apk add make && \ - apk add musl-dev && \ - apk add ncurses-dev && \ - apk add patch && \ - apk add python3-dev && \ - apk add texinfo && \ - apk add util-linux-dev && \ - apk add xz-dev && \ - apk add yajl-dev && \ - apk add zlib-dev && \ + gettext \ + git \ + iasl \ + libaio-dev \ + libfdt \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + patch \ + python3-dev \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ \ # qemu build deps - apk add bison && \ - apk add flex && \ - apk add glib-dev && \ - apk add libattr && \ - apk add libcap-ng-dev && \ - apk add pixman-dev && \ - \ - # cleanup - rm -rf /tmp/* && \ - rm -f /var/cache/apk/* + glib-dev \ + libattr \ + libcap-ng-dev \ + pixman-dev \ diff --git a/automation/build/alpine/3.12.dockerfile b/automation/build/alpine/3.12.dockerfile index 4cce7ab926..fbf4aa4d3d 100644 --- a/automation/build/alpine/3.12.dockerfile +++ b/automation/build/alpine/3.12.dockerfile @@ -8,49 +8,41 @@ RUN mkdir /build WORKDIR /build # build depends -RUN \ - # apk - apk update && \ +RUN apk --no-cache add \ \ # xen build deps - apk add argp-standalone && \ - apk add autoconf && \ - apk add automake && \ - apk add bash && \ - apk add curl && \ - apk add curl-dev && \ - apk add dev86 && \ - apk add gcc && \ - apk add g++ && \ - apk add clang && \ + argp-standalone \ + autoconf \ + bash \ + bison \ + clang \ + curl \ + dev86 \ + flex \ + g++ \ + gcc \ # gettext for Xen < 4.13 - apk add gettext && \ - apk add git && \ - apk add grep && \ - apk add iasl && \ - apk add libaio-dev && \ - apk add linux-headers && \ - apk add make && \ - apk add musl-dev && \ - apk add libc6-compat && \ - apk add ncurses-dev && \ - apk add patch && \ - apk add python3-dev && \ - apk add texinfo && \ - apk add util-linux-dev && \ - apk add xz-dev && \ - apk add yajl-dev && \ - apk add zlib-dev && \ + gettext \ + git \ + grep \ + iasl \ + libaio-dev \ + libc6-compat \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + patch \ + python3-dev \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ \ # qemu build deps - apk add bison && \ - apk add flex && \ - apk add glib-dev && \ - apk add libattr && \ - apk add libcap-ng-dev && \ - apk add ninja && \ - apk add pixman-dev && \ - \ - # cleanup - rm -rf /tmp/* && \ - rm -f /var/cache/apk/* + glib-dev \ + libattr \ + libcap-ng-dev \ + ninja \ + pixman-dev \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 15:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 15:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275769.471780 (Exim 4.92) (envelope-from ) id 1nLRDP-0001Yy-Bt; Sat, 19 Feb 2022 15:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275769.471780; Sat, 19 Feb 2022 15:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDP-0001YW-8S; Sat, 19 Feb 2022 15:00:03 +0000 Received: by outflank-mailman (input) for mailman id 275769; Sat, 19 Feb 2022 15:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDO-0001Nz-89 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDO-0001Ft-5f for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLRDO-0002aO-4N for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1bJQ5fHfFm72ggxuO9KwIRrNgyo2UABb+mu/pxel4K8=; b=wiVRY4c8q7EZMWJlG8CagSy1s9 j476bi9w/NUVUy+NmqHSW8fe/c5zeJoYoifvZKB1+5Cu0E5aZmQetfmQZdQKDjBnU4G8p06kL8cDA klMdBzgcNU4QGut3BK1TmfHHB+PEqk2d5TH7wZEY5ssaEhnE01lKeb99RagOrKKNksmE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI: Add gnu grep to alpine containers Message-Id: Date: Sat, 19 Feb 2022 15:00:02 +0000 commit 47052d8cca272efe262d58cb9f861e71be1e6fc2 Author: Andrew Cooper AuthorDate: Tue Feb 15 20:49:10 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: Add gnu grep to alpine containers A forthcoming change is going to want more support than busybox's grep can provide. Signed-off-by: Andrew Cooper Reviewed-by: Anthony PERARD --- automation/build/alpine/3.12.dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/automation/build/alpine/3.12.dockerfile b/automation/build/alpine/3.12.dockerfile index 4ee3ddc12e..4cce7ab926 100644 --- a/automation/build/alpine/3.12.dockerfile +++ b/automation/build/alpine/3.12.dockerfile @@ -26,6 +26,7 @@ RUN \ # gettext for Xen < 4.13 apk add gettext && \ apk add git && \ + apk add grep && \ apk add iasl && \ apk add libaio-dev && \ apk add linux-headers && \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 15:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 15:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275771.471788 (Exim 4.92) (envelope-from ) id 1nLRDj-000226-EW; Sat, 19 Feb 2022 15:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275771.471788; Sat, 19 Feb 2022 15:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDj-00021y-BV; Sat, 19 Feb 2022 15:00:23 +0000 Received: by outflank-mailman (input) for mailman id 275771; Sat, 19 Feb 2022 15:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDi-00021l-Cf for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDi-0001Hr-Bx for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLRDi-0002dQ-B6 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1gWdD7cYYXb2bDf170oM84TytzENQKIyklTuRT00Rxs=; b=QXYyJ7WrUt24ciN0fgLV/NSpGm SAVxH7V+FcsYqzgRyPCPdKEmPtdqZSV8LoE/eZ5tMtX9kEleJL44s8iyyKGs5JbmW7X/wSsMie1k6 etsCmOeWDZsianRoVOfZAARjsqeGmWQrUk8kn0vpafuKGhZAGNgrgBL5p7Eo9+Jgpdww=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI: add github workflow to run Coverity scans Message-Id: Date: Sat, 19 Feb 2022 15:00:22 +0000 commit f05a7fa20808b8ffae7348612ca80d795e348ea0 Author: Roger Pau Monne AuthorDate: Fri Feb 18 13:00:41 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI: add github workflow to run Coverity scans Add a workflow that performs a build like it's done by osstest Coverity flight and uploads the result to Coverity for analysis. The build process is exactly the same as the one currently used in osstest, and it's also run at the same time (bi-weekly). This has one big benefit over using osstest: we no longer have to care about keeping the Coverity tools up to date in osstest. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .github/workflows/coverity.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000000..8f7ef4d718 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,41 @@ +name: Coverity Scan + +# We only want to test official release code, not every pull request. +on: + schedule: + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC + +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - name: Install build dependencies + run: | + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ + ocaml-findlib xz-utils libyajl-dev libpixman-1-dev \ + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ + libtool libfuse-dev liblzma-dev ninja-build \ + kpartx python3-dev golang python-dev libsystemd-dev + + - uses: actions/checkout@v2 + with: + ref: staging + + - name: Configure Xen + run: | + ./configure + + - name: Pre build stuff + run: | + make -C tools/firmware/etherboot all && make mini-os-dir + + - uses: vapier/coverity-scan-action@v1 + with: + command: make xen tools && make -C extras/mini-os/ + project: XenProject + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + token: ${{ secrets.COVERITY_SCAN_TOKEN }} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 19 15:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Feb 2022 15:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.275772.471793 (Exim 4.92) (envelope-from ) id 1nLRDt-00025z-GA; Sat, 19 Feb 2022 15:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275772.471793; Sat, 19 Feb 2022 15:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDt-00025m-Ct; Sat, 19 Feb 2022 15:00:33 +0000 Received: by outflank-mailman (input) for mailman id 275772; Sat, 19 Feb 2022 15:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDs-00025V-Fm for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nLRDs-0001I4-F6 for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nLRDs-0002eE-EA for xen-changelog@lists.xenproject.org; Sat, 19 Feb 2022 15:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lWaDI6BrC53N2/OrTFvW3rTZ6Vv9R1rTYkes6zbNg+U=; b=kKF2Hjboe1gW1svQUTObzZzoYQ ca3kmxFaUnpbTHibA3dQe98Kw0uUn6jjN+Mc4EThrhCLYKsUY83tidGfGyKnyPmbR45Sqybh/Ebgp R+9HAvpbDu3aN3AkYqFCvlAK0m0ykHVP2lIdnS7uydC9/lt7Daeydh/KTQAqc+WyMQTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI/Coverity: Do not build QEMU, SeaBIOS or OVMF Message-Id: Date: Sat, 19 Feb 2022 15:00:32 +0000 commit 686f13cfce1d95464ff39fb59ac1f85163cea03b Author: Roger Pau Monne AuthorDate: Fri Feb 18 13:00:42 2022 +0100 Commit: Andrew Cooper CommitDate: Fri Feb 18 17:07:53 2022 +0000 CI/Coverity: Do not build QEMU, SeaBIOS or OVMF Such external projects should have their own Coverity runs, and there's not much point in also making them part of our scan (apart from greatly increasing the amount of code scanned). Trim the dependencies now that QEMU is not built. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .github/workflows/coverity.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 8f7ef4d718..9d04b56fd3 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -11,15 +11,13 @@ jobs: steps: - name: Install build dependencies run: | - sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ - iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ - make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ - libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ - libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ - ocaml-findlib xz-utils libyajl-dev libpixman-1-dev \ - libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ - libtool libfuse-dev liblzma-dev ninja-build \ - kpartx python3-dev golang python-dev libsystemd-dev + sudo apt-get install -y wget git gawk bridge-utils \ + iproute2 bzip2 build-essential \ + make gcc zlib1g-dev libncurses5-dev iasl \ + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml \ + ocaml-findlib xz-utils libyajl-dev \ + autoconf libtool liblzma-dev \ + python3-dev golang python-dev libsystemd-dev - uses: actions/checkout@v2 with: @@ -27,11 +25,13 @@ jobs: - name: Configure Xen run: | - ./configure + ./configure --with-system-qemu=/bin/true \ + --with-system-seabios=/bin/true \ + --with-system-ovmf=/bin/true - name: Pre build stuff run: | - make -C tools/firmware/etherboot all && make mini-os-dir + make mini-os-dir - uses: vapier/coverity-scan-action@v1 with: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276435.472592 (Exim 4.92) (envelope-from ) id 1nMFi6-00013s-Gn; Mon, 21 Feb 2022 20:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276435.472592; Mon, 21 Feb 2022 20:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFi6-00013k-DE; Mon, 21 Feb 2022 20:55:06 +0000 Received: by outflank-mailman (input) for mailman id 276435; Mon, 21 Feb 2022 20:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFi4-00013e-LC for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFi4-0006xI-Ir for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFi4-0002XB-Hc for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JKrDacZ4dHeOcV/88Poc1Ae95c5j9/M6pTzLnG/ay44=; b=S1GTvNGlFL+TUnXO+n717Yh5Py ddwiyJsaM9C4FbCpeGhqCRoJGp5UrMACHFF4fvLdVZVsnL6XawBOcG5FOCC4tinVpF3+pAtHuwNf7 HMEG54D0ZzUH42FEHo/fOXLWpmMJT3Kx07jzpkxF3qNB3N/bQs2M8dSPJgxjilK19zKc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tests/resource: Initialise gnttab before xenforeignmemory_map_resource() Message-Id: Date: Mon, 21 Feb 2022 20:55:04 +0000 commit 39bcecb9a8fe25d3a1e372187d6358f25ffb06bb Author: Andrew Cooper AuthorDate: Sat Feb 19 16:59:01 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 tests/resource: Initialise gnttab before xenforeignmemory_map_resource() It's the 'addr' input to mmap(), and currently consuming stack rubble. Coverity-ID: 1500115 Fixes: c7a7f14b9299 ("tests/resource: Extend to check that the grant frames are mapped correctly") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- tools/tests/resource/test-resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 0557f8a1b5..189353ebcb 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -24,7 +24,7 @@ static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { xenforeignmemory_resource_handle *res; - grant_entry_v1_t *gnttab; + grant_entry_v1_t *gnttab = NULL; size_t size; int rc; uint32_t refs[nr_frames], domids[nr_frames]; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276436.472596 (Exim 4.92) (envelope-from ) id 1nMFiG-00015j-Hi; Mon, 21 Feb 2022 20:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276436.472596; Mon, 21 Feb 2022 20:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiG-00015b-Ek; Mon, 21 Feb 2022 20:55:16 +0000 Received: by outflank-mailman (input) for mailman id 276436; Mon, 21 Feb 2022 20:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiE-00015P-Mr for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiE-0006yx-M1 for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFiE-0002Xv-L4 for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jx4UuJ/00Ole3p9idGa7CwZzk2MwjrbM/HNugIgHZMo=; b=HleuWLH8xeyd7fp/FP+ai+Sdob GsvhhG5H3fHwo7btG3im0XyN/1P89ThSmFIVvCkHToLSrV37RXCz0TgK74arFxsr8t9tlgni5RwDk k/g3wAMrwMele/UYhTM+q42CpiEHkAL2qqVQiCikKISFSnv8VRmQLott2U4/WbMCLQM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: Rename asprintf() to xasprintf() Message-Id: Date: Mon, 21 Feb 2022 20:55:14 +0000 commit 5de332588613ebe339f886488852972a5cc5c4cf Author: Andrew Cooper AuthorDate: Sat Feb 19 17:15:27 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 xen: Rename asprintf() to xasprintf() Coverity reports that there is a memory leak in ioreq_server_alloc_rangesets(). This would be true if Xen's implementation of asprintf() had glibc's return semantics, but it doesn't. Rename to xasprintf() to reduce confusion for Coverity and other developers. While at it, fix style issues. Rearrange ioreq_server_alloc_rangesets() to use a tabulated switch statement, and not to have a trailing space in the rangeset name for an unknown range type. Coverity-ID: 1472735 Coverity-ID: 1500265 Fixes: 780e918a2e54 ("add an implentation of asprintf() for xen") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/ioreq.c | 16 ++++++++++------ xen/common/vsprintf.c | 11 ++++++----- xen/include/xen/lib.h | 4 ++-- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c index 689d256544..5c94e74293 100644 --- a/xen/common/ioreq.c +++ b/xen/common/ioreq.c @@ -501,13 +501,17 @@ static int ioreq_server_alloc_rangesets(struct ioreq_server *s, for ( i = 0; i < NR_IO_RANGE_TYPES; i++ ) { - char *name; + char *name, *type; - rc = asprintf(&name, "ioreq_server %d %s", id, - (i == XEN_DMOP_IO_RANGE_PORT) ? "port" : - (i == XEN_DMOP_IO_RANGE_MEMORY) ? "memory" : - (i == XEN_DMOP_IO_RANGE_PCI) ? "pci" : - ""); + switch ( i ) + { + case XEN_DMOP_IO_RANGE_PORT: type = " port"; break; + case XEN_DMOP_IO_RANGE_MEMORY: type = " memory"; break; + case XEN_DMOP_IO_RANGE_PCI: type = " pci"; break; + default: type = ""; break; + } + + rc = xasprintf(&name, "ioreq_server %d%s", id, type); if ( rc ) goto fail; diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c index 185a4bd561..b278961cc3 100644 --- a/xen/common/vsprintf.c +++ b/xen/common/vsprintf.c @@ -859,7 +859,7 @@ int scnprintf(char * buf, size_t size, const char *fmt, ...) EXPORT_SYMBOL(scnprintf); /** - * vasprintf - Format a string and allocate a buffer to place it in + * xvasprintf - Format a string and allocate a buffer to place it in * * @bufp: Pointer to a pointer to receive the allocated buffer * @fmt: The format string to use @@ -870,7 +870,7 @@ EXPORT_SYMBOL(scnprintf); * guaranteed to be null terminated. The memory is allocated * from xenheap, so the buffer should be freed with xfree(). */ -int vasprintf(char **bufp, const char *fmt, va_list args) +int xvasprintf(char **bufp, const char *fmt, va_list args) { va_list args_copy; size_t size; @@ -891,7 +891,7 @@ int vasprintf(char **bufp, const char *fmt, va_list args) } /** - * asprintf - Format a string and place it in a buffer + * xasprintf - Format a string and place it in a buffer * @bufp: Pointer to a pointer to receive the allocated buffer * @fmt: The format string to use * @...: Arguments for the format string @@ -901,14 +901,15 @@ int vasprintf(char **bufp, const char *fmt, va_list args) * guaranteed to be null terminated. The memory is allocated * from xenheap, so the buffer should be freed with xfree(). */ -int asprintf(char **bufp, const char *fmt, ...) +int xasprintf(char **bufp, const char *fmt, ...) { va_list args; int i; va_start(args, fmt); - i=vasprintf(bufp,fmt,args); + i = xvasprintf(bufp, fmt, args); va_end(args); + return i; } diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index c6987973bf..aea60d2927 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -158,9 +158,9 @@ extern int scnprintf(char * buf, size_t size, const char * fmt, ...) __attribute__ ((format (printf, 3, 4))); extern int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))); -extern int asprintf(char ** bufp, const char * fmt, ...) +extern int xasprintf(char **bufp, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); -extern int vasprintf(char ** bufp, const char * fmt, va_list args) +extern int xvasprintf(char **bufp, const char *fmt, va_list args) __attribute__ ((format (printf, 2, 0))); long simple_strtol( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276437.472600 (Exim 4.92) (envelope-from ) id 1nMFiQ-00018N-JW; Mon, 21 Feb 2022 20:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276437.472600; Mon, 21 Feb 2022 20:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiQ-00018F-GJ; Mon, 21 Feb 2022 20:55:26 +0000 Received: by outflank-mailman (input) for mailman id 276437; Mon, 21 Feb 2022 20:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiO-00017x-Pb for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiO-0006zV-Oo for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFiO-0002Ya-O0 for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pr6ZgjIppvHzlUsB2lAJiPOFcisxeNtsdSHa2S0GN/c=; b=j/bq+mo5RGKEmLinvCE4yKYZu1 B7IJJh2h5e3qShLkuKn3bfvNf5XQ4UnWEbWlIqb1qO7PnQ05+TzFfkZzPVglKzEUhdzROyndUSmpe E17uFwxc39gtK4bN1KwoWtWkAsDf7dsgWdUg4UnRSnMF9GBRR40MvMxOEIsMYNjL3Ygg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI: Coverity tweaks Message-Id: Date: Mon, 21 Feb 2022 20:55:24 +0000 commit 32c91e445d9fd3b079fa7fcccf900e866acbfe72 Author: Andrew Cooper AuthorDate: Sat Feb 19 16:28:08 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 CI: Coverity tweaks * Use workflow_dispatch to allow manual creation of the job. * Use parallel builds; the workers have two vCPUs. Also, use the build-* targets rather than the ones which expand to dist-*. * Shrink the dependency list further. build-essential covers make and gcc, while bridge-utils and iproute2 are runtime dependencies not build dependencies. Alter bzip2 to libbz2-dev. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- .github/workflows/coverity.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 9d04b56fd3..427fb86f94 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -2,6 +2,7 @@ name: Coverity Scan # We only want to test official release code, not every pull request. on: + workflow_dispatch: schedule: - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC @@ -11,11 +12,11 @@ jobs: steps: - name: Install build dependencies run: | - sudo apt-get install -y wget git gawk bridge-utils \ - iproute2 bzip2 build-essential \ - make gcc zlib1g-dev libncurses5-dev iasl \ - libbz2-dev e2fslibs-dev git-core uuid-dev ocaml \ - ocaml-findlib xz-utils libyajl-dev \ + sudo apt-get install -y wget git gawk \ + libbz2-dev build-essential \ + zlib1g-dev libncurses5-dev iasl \ + libbz2-dev e2fslibs-dev uuid-dev ocaml \ + ocaml-findlib libyajl-dev \ autoconf libtool liblzma-dev \ python3-dev golang python-dev libsystemd-dev @@ -31,11 +32,11 @@ jobs: - name: Pre build stuff run: | - make mini-os-dir + make -j`nproc` mini-os-dir - uses: vapier/coverity-scan-action@v1 with: - command: make xen tools && make -C extras/mini-os/ + command: make -j`nproc` build-xen build-tools && make -j`nproc` -C extras/mini-os/ project: XenProject email: ${{ secrets.COVERITY_SCAN_EMAIL }} token: ${{ secrets.COVERITY_SCAN_TOKEN }} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276438.472604 (Exim 4.92) (envelope-from ) id 1nMFia-0001Br-L6; Mon, 21 Feb 2022 20:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276438.472604; Mon, 21 Feb 2022 20:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFia-0001Bg-Hw; Mon, 21 Feb 2022 20:55:36 +0000 Received: by outflank-mailman (input) for mailman id 276438; Mon, 21 Feb 2022 20:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiY-0001BP-St for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiY-0006zj-S4 for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFiY-0002Z7-Qz for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eEvis9rlV1qg2Fqu/V2v4FeuplMg9HZNNJhLP5CLjXw=; b=SM9gb0QeuaGxCCKIrcH3Z9IzW1 3uBoJLiFyjYfgGDEX0nvHErMeg0QhQmEssA9toPOHQmHhu7APPa+kOKORJkZODVeQodgciCbxrhjh mshSHgBsmzLFoUNf6+b24WTJEInopsWf3IM0zIC4Eh92prROLnyvbIL/yhKQtfU1Fgr8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/retpoline: split retpoline compiler support into separate option Message-Id: Date: Mon, 21 Feb 2022 20:55:34 +0000 commit e245bc154300b5d0367b64e8b937c9d1da508ad3 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:14 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/retpoline: split retpoline compiler support into separate option Keep the previous option as a way to signal generic retpoline support regardless of the underlying compiler, while introducing a new CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler supports retpoline. No functional change intended. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 6 +++++- xen/arch/x86/arch.mk | 10 ++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index b4abfca46f..fe89fa7274 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -32,9 +32,13 @@ config ARCH_DEFCONFIG string default "arch/x86/configs/x86_64_defconfig" -config INDIRECT_THUNK +config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) +config INDIRECT_THUNK + def_bool y + depends on CC_HAS_INDIRECT_THUNK + config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index bfd5eaa35f..15d0cbe487 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -42,10 +42,12 @@ CFLAGS += -mno-red-zone -fpic # SSE setup for variadic function calls. CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) -# Compile with thunk-extern, indirect-branch-register if avaiable. -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifeq ($(CONFIG_INDIRECT_THUNK),y) +# Compile with gcc thunk-extern, indirect-branch-register if available. +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register +CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables +endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276439.472608 (Exim 4.92) (envelope-from ) id 1nMFik-0001Ev-MV; Mon, 21 Feb 2022 20:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276439.472608; Mon, 21 Feb 2022 20:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFik-0001En-JT; Mon, 21 Feb 2022 20:55:46 +0000 Received: by outflank-mailman (input) for mailman id 276439; Mon, 21 Feb 2022 20:55:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFii-0001EO-Vh for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFii-0006zv-Ut for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFii-0002Zi-U8 for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p+T1x/pEKK6qycWA6p4aqP2E4efKjfjA+kSXV40dJzE=; b=O8Ne/M2C0Ii42yTXajzKqBnQnN FPZYqLprZpvBiK6LJdROyT04OwiU1KV4P2bbcKmR9RR8MRGAq0Nf1tUvlLNUOTJxHVrWHKMn55wls VTqoV5vot78WfoHzF4FAqgW+gy3m0EhP9mrnwbRyACm9gMZm4LiuikahKoDuEE3xhep0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/clang: add retpoline support Message-Id: Date: Mon, 21 Feb 2022 20:55:44 +0000 commit 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:15 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/clang: add retpoline support Detect whether the compiler supports clang retpoline option and enable by default if available, just like it's done for gcc. Note clang already disables jump tables when retpoline is enabled, so there's no need to also pass the fno-jump-tables parameter. Also clang already passes the return address in a register always on amd64, so there's no need for any equivalent mindirect-branch-register parameter. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 3 ++- xen/arch/x86/arch.mk | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index fe89fa7274..1465874097 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -33,7 +33,8 @@ config ARCH_DEFCONFIG default "arch/x86/configs/x86_64_defconfig" config CC_HAS_INDIRECT_THUNK - def_bool $(cc-option,-mindirect-branch-register) + def_bool $(cc-option,-mindirect-branch-register) || \ + $(cc-option,-mretpoline-external-thunk) config INDIRECT_THUNK def_bool y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 15d0cbe487..edfc043dbb 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -47,6 +47,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables + +# Enable clang retpoline support if available. +CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 21 20:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Feb 2022 20:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276440.472612 (Exim 4.92) (envelope-from ) id 1nMFiu-0001I1-OJ; Mon, 21 Feb 2022 20:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276440.472612; Mon, 21 Feb 2022 20:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFiu-0001Hp-L0; Mon, 21 Feb 2022 20:55:56 +0000 Received: by outflank-mailman (input) for mailman id 276440; Mon, 21 Feb 2022 20:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFit-0001HY-2e for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMFit-000707-1p for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMFit-0002aI-0k for xen-changelog@lists.xenproject.org; Mon, 21 Feb 2022 20:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OHAeE069b+HGTEuM28mUx6FKyBSKOAAyXIfRfoNZumg=; b=C33RprsVJmTDDoX17hCTUGLkoL Whu/vyw7UdFDcpXqMoBSMoawXlD76rBYeyyJZtKOrug81Px+z6cpWKSDdawdeecrlWcKwzY1oMJNV syRJTp5vOa23mZkb0Li5D9GX5LnB2Vhea/vrVleYMIkYNXymWpLo8PA6zNAj9kpQrUw4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Kconfig: introduce option to select retpoline usage Message-Id: Date: Mon, 21 Feb 2022 20:55:55 +0000 commit 95d9ab46143685f169f636cfdd7997e2fc630e86 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:16 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/Kconfig: introduce option to select retpoline usage Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 4 ---- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 1465874097..41198b0f96 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,10 +36,6 @@ config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) -config INDIRECT_THUNK - def_bool y - depends on CC_HAS_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..6443943889 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_HAS_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276715.472968 (Exim 4.92) (envelope-from ) id 1nMTF5-00005I-4I; Tue, 22 Feb 2022 11:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276715.472968; Tue, 22 Feb 2022 11:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTF5-00005B-1W; Tue, 22 Feb 2022 11:22:03 +0000 Received: by outflank-mailman (input) for mailman id 276715; Tue, 22 Feb 2022 11:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTF4-0008VY-3K for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTF4-0002gg-2U for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTF4-0000Ie-1X for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ox/Kh512a+s3aROauxz6DkXEYq9dmox8aYfnI4CzBPM=; b=oY+og6oLrHPX2cy2u4KpItzXLy xHp13wl88+2aBkSzKsmpcbc+OCvNPz9+T5wxWQBSJ09LsZF/QQUjlKqKkmCvK+qg1Yk4FXuLM8Qpo 2xa/bv9z+60rgbVWCcx6iZVUJoDzoTdNdJTt2Lyb1eC8L/99cit2WbbY6c1dPkm0qUbo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tests/resource: Initialise gnttab before xenforeignmemory_map_resource() Message-Id: Date: Tue, 22 Feb 2022 11:22:02 +0000 commit 39bcecb9a8fe25d3a1e372187d6358f25ffb06bb Author: Andrew Cooper AuthorDate: Sat Feb 19 16:59:01 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 tests/resource: Initialise gnttab before xenforeignmemory_map_resource() It's the 'addr' input to mmap(), and currently consuming stack rubble. Coverity-ID: 1500115 Fixes: c7a7f14b9299 ("tests/resource: Extend to check that the grant frames are mapped correctly") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- tools/tests/resource/test-resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 0557f8a1b5..189353ebcb 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -24,7 +24,7 @@ static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { xenforeignmemory_resource_handle *res; - grant_entry_v1_t *gnttab; + grant_entry_v1_t *gnttab = NULL; size_t size; int rc; uint32_t refs[nr_frames], domids[nr_frames]; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276717.472972 (Exim 4.92) (envelope-from ) id 1nMTFF-00008m-7d; Tue, 22 Feb 2022 11:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276717.472972; Tue, 22 Feb 2022 11:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFF-00008e-4f; Tue, 22 Feb 2022 11:22:13 +0000 Received: by outflank-mailman (input) for mailman id 276717; Tue, 22 Feb 2022 11:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFE-00008C-6W for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFE-0002go-5j for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTFE-0000JP-4h for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SMeWn4zMdPl9yg1OWJqsojZp/1JDEDtELPkhVbwNb+4=; b=aScKq1X9gsUf/BciN1gE9XZS9o 9zv4fj7L7kPczTskHGAzYs+tVA+kXoO/ebspFdg/5GwTlx+RSrUO64dsA8vhLyPwtEfkf92M+aP/p RDn30BeahcFbTynZQ59vidlsG9SIZOYr0SGyQR1epkUqbfZogaUWuayN90dnuF2g88FE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: Rename asprintf() to xasprintf() Message-Id: Date: Tue, 22 Feb 2022 11:22:12 +0000 commit 5de332588613ebe339f886488852972a5cc5c4cf Author: Andrew Cooper AuthorDate: Sat Feb 19 17:15:27 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 xen: Rename asprintf() to xasprintf() Coverity reports that there is a memory leak in ioreq_server_alloc_rangesets(). This would be true if Xen's implementation of asprintf() had glibc's return semantics, but it doesn't. Rename to xasprintf() to reduce confusion for Coverity and other developers. While at it, fix style issues. Rearrange ioreq_server_alloc_rangesets() to use a tabulated switch statement, and not to have a trailing space in the rangeset name for an unknown range type. Coverity-ID: 1472735 Coverity-ID: 1500265 Fixes: 780e918a2e54 ("add an implentation of asprintf() for xen") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/ioreq.c | 16 ++++++++++------ xen/common/vsprintf.c | 11 ++++++----- xen/include/xen/lib.h | 4 ++-- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c index 689d256544..5c94e74293 100644 --- a/xen/common/ioreq.c +++ b/xen/common/ioreq.c @@ -501,13 +501,17 @@ static int ioreq_server_alloc_rangesets(struct ioreq_server *s, for ( i = 0; i < NR_IO_RANGE_TYPES; i++ ) { - char *name; + char *name, *type; - rc = asprintf(&name, "ioreq_server %d %s", id, - (i == XEN_DMOP_IO_RANGE_PORT) ? "port" : - (i == XEN_DMOP_IO_RANGE_MEMORY) ? "memory" : - (i == XEN_DMOP_IO_RANGE_PCI) ? "pci" : - ""); + switch ( i ) + { + case XEN_DMOP_IO_RANGE_PORT: type = " port"; break; + case XEN_DMOP_IO_RANGE_MEMORY: type = " memory"; break; + case XEN_DMOP_IO_RANGE_PCI: type = " pci"; break; + default: type = ""; break; + } + + rc = xasprintf(&name, "ioreq_server %d%s", id, type); if ( rc ) goto fail; diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c index 185a4bd561..b278961cc3 100644 --- a/xen/common/vsprintf.c +++ b/xen/common/vsprintf.c @@ -859,7 +859,7 @@ int scnprintf(char * buf, size_t size, const char *fmt, ...) EXPORT_SYMBOL(scnprintf); /** - * vasprintf - Format a string and allocate a buffer to place it in + * xvasprintf - Format a string and allocate a buffer to place it in * * @bufp: Pointer to a pointer to receive the allocated buffer * @fmt: The format string to use @@ -870,7 +870,7 @@ EXPORT_SYMBOL(scnprintf); * guaranteed to be null terminated. The memory is allocated * from xenheap, so the buffer should be freed with xfree(). */ -int vasprintf(char **bufp, const char *fmt, va_list args) +int xvasprintf(char **bufp, const char *fmt, va_list args) { va_list args_copy; size_t size; @@ -891,7 +891,7 @@ int vasprintf(char **bufp, const char *fmt, va_list args) } /** - * asprintf - Format a string and place it in a buffer + * xasprintf - Format a string and place it in a buffer * @bufp: Pointer to a pointer to receive the allocated buffer * @fmt: The format string to use * @...: Arguments for the format string @@ -901,14 +901,15 @@ int vasprintf(char **bufp, const char *fmt, va_list args) * guaranteed to be null terminated. The memory is allocated * from xenheap, so the buffer should be freed with xfree(). */ -int asprintf(char **bufp, const char *fmt, ...) +int xasprintf(char **bufp, const char *fmt, ...) { va_list args; int i; va_start(args, fmt); - i=vasprintf(bufp,fmt,args); + i = xvasprintf(bufp, fmt, args); va_end(args); + return i; } diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index c6987973bf..aea60d2927 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -158,9 +158,9 @@ extern int scnprintf(char * buf, size_t size, const char * fmt, ...) __attribute__ ((format (printf, 3, 4))); extern int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))); -extern int asprintf(char ** bufp, const char * fmt, ...) +extern int xasprintf(char **bufp, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); -extern int vasprintf(char ** bufp, const char * fmt, va_list args) +extern int xvasprintf(char **bufp, const char *fmt, va_list args) __attribute__ ((format (printf, 2, 0))); long simple_strtol( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276718.472976 (Exim 4.92) (envelope-from ) id 1nMTFP-0000Cd-99; Tue, 22 Feb 2022 11:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276718.472976; Tue, 22 Feb 2022 11:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFP-0000CV-66; Tue, 22 Feb 2022 11:22:23 +0000 Received: by outflank-mailman (input) for mailman id 276718; Tue, 22 Feb 2022 11:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFO-0000CB-9b for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFO-0002gz-8g for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTFO-0000K8-7m for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BSUCOrdrQiJF6Ybsqp3Sa7St/UEGW4JP/BvVqnfSO7A=; b=FeYazwd0Akyg7UmfIAPd8EBnO9 /ZnpvXqkICrYHvxBqH0A6GEc+WIiqTnif7fgzpKk8ctnABEbj/s5cYwUlIWowTPvUlq1hoBNWx3bz MRpGZqUjCXYYqDD2872Tu52bDJri5P9fooKLPyzsxinnygq/rWDo9mL+0PF82hQ/pWN0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI: Coverity tweaks Message-Id: Date: Tue, 22 Feb 2022 11:22:22 +0000 commit 32c91e445d9fd3b079fa7fcccf900e866acbfe72 Author: Andrew Cooper AuthorDate: Sat Feb 19 16:28:08 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 CI: Coverity tweaks * Use workflow_dispatch to allow manual creation of the job. * Use parallel builds; the workers have two vCPUs. Also, use the build-* targets rather than the ones which expand to dist-*. * Shrink the dependency list further. build-essential covers make and gcc, while bridge-utils and iproute2 are runtime dependencies not build dependencies. Alter bzip2 to libbz2-dev. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- .github/workflows/coverity.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 9d04b56fd3..427fb86f94 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -2,6 +2,7 @@ name: Coverity Scan # We only want to test official release code, not every pull request. on: + workflow_dispatch: schedule: - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC @@ -11,11 +12,11 @@ jobs: steps: - name: Install build dependencies run: | - sudo apt-get install -y wget git gawk bridge-utils \ - iproute2 bzip2 build-essential \ - make gcc zlib1g-dev libncurses5-dev iasl \ - libbz2-dev e2fslibs-dev git-core uuid-dev ocaml \ - ocaml-findlib xz-utils libyajl-dev \ + sudo apt-get install -y wget git gawk \ + libbz2-dev build-essential \ + zlib1g-dev libncurses5-dev iasl \ + libbz2-dev e2fslibs-dev uuid-dev ocaml \ + ocaml-findlib libyajl-dev \ autoconf libtool liblzma-dev \ python3-dev golang python-dev libsystemd-dev @@ -31,11 +32,11 @@ jobs: - name: Pre build stuff run: | - make mini-os-dir + make -j`nproc` mini-os-dir - uses: vapier/coverity-scan-action@v1 with: - command: make xen tools && make -C extras/mini-os/ + command: make -j`nproc` build-xen build-tools && make -j`nproc` -C extras/mini-os/ project: XenProject email: ${{ secrets.COVERITY_SCAN_EMAIL }} token: ${{ secrets.COVERITY_SCAN_TOKEN }} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276722.472980 (Exim 4.92) (envelope-from ) id 1nMTFZ-0000Gb-Bw; Tue, 22 Feb 2022 11:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276722.472980; Tue, 22 Feb 2022 11:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFZ-0000GT-8i; Tue, 22 Feb 2022 11:22:33 +0000 Received: by outflank-mailman (input) for mailman id 276722; Tue, 22 Feb 2022 11:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFY-0000GI-CW for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFY-0002hU-Bf for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTFY-0000L0-Ar for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ObzroyWSXbea5aP62TACm5D4uVVLglmuxlKgDheW9Xc=; b=r17RkUPL5FRVdq9gmrweHsX2EP kC4y3Q7sRFnqhmJd98gLuG1vzcz2J4TYq5wo0hw2FnjilR+5tyj1+F/LzYme8Fe0vvCjPP+XSLNkU To9Vh4SF06NTqsa1hRuU7ti33+TdclAJNtCjB9QwNLvBSXluqbB8/j04iBJKipLt/OKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/retpoline: split retpoline compiler support into separate option Message-Id: Date: Tue, 22 Feb 2022 11:22:32 +0000 commit e245bc154300b5d0367b64e8b937c9d1da508ad3 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:14 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/retpoline: split retpoline compiler support into separate option Keep the previous option as a way to signal generic retpoline support regardless of the underlying compiler, while introducing a new CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler supports retpoline. No functional change intended. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 6 +++++- xen/arch/x86/arch.mk | 10 ++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index b4abfca46f..fe89fa7274 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -32,9 +32,13 @@ config ARCH_DEFCONFIG string default "arch/x86/configs/x86_64_defconfig" -config INDIRECT_THUNK +config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) +config INDIRECT_THUNK + def_bool y + depends on CC_HAS_INDIRECT_THUNK + config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index bfd5eaa35f..15d0cbe487 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -42,10 +42,12 @@ CFLAGS += -mno-red-zone -fpic # SSE setup for variadic function calls. CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) -# Compile with thunk-extern, indirect-branch-register if avaiable. -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifeq ($(CONFIG_INDIRECT_THUNK),y) +# Compile with gcc thunk-extern, indirect-branch-register if available. +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register +CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables +endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276723.472984 (Exim 4.92) (envelope-from ) id 1nMTFj-0000KO-D4; Tue, 22 Feb 2022 11:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276723.472984; Tue, 22 Feb 2022 11:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFj-0000KC-AC; Tue, 22 Feb 2022 11:22:43 +0000 Received: by outflank-mailman (input) for mailman id 276723; Tue, 22 Feb 2022 11:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFi-0000K3-FJ for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFi-0002hu-Ec for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTFi-0000Lf-Di for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yfscJkeTaLfnTY+xPIFXEWuL/2q/sar2Y3a46ghTKNY=; b=gJoJ2H8hVmiI8N2jK8W5nWitls QCrtWC4kyJ63Bzy4ovEtB3zbIXaxzlNgholmDxdc5psY0jYVCyLtiHQGhVB6lGF/yQn7WZRMoUBln 3/Gz2TDPQVL0/GLXuz9biMDl5nWKTquLFKmTiQoyhesR1Z+n3cXKUvElq7wTJNgAH9xg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/clang: add retpoline support Message-Id: Date: Tue, 22 Feb 2022 11:22:42 +0000 commit 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:15 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/clang: add retpoline support Detect whether the compiler supports clang retpoline option and enable by default if available, just like it's done for gcc. Note clang already disables jump tables when retpoline is enabled, so there's no need to also pass the fno-jump-tables parameter. Also clang already passes the return address in a register always on amd64, so there's no need for any equivalent mindirect-branch-register parameter. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 3 ++- xen/arch/x86/arch.mk | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index fe89fa7274..1465874097 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -33,7 +33,8 @@ config ARCH_DEFCONFIG default "arch/x86/configs/x86_64_defconfig" config CC_HAS_INDIRECT_THUNK - def_bool $(cc-option,-mindirect-branch-register) + def_bool $(cc-option,-mindirect-branch-register) || \ + $(cc-option,-mretpoline-external-thunk) config INDIRECT_THUNK def_bool y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 15d0cbe487..edfc043dbb 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -47,6 +47,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables + +# Enable clang retpoline support if available. +CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif # If supported by the compiler, reduce stack alignment to 8 bytes. But allow -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 11:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 11:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276725.472988 (Exim 4.92) (envelope-from ) id 1nMTFt-0000NE-Ee; Tue, 22 Feb 2022 11:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276725.472988; Tue, 22 Feb 2022 11:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFt-0000N6-Bg; Tue, 22 Feb 2022 11:22:53 +0000 Received: by outflank-mailman (input) for mailman id 276725; Tue, 22 Feb 2022 11:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFs-0000N0-IP for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMTFs-0002iA-Hi for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMTFs-0000MW-Gk for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 11:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lfhCtaj/a69Txfd5GpQQxWYGQtL/dej6MUyn2vivxMs=; b=eq+DXAX37H0CldYI3CuRuw8jJe 30YVXSv0+e/lBWBbBTp8BRBtNt6zi9yrBaIrmNR0EC/cYmVZEvOfhJosJZH5gsb96hfy+my6Tvcoa VHwuFx61Lig4hevuSsZtRy5D1XBvrOWtVoccnWUkkA/GFdD2k/Z/iGYEmfeFw7qR+8X4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Kconfig: introduce option to select retpoline usage Message-Id: Date: Tue, 22 Feb 2022 11:22:52 +0000 commit 95d9ab46143685f169f636cfdd7997e2fc630e86 Author: Roger Pau Monne AuthorDate: Fri Feb 18 15:34:16 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Feb 21 18:17:56 2022 +0000 x86/Kconfig: introduce option to select retpoline usage Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/Kconfig | 4 ---- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 1465874097..41198b0f96 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,10 +36,6 @@ config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) -config INDIRECT_THUNK - def_bool y - depends on CC_HAS_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..6443943889 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_HAS_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Feb 22 14:33:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Feb 2022 14:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.276813.473113 (Exim 4.92) (envelope-from ) id 1nMWDx-00077G-Bv; Tue, 22 Feb 2022 14:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 276813.473113; Tue, 22 Feb 2022 14:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMWDx-000778-8q; Tue, 22 Feb 2022 14:33:05 +0000 Received: by outflank-mailman (input) for mailman id 276813; Tue, 22 Feb 2022 14:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMWDw-000772-7l for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 14:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMWDw-0006Fi-66 for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 14:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMWDw-00066U-4z for xen-changelog@lists.xenproject.org; Tue, 22 Feb 2022 14:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BwUsMkNPZq3+6ua5v6EMVpogopTDcO5CfpSHt/7jVpg=; b=sVIknebZheBkrNIZ1NfMTQ8wdk D9bWnZHeKdPgLSBhCjUjdmVGIDM5oYtqFialQU9o3WobD/Xn57/vdNSgQfC7hnB/7im1gTxRGrfZA ZZiWO4FM3/LN4sLWba1ooZ+vdoc2uzflGqB1eDfZcSk1aT2TpFPjD0wLFSRvysEbr8fI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] cirrus: update FreeBSD to 12.3 Message-Id: Date: Tue, 22 Feb 2022 14:33:04 +0000 commit 210f27e55abd2a57c01105992bc10bc4d7b8132d Author: Roger Pau Monne AuthorDate: Tue Feb 22 14:56:29 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 22 14:26:36 2022 +0000 cirrus: update FreeBSD to 12.3 Switch from using a FreeBSD 12.2 to a 12.3 image. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index b17f0b6369..4ae719136e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -16,7 +16,7 @@ freebsd_template: &FREEBSD_TEMPLATE task: name: 'FreeBSD 12' freebsd_instance: - image_family: freebsd-12-2 + image_family: freebsd-12-3 << : *FREEBSD_TEMPLATE task: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 05:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 05:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277198.473637 (Exim 4.92) (envelope-from ) id 1nMkcA-0004HY-AC; Wed, 23 Feb 2022 05:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277198.473637; Wed, 23 Feb 2022 05:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMkcA-0004HH-6r; Wed, 23 Feb 2022 05:55:02 +0000 Received: by outflank-mailman (input) for mailman id 277198; Wed, 23 Feb 2022 05:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMkc9-0004GL-Bb for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 05:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMkc9-0001AR-9J for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 05:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMkc9-0002tI-88 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 05:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XMXSMGeosPfY2cEF7i2cXAzpBq/B41ceWxJhw6LeoTU=; b=qlRnLl5gWYmMRgmd98XBZJxiCd kzDrQzO5yp4xlQ5Xxth3uUZ+NWs5zfb2IleHgY95bOk7Yd/aVIa5/kHdUCmNAMyC/J8PzP0BWRMsm jhtqW1o1WqYmZZ7ei2qV+xCAnOE3g7rDr0bwRBUsjcEaMGQS7gzrukvismfqvBfvR+R8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] cirrus: update FreeBSD to 12.3 Message-Id: Date: Wed, 23 Feb 2022 05:55:01 +0000 commit 210f27e55abd2a57c01105992bc10bc4d7b8132d Author: Roger Pau Monne AuthorDate: Tue Feb 22 14:56:29 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Feb 22 14:26:36 2022 +0000 cirrus: update FreeBSD to 12.3 Switch from using a FreeBSD 12.2 to a 12.3 image. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index b17f0b6369..4ae719136e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -16,7 +16,7 @@ freebsd_template: &FREEBSD_TEMPLATE task: name: 'FreeBSD 12' freebsd_instance: - image_family: freebsd-12-2 + image_family: freebsd-12-3 << : *FREEBSD_TEMPLATE task: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277576.474125 (Exim 4.92) (envelope-from ) id 1nMuEM-00038u-BE; Wed, 23 Feb 2022 16:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277576.474125; Wed, 23 Feb 2022 16:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEM-00038m-8F; Wed, 23 Feb 2022 16:11:06 +0000 Received: by outflank-mailman (input) for mailman id 277576; Wed, 23 Feb 2022 16:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEL-00038f-GT for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEL-00054z-ED for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuEL-0003Zz-DB for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SnQH9MiS2y9vLRCjLc2JAlCv8v5+oc7408G/fkVw58Q=; b=cf/vcD9eFm+SDJfvIUFrwNO6Yn +BYwdOVJ+vvDuCG0gFj0TE1klx+3c+eNUS8LQE+XYUiir7/308j1gscs6s35CPsFx6Vt4sfx2hmND R/Xtuhi8gJBKf+eeyGWRoZ51vYUVxPfKJv5DENMeCCWGHrqYfZ6Ef8E+PscnH7Xh5Zoc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/sort: Switch to an extern inline implementation Message-Id: Date: Wed, 23 Feb 2022 16:11:05 +0000 commit 8cb0341a61fa8e6e27e8715e4c2db379f38e90ab Author: Andrew Cooper AuthorDate: Sat Oct 30 22:13:55 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen/sort: Switch to an extern inline implementation There are exactly 3 callers of sort() in the hypervisor. Callbacks in a tight loop like this are problematic for performance, especially with Spectre v2 protections, which is why extern inline is used commonly by libraries. Both ARM callers pass in NULL for the swap function, and while this might seem like an attractive option at first, it causes generic_swap() to be used, which forced a byte-wise copy. Provide real swap functions so the compiler can optimise properly, which is very important for ARM downstreams where milliseconds until the system is up matters. This is also important for Control Flow Integrity schemes (e.g. x86 CET-IBT, ARM BTI), because tagged function(s) performing an arbitrary length swap of two arbitrary pointers is a very valuable gadget for an attacker. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/bootfdt.c | 9 +++++- xen/arch/arm/io.c | 9 +++++- xen/include/xen/sort.h | 55 +++++++++++++++++++++++++++++++++- xen/lib/sort.c | 80 ++------------------------------------------------ 4 files changed, 72 insertions(+), 81 deletions(-) diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index afaa0e249b..e318ef9603 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -448,6 +448,13 @@ static int __init cmp_memory_node(const void *key, const void *elem) return 0; } +static void __init swap_memory_node(void *_a, void *_b, size_t size) +{ + struct membank *a = _a, *b = _b; + + SWAP(*a, *b); +} + /** * boot_fdt_info - initialize bootinfo from a DTB * @fdt: flattened device tree binary @@ -472,7 +479,7 @@ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) * the banks sorted in ascending order. So sort them through. */ sort(bootinfo.mem.bank, bootinfo.mem.nr_banks, sizeof(struct membank), - cmp_memory_node, NULL); + cmp_memory_node, swap_memory_node); early_print_info(); diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 729287e37c..1a066f9ae5 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -80,6 +80,13 @@ static int cmp_mmio_handler(const void *key, const void *elem) return 0; } +static void swap_mmio_handler(void *_a, void *_b, size_t size) +{ + struct mmio_handler *a = _a, *b = _b; + + SWAP(*a, *b); +} + static const struct mmio_handler *find_mmio_handler(struct domain *d, paddr_t gpa) { @@ -170,7 +177,7 @@ void register_mmio_handler(struct domain *d, /* Sort mmio handlers in ascending order based on base address */ sort(vmmio->handlers, vmmio->num_entries, sizeof(struct mmio_handler), - cmp_mmio_handler, NULL); + cmp_mmio_handler, swap_mmio_handler); write_unlock(&vmmio->lock); } diff --git a/xen/include/xen/sort.h b/xen/include/xen/sort.h index a403652948..2f52ff85b9 100644 --- a/xen/include/xen/sort.h +++ b/xen/include/xen/sort.h @@ -3,8 +3,61 @@ #include +/* + * sort - sort an array of elements + * @base: pointer to data to sort + * @num: number of elements + * @size: size of each element + * @cmp: pointer to comparison function + * @swap: pointer to swap function + * + * This function does a heapsort on the given array. You may provide a + * swap function optimized to your element type. + * + * Sorting time is O(n log n) both on average and worst-case. While + * qsort is about 20% faster on average, it suffers from exploitable + * O(n*n) worst-case behavior and extra memory requirements that make + * it less suitable for kernel use. + */ +#ifndef SORT_IMPLEMENTATION +extern gnu_inline +#endif void sort(void *base, size_t num, size_t size, int (*cmp)(const void *, const void *), - void (*swap)(void *, void *, size_t)); + void (*swap)(void *, void *, size_t)) +{ + /* pre-scale counters for performance */ + size_t i = (num / 2) * size, n = num * size, c, r; + + /* heapify */ + while ( i > 0 ) + { + for ( r = i -= size; r * 2 + size < n; r = c ) + { + c = r * 2 + size; + if ( (c < n - size) && (cmp(base + c, base + c + size) < 0) ) + c += size; + if ( cmp(base + r, base + c) >= 0 ) + break; + swap(base + r, base + c, size); + } + } + + /* sort */ + for ( i = n; i > 0; ) + { + i -= size; + swap(base, base + i, size); + for ( r = 0; r * 2 + size < i; r = c ) + { + c = r * 2 + size; + if ( (c < i - size) && (cmp(base + c, base + c + size) < 0) ) + c += size; + if ( cmp(base + r, base + c) >= 0 ) + break; + swap(base + r, base + c, size); + } + } +} #endif /* __XEN_SORT_H__ */ diff --git a/xen/lib/sort.c b/xen/lib/sort.c index 35ce0d7abd..b7e78cc0e8 100644 --- a/xen/lib/sort.c +++ b/xen/lib/sort.c @@ -4,81 +4,5 @@ * Jan 23 2005 Matt Mackall */ -#include - -static void u32_swap(void *a, void *b, size_t size) -{ - uint32_t t = *(uint32_t *)a; - - *(uint32_t *)a = *(uint32_t *)b; - *(uint32_t *)b = t; -} - -static void generic_swap(void *a, void *b, size_t size) -{ - char t; - - do { - t = *(char *)a; - *(char *)a++ = *(char *)b; - *(char *)b++ = t; - } while ( --size > 0 ); -} - -/* - * sort - sort an array of elements - * @base: pointer to data to sort - * @num: number of elements - * @size: size of each element - * @cmp: pointer to comparison function - * @swap: pointer to swap function or NULL - * - * This function does a heapsort on the given array. You may provide a - * swap function optimized to your element type. - * - * Sorting time is O(n log n) both on average and worst-case. While - * qsort is about 20% faster on average, it suffers from exploitable - * O(n*n) worst-case behavior and extra memory requirements that make - * it less suitable for kernel use. - */ - -void sort(void *base, size_t num, size_t size, - int (*cmp)(const void *, const void *), - void (*swap)(void *, void *, size_t size)) -{ - /* pre-scale counters for performance */ - size_t i = (num / 2) * size, n = num * size, c, r; - - if ( !swap ) - swap = (size == 4 ? u32_swap : generic_swap); - - /* heapify */ - while ( i > 0 ) - { - for ( r = i -= size; r * 2 + size < n; r = c ) - { - c = r * 2 + size; - if ( (c < n - size) && (cmp(base + c, base + c + size) < 0) ) - c += size; - if ( cmp(base + r, base + c) >= 0 ) - break; - swap(base + r, base + c, size); - } - } - - /* sort */ - for ( i = n; i > 0; ) - { - i -= size; - swap(base, base + i, size); - for ( r = 0; r * 2 + size < i; r = c ) - { - c = r * 2 + size; - if ( (c < i - size) && (cmp(base + c, base + c + size) < 0) ) - c += size; - if ( cmp(base + r, base + c) >= 0 ) - break; - swap(base + r, base + c, size); - } - } -} +#define SORT_IMPLEMENTATION +#include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277577.474129 (Exim 4.92) (envelope-from ) id 1nMuEW-0003Ak-Cd; Wed, 23 Feb 2022 16:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277577.474129; Wed, 23 Feb 2022 16:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEW-0003Ac-9j; Wed, 23 Feb 2022 16:11:16 +0000 Received: by outflank-mailman (input) for mailman id 277577; Wed, 23 Feb 2022 16:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEV-0003AU-JX for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEV-000556-Io for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuEV-0003ar-Hi for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IqOolM5EGI0UARNCVxSA4cm6lqJM8SrH2MS7BY8rl2E=; b=V7fdOFmQoVUdfbM63DgQ77dxNH 9RqF/J1fng1NcvHoxA/EimU0nSI9MTsq9nk8jtXDxJggTQUw9dSDOzpdESRQpoLYPgJy4lJFX9Kg6 l+BsqazgpZRy4UjUF62dYjVvZbDTFNbubvYQO15f09v0XMpV1CfSJSzA1EcK6F46JLJo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/xsm: Move {do,compat}_flask_op() declarations into a header Message-Id: Date: Wed, 23 Feb 2022 16:11:15 +0000 commit 44d6b0758469cafff12be16d75b51f6d9217d22c Author: Andrew Cooper AuthorDate: Fri Oct 29 23:05:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen/xsm: Move {do,compat}_flask_op() declarations into a header Declaring sideways like this is unsafe, because the compiler can't check that the implementation in flask_op.c still has the same type. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/xsm/flask/flask_op.c | 1 + xen/xsm/flask/hooks.c | 4 +--- xen/xsm/flask/private.h | 9 +++++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 221ff00fd3..bb3bebc30e 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -21,6 +21,7 @@ #include #include #include +#include "private.h" #define ret_t long #define _copy_to_guest copy_to_guest diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 3b29f7fde3..6ff1be28e4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -36,6 +36,7 @@ #include #include #include +#include "private.h" static u32 domain_sid(const struct domain *dom) { @@ -1742,9 +1743,6 @@ static int flask_argo_send(const struct domain *d, const struct domain *t) #endif -long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); - static const struct xsm_ops __initconstrel flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h new file mode 100644 index 0000000000..73b0de8724 --- /dev/null +++ b/xen/xsm/flask/private.h @@ -0,0 +1,9 @@ +#ifndef XSM_FLASK_PRIVATE +#define XSM_FLASK_PRIVATE + +#include + +long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); + +#endif /* XSM_FLASK_PRIVATE */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277578.474133 (Exim 4.92) (envelope-from ) id 1nMuEg-0003Dv-EL; Wed, 23 Feb 2022 16:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277578.474133; Wed, 23 Feb 2022 16:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEg-0003Dn-BG; Wed, 23 Feb 2022 16:11:26 +0000 Received: by outflank-mailman (input) for mailman id 277578; Wed, 23 Feb 2022 16:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEf-0003De-Nb for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEf-00055L-Mj for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuEf-0003bM-Ln for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mkwBEjC/WIpnm0Q3Ur4Q5yMsjifxrUQVpQAzxhfGwgc=; b=RN6UOqOltVwSqvaqQzCjELJtGe jIHUHkMLBR5cUqaEi/0136/QWtJhW4wseatVKM2LApzuimttHPBeiKpkA5jn+bSB96Ewwv59U0nD+ xI2ywu5wOGtDsjgZ1zsi5J5sGlD+EZja2HFqDCDZVqG+Q2vPtEXdgq8vfSTt4e9B8u4s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pv-shim: Don't modify the hypercall table Message-Id: Date: Wed, 23 Feb 2022 16:11:25 +0000 commit e7db635f4428cabbb72ba33a6ec6e1465f2169cb Author: Juergen Gross AuthorDate: Mon Nov 1 16:20:09 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86/pv-shim: Don't modify the hypercall table When running as pv-shim the hypercall is modified today in order to replace the functions for __HYPERVISOR_event_channel_op and __HYPERVISOR_grant_table_op hypercalls. Change this to call the related functions from the normal handlers instead when running as shim. The performance implications are not really relevant, as a normal production hypervisor will not be configured to support shim mode, so the related calls will be dropped due to optimisation of the compiler. Note that for the CONFIG_PV_SHIM_EXCLUSIVE case there is a dummy wrapper do_grant_table_op() needed, as in this case grant_table.c isn't being built. Signed-off-by: Juergen Gross Split out of series. To compile in isolation, the compat_platform_op() prototype needs correcting, and header files need rearranging to avoid the compat_platform_op_t/multicall_entry_compat_t guest handles being declared multiple times. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hypercall.h | 4 ++- xen/arch/x86/include/asm/pv/shim.h | 3 ++ xen/arch/x86/pv/hypercall.c | 2 +- xen/arch/x86/pv/shim.c | 54 ++++++++++++++++---------------- xen/arch/x86/x86_64/platform_hypercall.c | 2 +- xen/common/compat/multicall.c | 3 +- xen/common/event_channel.c | 9 ++++++ xen/common/grant_table.c | 9 ++++++ 8 files changed, 54 insertions(+), 32 deletions(-) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 5d394d4923..f004824f16 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -145,6 +145,7 @@ do_set_segment_base( #include #include +#include extern int compat_physdev_op( @@ -161,8 +162,9 @@ extern int compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); +DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); extern int compat_platform_op( - XEN_GUEST_HANDLE_PARAM(void) u_xenpf_op); + XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); extern long compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); diff --git a/xen/arch/x86/include/asm/pv/shim.h b/xen/arch/x86/include/asm/pv/shim.h index 8a91f4f9df..6415f8068e 100644 --- a/xen/arch/x86/include/asm/pv/shim.h +++ b/xen/arch/x86/include/asm/pv/shim.h @@ -19,6 +19,7 @@ #ifndef __X86_PV_SHIM_H__ #define __X86_PV_SHIM_H__ +#include #include #if defined(CONFIG_PV_SHIM_EXCLUSIVE) @@ -45,6 +46,8 @@ domid_t get_initial_domain_id(void); uint64_t pv_shim_mem(uint64_t avail); void pv_shim_fixup_e820(struct e820map *e820); const struct platform_bad_page *pv_shim_reserved_pages(unsigned int *size); +typeof(do_event_channel_op) pv_shim_event_channel_op; +typeof(do_grant_table_op) pv_shim_grant_table_op; #else diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index ecdd58deea..50cd219c18 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -64,7 +64,7 @@ const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(xen_version), HYPERCALL(console_io), COMPAT_CALL(physdev_op_compat), -#ifdef CONFIG_GRANT_TABLE +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) COMPAT_CALL(grant_table_op), #endif HYPERCALL(vm_assist), diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index d9704121a7..7e891fe2f7 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -56,11 +56,6 @@ static DEFINE_SPINLOCK(balloon_lock); static struct platform_bad_page __initdata reserved_pages[2]; -static long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -static long pv_shim_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - /* * By default give the shim 1MB of free memory slack. Some users may wish to * tune this constants for better memory utilization. This can be achieved @@ -203,7 +198,6 @@ void __init pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, start_info_t *si) { bool compat = is_pv_32bit_domain(d); - pv_hypercall_table_t *rw_pv_hypercall_table; uint64_t param = 0; long rc; @@ -249,23 +243,6 @@ void __init pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, consoled_set_ring_addr(page); } - /* - * Locate pv_hypercall_table[] (usually .rodata) in the directmap (which - * is writeable) and insert some shim-specific hypercall handlers. - */ - rw_pv_hypercall_table = __va(__pa(pv_hypercall_table)); - rw_pv_hypercall_table[__HYPERVISOR_event_channel_op].native = - (hypercall_fn_t *)pv_shim_event_channel_op; - rw_pv_hypercall_table[__HYPERVISOR_grant_table_op].native = - (hypercall_fn_t *)pv_shim_grant_table_op; - -#ifdef CONFIG_PV32 - rw_pv_hypercall_table[__HYPERVISOR_event_channel_op].compat = - (hypercall_fn_t *)pv_shim_event_channel_op; - rw_pv_hypercall_table[__HYPERVISOR_grant_table_op].compat = - (hypercall_fn_t *)pv_shim_grant_table_op; -#endif - guest = d; /* @@ -435,7 +412,7 @@ int pv_shim_shutdown(uint8_t reason) return 0; } -static long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct evtchn_close close; @@ -683,9 +660,9 @@ void pv_shim_inject_evtchn(unsigned int port) # define compat_handle_okay guest_handle_okay #endif -static long pv_shim_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +long pv_shim_grant_table_op(unsigned int cmd, + XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) { struct domain *d = current->domain; long rc = 0; @@ -845,6 +822,29 @@ static long pv_shim_grant_table_op(unsigned int cmd, return rc; } +#ifndef CONFIG_GRANT_TABLE +/* Thin wrapper(s) needed. */ +long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) +{ + if ( !pv_shim ) + return -ENOSYS; + + return pv_shim_grant_table_op(cmd, uop, count); +} + +#ifdef CONFIG_PV32 +int compat_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) +{ + if ( !pv_shim ) + return -ENOSYS; + + return pv_shim_grant_table_op(cmd, uop, count); +} +#endif +#endif + long pv_shim_cpu_up(void *data) { struct vcpu *v = data; diff --git a/xen/arch/x86/x86_64/platform_hypercall.c b/xen/arch/x86/x86_64/platform_hypercall.c index fbba893a47..966fd27b5f 100644 --- a/xen/arch/x86/x86_64/platform_hypercall.c +++ b/xen/arch/x86/x86_64/platform_hypercall.c @@ -6,8 +6,8 @@ EMIT_FILE; #include #include +#include -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); #define xen_platform_op compat_platform_op #define xen_platform_op_t compat_platform_op_t #define do_platform_op(x) compat_platform_op(_##x) diff --git a/xen/common/compat/multicall.c b/xen/common/compat/multicall.c index a0e9918f48..b17739d218 100644 --- a/xen/common/compat/multicall.c +++ b/xen/common/compat/multicall.c @@ -5,7 +5,7 @@ EMIT_FILE; #include -#include +#include #include #define COMPAT @@ -19,7 +19,6 @@ static inline void xlat_multicall_entry(struct mc_state *mcs) mcs->compat_call.args[i] = mcs->call.args[i]; } -DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); #define multicall_entry compat_multicall_entry #define multicall_entry_t multicall_entry_compat_t #define do_multicall_call compat_multicall_call diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index da88ad141a..c9912122d1 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -31,6 +31,10 @@ #include #include +#ifdef CONFIG_PV_SHIM +#include +#endif + #define ERROR_EXIT(_errno) \ do { \ gdprintk(XENLOG_WARNING, \ @@ -1189,6 +1193,11 @@ long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; +#ifdef CONFIG_PV_SHIM + if ( unlikely(pv_shim) ) + return pv_shim_event_channel_op(cmd, arg); +#endif + switch ( cmd ) { case EVTCHNOP_alloc_unbound: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3d92fee592..925ed7d6be 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -44,6 +44,10 @@ #include #include +#ifdef CONFIG_PV_SHIM +#include +#endif + /* Per-domain grant information. */ struct grant_table { /* @@ -3561,6 +3565,11 @@ do_grant_table_op( long rc; unsigned int opaque_in = cmd & GNTTABOP_ARG_MASK, opaque_out = 0; +#ifdef CONFIG_PV_SHIM + if ( unlikely(pv_shim) ) + return pv_shim_grant_table_op(cmd, uop, count); +#endif + if ( (int)count < 0 ) return -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277579.474137 (Exim 4.92) (envelope-from ) id 1nMuEr-0003HN-GW; Wed, 23 Feb 2022 16:11:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277579.474137; Wed, 23 Feb 2022 16:11:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEr-0003HD-Cv; Wed, 23 Feb 2022 16:11:37 +0000 Received: by outflank-mailman (input) for mailman id 277579; Wed, 23 Feb 2022 16:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEp-0003Gx-Qj for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEp-00055V-Pz for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuEp-0003c9-P2 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8S/0ibJkPPt5O8dPazvEsyN81szF3vuZGRXR+ueJp+k=; b=vDKo79sA8DFmcZ6PB8zC976Ejl L70JP0nhNzRj2dg5DPkpr8ZACdgDIfaDIqgB9GmH9xjBh6Nmv6RIRwRrfupHceDTtbUkg9XZDN2E2 f6jwdkVsZXIpjn30ftyybMuskgiPkh9ctQvk0syQ0uszFz+klS6ZbvgS81PgumkA1GV8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Don't use the hypercall table for calling compat hypercalls Message-Id: Date: Wed, 23 Feb 2022 16:11:35 +0000 commit 69a85336f62d5ec472a4b91d35a9549d5b2b8546 Author: Juergen Gross AuthorDate: Mon Nov 1 16:20:10 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86: Don't use the hypercall table for calling compat hypercalls Today the *_op_compat hypercalls call the modern handler functions by using the entries from the hypercall table. This is resulting in a not needed indirect function call which can be avoided by using the correct handler function directly. This is basically a revert of commit 1252e282311734 ("x86/pv: Export pv_hypercall_table[] rather than working around it in several ways"), which reasoning no longer applies, as shim no longer modifies the hypercall table. The hypercall table can now be made static as there is no external reference to it any longer. Commit 834cb8761051f7 ("x86/PV32: fix physdev_op_compat handling") can be reverted, too, as using the direct call of the correct handler is already handled fine without that patch. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/compat.c | 14 ++++---------- xen/arch/x86/include/asm/hypercall.h | 8 -------- xen/arch/x86/pv/hypercall.c | 9 ++++++++- xen/arch/x86/x86_64/compat.c | 1 - 4 files changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 58b202f701..939b449dec 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -17,14 +17,12 @@ typedef long ret_t; /* Legacy hypercall (as of 0x00030202). */ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { - typeof(do_physdev_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_physdev_op].native; struct physdev_op op; if ( unlikely(copy_from_guest(&op, uop, 1) != 0) ) return -EFAULT; - return fn(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); + return do_physdev_op(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); } #ifndef COMPAT @@ -32,14 +30,11 @@ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) /* Legacy hypercall (as of 0x00030101). */ long do_sched_op_compat(int cmd, unsigned long arg) { - typeof(do_sched_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_sched_op].native; - switch ( cmd ) { case SCHEDOP_yield: case SCHEDOP_block: - return fn(cmd, guest_handle_from_ptr(NULL, void)); + return do_sched_op(cmd, guest_handle_from_ptr(NULL, void)); case SCHEDOP_shutdown: TRACE_3D(TRC_SCHED_SHUTDOWN, @@ -57,8 +52,6 @@ long do_sched_op_compat(int cmd, unsigned long arg) /* Legacy hypercall (as of 0x00030202). */ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { - typeof(do_event_channel_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_event_channel_op].native; struct evtchn_op op; if ( unlikely(copy_from_guest(&op, uop, 1) != 0) ) @@ -76,7 +69,8 @@ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) case EVTCHNOP_bind_ipi: case EVTCHNOP_bind_vcpu: case EVTCHNOP_unmask: - return fn(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); + return do_event_channel_op(op.cmd, + guest_handle_from_ptr(&uop.p->u, void)); default: return -ENOSYS; diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index f004824f16..eb3aed3bf7 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -15,13 +15,6 @@ typedef unsigned long hypercall_fn_t( unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); -typedef struct { - hypercall_fn_t *native; -#ifdef CONFIG_PV32 - hypercall_fn_t *compat; -#endif -} pv_hypercall_table_t; - typedef struct { uint8_t native; #ifdef CONFIG_COMPAT @@ -32,7 +25,6 @@ typedef struct { extern const hypercall_args_t hypercall_args_table[NR_hypercalls]; #ifdef CONFIG_PV -extern const pv_hypercall_table_t pv_hypercall_table[]; void pv_hypercall(struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 50cd219c18..e8fbee7bbb 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -27,6 +27,13 @@ #include #include +typedef struct { + hypercall_fn_t *native; +#ifdef CONFIG_PV32 + hypercall_fn_t *compat; +#endif +} pv_hypercall_table_t; + #ifdef CONFIG_PV32 #define HYPERCALL(x) \ [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ @@ -42,7 +49,7 @@ #define do_arch_1 paging_domctl_continuation -const pv_hypercall_table_t pv_hypercall_table[] = { +static const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(set_trap_table), HYPERCALL(mmu_update), COMPAT_CALL(set_gdt), diff --git a/xen/arch/x86/x86_64/compat.c b/xen/arch/x86/x86_64/compat.c index fcbc1cc0d7..0e4c71f2aa 100644 --- a/xen/arch/x86/x86_64/compat.c +++ b/xen/arch/x86/x86_64/compat.c @@ -12,7 +12,6 @@ EMIT_FILE; #define physdev_op_t physdev_op_compat_t #define do_physdev_op compat_physdev_op #define do_physdev_op_compat(x) compat_physdev_op_compat(_##x) -#define native compat #define COMPAT #define _XEN_GUEST_HANDLE(t) XEN_GUEST_HANDLE(t) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277580.474141 (Exim 4.92) (envelope-from ) id 1nMuF1-0003Kn-JM; Wed, 23 Feb 2022 16:11:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277580.474141; Wed, 23 Feb 2022 16:11:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuF1-0003Kb-G4; Wed, 23 Feb 2022 16:11:47 +0000 Received: by outflank-mailman (input) for mailman id 277580; Wed, 23 Feb 2022 16:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEz-0003KM-Tf for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuEz-00055l-T3 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuEz-0003cq-SG for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tbtJPqbvP9E/gJIlzlrexhGHh/zwwovYDERrOgdCMM4=; b=18JE/9s0md3YY7YLkVCSntzpFR QHxbnqZYfzK4e6z+n27RbS5GDtJEpJiubTOweEwoXHNgLwv+Fsy1oQ3a8Lk9OrTrrbrSmZtt2hSuC KUbZ4IATfB4Q2kvbWfGHUvSkF/SR1AeT10EBAoSaMs7IO2f8nXYk0bYi4ZUD0HyvJhDw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/kexec: Annotate embedded data with ELF metadata Message-Id: Date: Wed, 23 Feb 2022 16:11:45 +0000 commit 7764fd93cf24d59b98fd1ee1c3f03a1fda83633a Author: Andrew Cooper AuthorDate: Wed Feb 16 18:24:43 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86/kexec: Annotate embedded data with ELF metadata Scanning for embedded endbranch instructions involves parsing the .text disassembly. Data in the kexec trampoline has no ELF metadata, so objdump treats it as instructions and tries to disassemble. Convert: ffff82d040396108 : ffff82d040396108: 00 00 add %al,(%rax) ffff82d04039610a: 00 00 add %al,(%rax) ffff82d04039610c: 10 00 adc %al,(%rax) ffff82d04039610e : ffff82d04039610e: 17 (bad) ... ffff82d040396118 : ... ffff82d040396120: ff (bad) ffff82d040396121: ff 00 incl (%rax) ffff82d040396123: 00 00 add %al,(%rax) ffff82d040396125: 93 xchg %eax,%ebx ffff82d040396126: cf iret ffff82d040396127: 00 ff add %bh,%bh ffff82d040396129: ff 00 incl (%rax) ffff82d04039612b: 00 00 add %al,(%rax) ffff82d04039612d: 9b fwait ffff82d04039612e: cf iret ... ffff82d040396130 : ... ffff82d0403961b6 : ffff82d0403961b6: b6 01 mov $0x1,%dh ... to: ffff82d040396108 : ffff82d040396108: 00 00 00 00 10 00 ...... ffff82d04039610e : ffff82d04039610e: 17 00 00 00 00 00 00 00 00 00 .......... ffff82d040396118 : ... ffff82d040396120: ff ff 00 00 00 93 cf 00 ff ff 00 00 00 9b cf 00 ................ ffff82d040396130 : ffff82d040396130: 00 00 00 00 00 00 ...... ffff82d040396136 : ... Most data just gains type and size metadata. The reloc_stack label is the wrong end of the data block to have a size, so move it to the lowest address and introduce .Lreloc_stack_base as a replacement. Also, fix the fact that it is misaligned by 2 bytes. While kexec_reloc_size could gain metadata, it's use in the linker assertion (while correct) is deeply confusing to follow. Drop it entirely, using a linker symbol instead to denote the end of the trampoline. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/machine_kexec.h | 2 +- xen/arch/x86/machine_kexec.c | 2 +- xen/arch/x86/x86_64/kexec_reloc.S | 23 ++++++++++++++++++----- xen/arch/x86/xen.lds.S | 3 ++- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/include/asm/machine_kexec.h b/xen/arch/x86/include/asm/machine_kexec.h index ba0d469d07..d4880818c1 100644 --- a/xen/arch/x86/include/asm/machine_kexec.h +++ b/xen/arch/x86/include/asm/machine_kexec.h @@ -9,7 +9,7 @@ extern void kexec_reloc(unsigned long reloc_code, unsigned long reloc_pt, unsigned long ind_maddr, unsigned long entry_maddr, unsigned long flags); -extern unsigned int kexec_reloc_size; +extern const char kexec_reloc_end[]; #endif diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..751a9efcaf 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -117,7 +117,7 @@ int machine_kexec_load(struct kexec_image *image) } code_page = __map_domain_page(image->control_code_page); - memcpy(code_page, kexec_reloc, kexec_reloc_size); + memcpy(code_page, kexec_reloc, kexec_reloc_end - (char *)kexec_reloc); unmap_domain_page(code_page); /* diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_reloc.S index d488d127cf..89316bc3a7 100644 --- a/xen/arch/x86/x86_64/kexec_reloc.S +++ b/xen/arch/x86/x86_64/kexec_reloc.S @@ -34,7 +34,7 @@ ENTRY(kexec_reloc) movq %rcx, %rbp /* Setup stack. */ - leaq (reloc_stack - kexec_reloc)(%rdi), %rsp + leaq (.Lreloc_stack_base - kexec_reloc)(%rdi), %rsp /* Load reloc page table. */ movq %rsi, %cr3 @@ -175,10 +175,16 @@ compatibility_mode_far: .long 0x00000000 /* set in call_32_bit above */ .word 0x0010 + .type compatibility_mode_far, @object + .size compatibility_mode_far, . - compatibility_mode_far + compat_mode_gdt_desc: .word .Lcompat_mode_gdt_end - compat_mode_gdt -1 .quad 0x0000000000000000 /* set in call_32_bit above */ + .type compat_mode_gdt_desc, @object + .size compat_mode_gdt_desc, . - compat_mode_gdt_desc + .align 8 compat_mode_gdt: .quad 0x0000000000000000 /* null */ @@ -186,16 +192,23 @@ compat_mode_gdt: .quad 0x00cf9b000000ffff /* 0x0010 ring 0 code, compatibility */ .Lcompat_mode_gdt_end: + .type compat_mode_gdt, @object + .size compat_mode_gdt, . - compat_mode_gdt + compat_mode_idt: .word 0 /* limit */ .long 0 /* base */ + .type compat_mode_idt, @object + .size compat_mode_idt, . - compat_mode_idt + /* * 16 words of stack are more than enough. */ - .fill 16,8,0 + .align 8 reloc_stack: + .fill 16,8,0 +.Lreloc_stack_base: - .globl kexec_reloc_size -kexec_reloc_size: - .long . - kexec_reloc + .type reloc_stack, @object + .size reloc_stack, . - reloc_stack diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 82ad8feb6e..7ffecd4630 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -84,6 +84,7 @@ SECTIONS _etextentry = .; *(.text.kexec) /* Page aligned in the object file. */ + kexec_reloc_end = .; *(.text.cold) *(.text.unlikely) @@ -428,7 +429,7 @@ ASSERT(__2M_rwdata_end <= XEN_VIRT_END - XEN_VIRT_START + __XEN_VIRT_START - "Xen image overlaps stubs area") #ifdef CONFIG_KEXEC -ASSERT(kexec_reloc_size - kexec_reloc <= PAGE_SIZE, "kexec_reloc is too large") +ASSERT(kexec_reloc_end - kexec_reloc <= PAGE_SIZE, "kexec_reloc is too large") #endif /* The Multiboot setup paths relies on this to simplify superpage PTE creation. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:11:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:11:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277581.474145 (Exim 4.92) (envelope-from ) id 1nMuFB-0003NT-Kr; Wed, 23 Feb 2022 16:11:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277581.474145; Wed, 23 Feb 2022 16:11:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFB-0003NJ-Hg; Wed, 23 Feb 2022 16:11:57 +0000 Received: by outflank-mailman (input) for mailman id 277581; Wed, 23 Feb 2022 16:11:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFA-0003Mq-0a for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuF9-00056D-W8 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuF9-0003dR-VT for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rQONyAjIH5zMFjCG1WN/suRSzOw9I+r8PCmqwJaEQ5U=; b=y1q1nxasfVzOXfSpojMljW/sAn xGvu2jYQ433aasT/APxrmclZ6KVk4acQgjaoPB5TzsnF/2G9/XO//yqeyiV1DetRkuXXVbSQTGv3b dywTiljImc6gnuYhx1bjmGS30/igU6KvCVyqgmkfxsmSLtxt2De01gsvCOStBsnB24ek=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Introduce support for CET-IBT Message-Id: Date: Wed, 23 Feb 2022 16:11:55 +0000 commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. However, the default -fcf-protection=branch places an endbr{32,64} on every function which far more than necessary, and reduces the quantity of protection afforded. Therefore, we use manual placement using the cf_check attribute. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- Config.mk | 1 - tools/firmware/Makefile | 2 ++ tools/libs/guest/xg_dom_decompress_unsafe.h | 2 ++ tools/tests/x86_emulator/x86-emulate.h | 2 ++ xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 6 ++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/arch/x86/include/asm/asm-defns.h | 6 ++++++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/include/xen/compiler.h | 6 ++++++ 11 files changed, 44 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 95c053212e..f56f7dc334 100644 --- a/Config.mk +++ b/Config.mk @@ -190,7 +190,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile index 345037b93b..53ed4f161e 100644 --- a/tools/firmware/Makefile +++ b/tools/firmware/Makefile @@ -6,6 +6,8 @@ TARGET := hvmloader/hvmloader INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR) DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR) +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none + SUBDIRS-y := SUBDIRS-$(CONFIG_OVMF) += ovmf-dir SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir diff --git a/tools/libs/guest/xg_dom_decompress_unsafe.h b/tools/libs/guest/xg_dom_decompress_unsafe.h index 4e0bf23aa5..ac6b94288d 100644 --- a/tools/libs/guest/xg_dom_decompress_unsafe.h +++ b/tools/libs/guest/xg_dom_decompress_unsafe.h @@ -8,6 +8,8 @@ typedef int decompress_fn(unsigned char *inbuf, unsigned int len, void (*error)(const char *x)); #endif +#define cf_check /* No Control Flow Integriy checking */ + int xc_dom_decompress_unsafe( decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size) __attribute__((visibility("internal"))); diff --git a/tools/tests/x86_emulator/x86-emulate.h b/tools/tests/x86_emulator/x86-emulate.h index 7f60ef9e89..18ae40d017 100644 --- a/tools/tests/x86_emulator/x86-emulate.h +++ b/tools/tests/x86_emulator/x86-emulate.h @@ -54,6 +54,8 @@ #define likely(x) __builtin_expect(!!(x), true) #define unlikely(x) __builtin_expect(!!(x), false) +#define cf_check /* No Control Flow Integriy checking */ + #define container_of(ptr, type, member) ({ \ typeof(((type *)0)->member) *mptr__ = (ptr); \ (type *)((char *)mptr__ - offsetof(type, member)); \ diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 41198b0f96..8e70f9a448 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -40,6 +40,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -125,6 +130,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index edfc043dbb..f780c912a9 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -52,6 +52,12 @@ CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif +ifdef CONFIG_XEN_IBT +CFLAGS += -fcf-protection=branch -mmanual-endbr +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 787376df5a..d0e92c2ded 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -8,6 +8,7 @@ CONFIG_NR_CPUS=32 CONFIG_EXPERT=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index a0ab6d7d78..f2c6f255ac 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -152,6 +152,7 @@ #define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index b10154fc44..7413febd7a 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 696c7eb89e..933aec09a9 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -37,6 +37,12 @@ # define nocall #endif +#ifdef CONFIG_XEN_IBT +# define cf_check __attribute__((__cf_check__)) +#else +# define cf_check +#endif + #if (!defined(__clang__) && (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)) #define unreachable() do {} while (1) #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277583.474160 (Exim 4.92) (envelope-from ) id 1nMuFL-0003h0-Vu; Wed, 23 Feb 2022 16:12:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277583.474160; Wed, 23 Feb 2022 16:12:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFL-0003go-S3; Wed, 23 Feb 2022 16:12:07 +0000 Received: by outflank-mailman (input) for mailman id 277583; Wed, 23 Feb 2022 16:12:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFK-0003ff-5U for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFK-00056a-4k for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuFK-0003e9-40 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W4lbKA/PZwsGeZy8vUs6WyHPlP2g5SxoH/TaXxgWo4Y=; b=Tiz8qaeyPSEgnHqH4TtF8L+LbU vj5/ZWzUqJgwJclIFxg5M3t6g4yIExF/j2jA5JZT/tCuEYNHVeVLYVvCK5WmO2R2oJcV70M5aJrAM gVwx8uTvyu+q0myhWuQOIZq69o1YduJrXF9m79XKLJcgOTvhPfuRibWDEYfbuEumaPDg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for x86 hypercalls Message-Id: Date: Wed, 23 Feb 2022 16:12:06 +0000 commit 517b9114bfddf24ecb8890be79e1d218254dbf18 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen: CFI hardening for x86 hypercalls Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/compat.c | 7 ++-- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/vpmu.c | 3 +- xen/arch/x86/hvm/dm.c | 5 ++- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/hypercall.c | 5 +-- xen/arch/x86/include/asm/hypercall.h | 69 +++++++++++++++++++----------------- xen/arch/x86/include/asm/paging.h | 2 +- xen/arch/x86/mm.c | 23 ++++++------ xen/arch/x86/mm/paging.c | 3 +- xen/arch/x86/physdev.c | 2 +- xen/arch/x86/platform_hypercall.c | 3 +- xen/arch/x86/pv/callback.c | 25 +++++++------ xen/arch/x86/pv/descriptor-tables.c | 14 ++++---- xen/arch/x86/pv/iret.c | 4 +-- xen/arch/x86/pv/misc-hypercalls.c | 10 +++--- xen/arch/x86/pv/shim.c | 8 ++--- xen/arch/x86/x86_64/compat/mm.c | 7 ++-- xen/common/argo.c | 4 +-- xen/common/compat/domain.c | 3 +- xen/common/compat/grant_table.c | 5 ++- xen/common/compat/kernel.c | 2 +- xen/common/compat/memory.c | 3 +- xen/common/dm.c | 6 ++-- xen/common/domain.c | 5 +-- xen/common/domctl.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/hypfs.c | 6 ++-- xen/common/kernel.c | 2 +- xen/common/kexec.c | 4 +-- xen/common/memory.c | 2 +- xen/common/multicall.c | 2 +- xen/common/sched/compat.c | 2 +- xen/common/sched/core.c | 4 +-- xen/common/sysctl.c | 2 +- xen/common/xenoprof.c | 2 +- xen/drivers/char/console.c | 4 +-- xen/include/xen/hypercall.h | 69 ++++++++++++++++++------------------ xen/xsm/xsm_core.c | 4 +-- 40 files changed, 169 insertions(+), 162 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 939b449dec..28281a262a 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -15,7 +15,7 @@ typedef long ret_t; #endif /* Legacy hypercall (as of 0x00030202). */ -ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { struct physdev_op op; @@ -28,7 +28,7 @@ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) #ifndef COMPAT /* Legacy hypercall (as of 0x00030101). */ -long do_sched_op_compat(int cmd, unsigned long arg) +long cf_check do_sched_op_compat(int cmd, unsigned long arg) { switch ( cmd ) { @@ -50,7 +50,8 @@ long do_sched_op_compat(int cmd, unsigned long arg) } /* Legacy hypercall (as of 0x00030202). */ -long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) +long cf_check do_event_channel_op_compat( + XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { struct evtchn_op op; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 7f433343bc..eae08caa07 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1351,7 +1351,7 @@ CHECK_mcinfo_recovery; # endif /* CONFIG_COMPAT */ /* Machine Check Architecture Hypercall */ -long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) +long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) { long ret = 0; struct xen_mc curop, *op = &curop; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 8ec4547bed..598291f4ec 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -671,7 +671,8 @@ void vpmu_dump(struct vcpu *v) alternative_vcall(vpmu_ops.arch_vpmu_dump, v); } -long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) +long cf_check do_xenpmu_op( + unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) { int ret; struct vcpu *curr; diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index b60b9f3364..d80975efcf 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -654,9 +654,8 @@ CHECK_dm_op_relocate_memory; CHECK_dm_op_pin_memory_cacheattr; CHECK_dm_op_nr_vcpus; -int compat_dm_op(domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(void) bufs) +int cf_check compat_dm_op( + domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(void) bufs) { struct dmop_args args; unsigned int i; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c4ddb8607d..4e685c1b0c 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -5015,7 +5015,7 @@ static int hvmop_get_mem_type( return rc; } -long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 384724ec41..030243810e 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,7 +31,8 @@ #include #include -static long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +static long cf_check hvm_memory_op( + unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -51,7 +52,7 @@ static long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_GRANT_TABLE -static long hvm_grant_table_op( +static long cf_check hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index eb3aed3bf7..16d8418b57 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -38,97 +38,97 @@ void pv_ring3_init_hypercall_page(void *ptr); */ #define MMU_UPDATE_PREEMPTED (~(~0U>>1)) -extern long +extern long cf_check do_event_channel_op_compat( XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop); /* Legacy hypercall (as of 0x00030202). */ -extern long do_physdev_op_compat( +extern long cf_check do_physdev_op_compat( XEN_GUEST_HANDLE(physdev_op_t) uop); /* Legacy hypercall (as of 0x00030101). */ -extern long do_sched_op_compat( +extern long cf_check do_sched_op_compat( int cmd, unsigned long arg); -extern long +extern long cf_check do_set_trap_table( XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps); -extern long +extern long cf_check do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -extern long +extern long cf_check do_set_gdt( XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries); -extern long +extern long cf_check do_stack_switch( unsigned long ss, unsigned long esp); -extern long +extern long cf_check do_fpu_taskswitch( int set); -extern long +extern long cf_check do_set_debugreg( int reg, unsigned long value); -extern unsigned long +extern unsigned long cf_check do_get_debugreg( int reg); -extern long +extern long cf_check do_update_descriptor( uint64_t gaddr, seg_desc_t desc); -extern long +extern long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); -extern long +extern long cf_check do_update_va_mapping( unsigned long va, u64 val64, unsigned long flags); -extern long +extern long cf_check do_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_update_va_mapping_otherdomain( unsigned long va, u64 val64, unsigned long flags, domid_t domid); -extern long +extern long cf_check do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -extern long do_callback_op( +extern long cf_check do_callback_op( int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); -extern unsigned long +extern unsigned long cf_check do_iret( void); -extern long +extern long cf_check do_set_callbacks( unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address); -extern long +extern long cf_check do_set_segment_base( unsigned int which, unsigned long base); @@ -139,7 +139,7 @@ do_set_segment_base( #include #include -extern int +extern int cf_check compat_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -148,44 +148,47 @@ extern int arch_compat_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int compat_mmuext_op( +extern int cf_check compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -extern int compat_platform_op( +extern int cf_check compat_platform_op( XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); -extern long compat_callback_op( +extern long cf_check compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); -extern int compat_update_va_mapping( +extern int cf_check compat_update_va_mapping( unsigned int va, u32 lo, u32 hi, unsigned int flags); -extern int compat_update_va_mapping_otherdomain( +extern int cf_check compat_update_va_mapping_otherdomain( unsigned int va, u32 lo, u32 hi, unsigned int flags, domid_t domid); DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); -extern int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps); +extern int cf_check compat_set_trap_table( + XEN_GUEST_HANDLE(trap_info_compat_t) traps); -extern int compat_set_gdt( +extern int cf_check compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); -extern int compat_update_descriptor( +extern int cf_check compat_update_descriptor( u32 pa_lo, u32 pa_hi, u32 desc_lo, u32 desc_hi); -extern unsigned int compat_iret(void); +extern unsigned int cf_check compat_iret(void); -extern int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); +extern int cf_check compat_nmi_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long compat_set_callbacks( +extern long cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address); DEFINE_XEN_GUEST_HANDLE(physdev_op_compat_t); -extern int compat_physdev_op_compat(XEN_GUEST_HANDLE(physdev_op_compat_t) uop); +extern int cf_check compat_physdev_op_compat( + XEN_GUEST_HANDLE(physdev_op_compat_t) uop); #endif /* CONFIG_COMPAT */ diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index 2ddcfb022c..f0b4efc66e 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -235,7 +235,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, bool_t resuming); /* Helper hypercall for dealing with continuations. */ -long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); +long cf_check paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); /* Call when destroying a vcpu/domain */ void paging_vcpu_teardown(struct vcpu *v); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 9c7c616253..cdbd04e197 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3377,7 +3377,7 @@ static int vcpumask_to_pcpumask( } } -long do_mmuext_op( +long cf_check do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -3916,7 +3916,7 @@ long do_mmuext_op( return rc; } -long do_mmu_update( +long cf_check do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -4501,8 +4501,8 @@ static int __do_update_va_mapping( return rc; } -long do_update_va_mapping(unsigned long va, u64 val64, - unsigned long flags) +long cf_check do_update_va_mapping( + unsigned long va, u64 val64, unsigned long flags) { int rc = __do_update_va_mapping(va, val64, flags, current->domain); @@ -4513,9 +4513,8 @@ long do_update_va_mapping(unsigned long va, u64 val64, return rc; } -long do_update_va_mapping_otherdomain(unsigned long va, u64 val64, - unsigned long flags, - domid_t domid) +long cf_check do_update_va_mapping_otherdomain( + unsigned long va, u64 val64, unsigned long flags, domid_t domid) { struct domain *pg_owner; int rc; @@ -4537,8 +4536,8 @@ long do_update_va_mapping_otherdomain(unsigned long va, u64 val64, #endif /* CONFIG_PV */ #ifdef CONFIG_PV32 -int compat_update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, - unsigned int flags) +int cf_check compat_update_va_mapping( + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) { int rc = __do_update_va_mapping(va, ((uint64_t)hi << 32) | lo, flags, current->domain); @@ -4550,9 +4549,9 @@ int compat_update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, return rc; } -int compat_update_va_mapping_otherdomain(unsigned int va, - uint32_t lo, uint32_t hi, - unsigned int flags, domid_t domid) +int cf_check compat_update_va_mapping_otherdomain( + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, + domid_t domid) { struct domain *pg_owner; int rc; diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index dc3a4a0b4b..1f0b94ad21 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -759,7 +759,8 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long cf_check paging_domctl_continuation( + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; struct domain *d; diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index ea38be8b79..2ddcf44f33 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -174,7 +174,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) } #endif /* COMPAT */ -ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int irq; ret_t ret; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index bf4090c942..84566bbfaa 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -213,7 +213,8 @@ void resource_access(void *info) } #endif -ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) +ret_t cf_check do_platform_op( + XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { ret_t ret; struct xen_platform_op curop, *op = &curop; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 42a6aa0831..55148c7f9e 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -140,7 +140,7 @@ static long unregister_guest_callback(struct callback_unregister *unreg) return ret; } -long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) +long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) { long ret; @@ -178,9 +178,9 @@ long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) return ret; } -long do_set_callbacks(unsigned long event_address, - unsigned long failsafe_address, - unsigned long syscall_address) +long cf_check do_set_callbacks( + unsigned long event_address, unsigned long failsafe_address, + unsigned long syscall_address) { struct callback_register event = { .type = CALLBACKTYPE_event, @@ -283,7 +283,7 @@ static long compat_unregister_guest_callback( return ret; } -long compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) +long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) { long ret; @@ -321,10 +321,9 @@ long compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) return ret; } -long compat_set_callbacks(unsigned long event_selector, - unsigned long event_address, - unsigned long failsafe_selector, - unsigned long failsafe_address) +long cf_check compat_set_callbacks( + unsigned long event_selector, unsigned long event_address, + unsigned long failsafe_selector, unsigned long failsafe_address) { struct compat_callback_register event = { .type = CALLBACKTYPE_event, @@ -349,7 +348,7 @@ long compat_set_callbacks(unsigned long event_selector, #endif /* CONFIG_PV32 */ -long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) +long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) { struct trap_info cur; struct vcpu *curr = current; @@ -395,7 +394,7 @@ long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) } #ifdef CONFIG_PV32 -int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) +int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) { struct vcpu *curr = current; struct compat_trap_info cur; @@ -438,7 +437,7 @@ int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) } #endif -long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct xennmi_callback cb; long rc = 0; @@ -464,7 +463,7 @@ long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_PV32 -int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int cf_check compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct compat_nmi_callback cb; int rc = 0; diff --git a/xen/arch/x86/pv/descriptor-tables.c b/xen/arch/x86/pv/descriptor-tables.c index 5e84704400..653a61d0b5 100644 --- a/xen/arch/x86/pv/descriptor-tables.c +++ b/xen/arch/x86/pv/descriptor-tables.c @@ -124,8 +124,8 @@ int pv_set_gdt(struct vcpu *v, const unsigned long frames[], return -EINVAL; } -long do_set_gdt(XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, - unsigned int entries) +long cf_check do_set_gdt( + XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries) { unsigned int nr_frames = DIV_ROUND_UP(entries, 512); unsigned long frames[16]; @@ -151,8 +151,8 @@ long do_set_gdt(XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, #ifdef CONFIG_PV32 -int compat_set_gdt(XEN_GUEST_HANDLE_PARAM(uint) frame_list, - unsigned int entries) +int cf_check compat_set_gdt( + XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries) { struct vcpu *curr = current; unsigned int i, nr_frames = DIV_ROUND_UP(entries, 512); @@ -187,8 +187,8 @@ int compat_set_gdt(XEN_GUEST_HANDLE_PARAM(uint) frame_list, return ret; } -int compat_update_descriptor(uint32_t pa_lo, uint32_t pa_hi, - uint32_t desc_lo, uint32_t desc_hi) +int cf_check compat_update_descriptor( + uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) { seg_desc_t d; @@ -299,7 +299,7 @@ int validate_segdesc_page(struct page_info *page) return i == 512 ? 0 : -EINVAL; } -long do_update_descriptor(uint64_t gaddr, seg_desc_t d) +long cf_check do_update_descriptor(uint64_t gaddr, seg_desc_t d) { struct domain *currd = current->domain; gfn_t gfn = gaddr_to_gfn(gaddr); diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 29a2f7cc45..dd2965d8f0 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -48,7 +48,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -unsigned long do_iret(void) +unsigned long cf_check do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -105,7 +105,7 @@ unsigned long do_iret(void) } #ifdef CONFIG_PV32 -unsigned int compat_iret(void) +unsigned int cf_check compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 5dade24726..5649aaab44 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -23,12 +23,12 @@ #include -long do_set_debugreg(int reg, unsigned long value) +long cf_check do_set_debugreg(int reg, unsigned long value) { return set_debugreg(current, reg, value); } -unsigned long do_get_debugreg(int reg) +unsigned long cf_check do_get_debugreg(int reg) { unsigned long val; int res = x86emul_read_dr(reg, &val, NULL); @@ -36,7 +36,7 @@ unsigned long do_get_debugreg(int reg) return res == X86EMUL_OKAY ? val : -ENODEV; } -long do_fpu_taskswitch(int set) +long cf_check do_fpu_taskswitch(int set) { struct vcpu *v = current; @@ -171,7 +171,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) return 0; } -long do_stack_switch(unsigned long ss, unsigned long esp) +long cf_check do_stack_switch(unsigned long ss, unsigned long esp) { fixup_guest_stack_selector(current->domain, ss); current->arch.pv.kernel_ss = ss; @@ -180,7 +180,7 @@ long do_stack_switch(unsigned long ss, unsigned long esp) return 0; } -long do_set_segment_base(unsigned int which, unsigned long base) +long cf_check do_set_segment_base(unsigned int which, unsigned long base) { struct vcpu *v = current; long ret = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 7e891fe2f7..4c710ad891 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -824,8 +824,8 @@ long pv_shim_grant_table_op(unsigned int cmd, #ifndef CONFIG_GRANT_TABLE /* Thin wrapper(s) needed. */ -long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +long cf_check do_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) return -ENOSYS; @@ -834,8 +834,8 @@ long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, } #ifdef CONFIG_PV32 -int compat_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +int cf_check compat_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) return -ENOSYS; diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index 215e96aba0..b3da8fafbb 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -176,10 +176,9 @@ int compat_arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifdef CONFIG_PV DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t); -int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) arg, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom) +int cf_check compat_mmuext_op( + XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, + XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom) { unsigned int i, preempt_mask; int rc = 0; diff --git a/xen/common/argo.c b/xen/common/argo.c index eaea7ba888..1448faf657 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2069,7 +2069,7 @@ sendv(struct domain *src_d, xen_argo_addr_t *src_addr, return ( ret < 0 ) ? ret : len; } -long +long cf_check do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long raw_arg3, unsigned long raw_arg4) @@ -2207,7 +2207,7 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -long +long cf_check compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) diff --git a/xen/common/compat/domain.c b/xen/common/compat/domain.c index 98b8c15cea..afae27eeba 100644 --- a/xen/common/compat/domain.c +++ b/xen/common/compat/domain.c @@ -38,7 +38,8 @@ CHECK_vcpu_hvm_context; #endif -int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) +int cf_check compat_vcpu_op( + int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct vcpu *v; diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index ff1d678f01..c6199e8918 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -55,9 +55,8 @@ CHECK_gnttab_swap_grant_ref; CHECK_gnttab_cache_flush; #undef xen_gnttab_cache_flush -int compat_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) cmp_uop, - unsigned int count) +int cf_check compat_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) cmp_uop, unsigned int count) { int rc = 0; unsigned int i, cmd_op; diff --git a/xen/common/compat/kernel.c b/xen/common/compat/kernel.c index 804b919bdc..8e8c413bf1 100644 --- a/xen/common/compat/kernel.c +++ b/xen/common/compat/kernel.c @@ -37,7 +37,7 @@ CHECK_TYPE(capabilities_info); CHECK_TYPE(domain_handle); -#define DO(fn) int compat_##fn +#define DO(fn) int cf_check compat_##fn #define COMPAT #include "../kernel.c" diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index c43fa97cf1..ec8ba54bb6 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -53,7 +53,8 @@ static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, } #endif -int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) +int cf_check compat_memory_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) { struct vcpu *curr = current; struct domain *currd = curr->domain; diff --git a/xen/common/dm.c b/xen/common/dm.c index 2d1d98ca58..fcb3a1aa05 100644 --- a/xen/common/dm.c +++ b/xen/common/dm.c @@ -19,9 +19,9 @@ #include #include -long do_dm_op(domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) +long cf_check do_dm_op( + domid_t domid, unsigned int nr_bufs, + XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) { struct dmop_args args; int rc; diff --git a/xen/common/domain.c b/xen/common/domain.c index 3742322d22..ac2746d0d6 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1570,7 +1570,8 @@ int default_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) return rc; } -long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_vcpu_op( + int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct vcpu *v; @@ -1757,7 +1758,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef arch_vm_assist_valid_mask -long do_vm_assist(unsigned int cmd, unsigned int type) +long cf_check do_vm_assist(unsigned int cmd, unsigned int type) { struct domain *currd = current->domain; const unsigned long valid = arch_vm_assist_valid_mask(currd); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 879a2adcbe..9606fa4f1a 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -274,7 +274,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo, return ERR_PTR(ret); } -long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { long ret = 0; bool_t copyback = 0; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index c9912122d1..a5ee8b8ebf 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1189,7 +1189,7 @@ static int evtchn_set_priority(const struct evtchn_set_priority *set_priority) return ret; } -long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 925ed7d6be..153332b7bf 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3558,7 +3558,7 @@ gnttab_cache_flush(XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) uop, return 0; } -long +long cf_check do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index e71f7df479..1526bcc528 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -671,9 +671,9 @@ static int hypfs_write(struct hypfs_entry *entry, return entry->funcs->write(l, uaddr, ulen); } -long do_hypfs_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(const_char) arg1, unsigned long arg2, - XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) +long cf_check do_hypfs_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, + unsigned long arg2, XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) { int ret; struct hypfs_entry *entry; diff --git a/xen/common/kernel.c b/xen/common/kernel.c index e119e5401f..752c2e0dae 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -451,7 +451,7 @@ static int __init param_init(void) __initcall(param_init); #endif -# define DO(fn) long do_##fn +# define DO(fn) long cf_check do_##fn #endif diff --git a/xen/common/kexec.c b/xen/common/kexec.c index c63db618a7..8471590aee 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned long op, return ret; } -long do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long cf_check do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int cf_check compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/common/memory.c b/xen/common/memory.c index 0d7c413df8..38732dde6f 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1367,7 +1367,7 @@ static int acquire_resource( return rc; } -long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d, *curr_d = current->domain; long rc; diff --git a/xen/common/multicall.c b/xen/common/multicall.c index 794638392b..e48f46dbe0 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -32,7 +32,7 @@ static void trace_multicall_call(multicall_entry_t *call) __trace_multicall_call(call); } -ret_t +ret_t cf_check do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, uint32_t nr_calls) { diff --git a/xen/common/sched/compat.c b/xen/common/sched/compat.c index 040b4caca2..66ba0fe88f 100644 --- a/xen/common/sched/compat.c +++ b/xen/common/sched/compat.c @@ -39,7 +39,7 @@ static int compat_poll(struct compat_sched_poll *compat) #include "core.c" -int compat_set_timer_op(u32 lo, s32 hi) +int cf_check compat_set_timer_op(u32 lo, s32 hi) { return do_set_timer_op(((s64)hi << 32) | lo); } diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index f5c819349b..6c1ee7879a 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -1862,7 +1862,7 @@ typedef long ret_t; #endif /* !COMPAT */ -ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { ret_t ret = 0; @@ -1999,7 +1999,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifndef COMPAT /* Per-vcpu oneshot-timer hypercall. */ -long do_set_timer_op(s_time_t timeout) +long cf_check do_set_timer_op(s_time_t timeout) { struct vcpu *v = current; s_time_t offset = timeout - NOW(); diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index 1ad3c29351..fc4a0b31d6 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -29,7 +29,7 @@ #include #include -long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) +long cf_check do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) { long ret = 0; int copyback = -1; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index 1926a92fe4..af617f1d0b 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -721,7 +721,7 @@ static int xenoprof_op_get_buffer(XEN_GUEST_HANDLE_PARAM(void) arg) || (op == XENOPROF_disable_virq) \ || (op == XENOPROF_get_buffer)) -ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) { int ret = 0; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 7d0a603d03..a043e9521a 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -675,8 +675,8 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, return 0; } -long do_console_io(unsigned int cmd, unsigned int count, - XEN_GUEST_HANDLE_PARAM(char) buffer) +long cf_check do_console_io( + unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer) { long rc; unsigned int idx, len; diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 07b10ec230..4dfd64cf71 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -18,12 +18,12 @@ #include #include -extern long +extern long cf_check do_sched_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_domctl( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); @@ -32,7 +32,7 @@ arch_do_domctl( struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); -extern long +extern long cf_check do_sysctl( XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); @@ -41,7 +41,7 @@ arch_do_sysctl( struct xen_sysctl *sysctl, XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); -extern long +extern long cf_check do_platform_op( XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op); @@ -62,47 +62,47 @@ pci_physdev_op( #define MEMOP_EXTENT_SHIFT 6 /* cmd[:6] == start_extent */ #define MEMOP_CMD_MASK ((1 << MEMOP_EXTENT_SHIFT) - 1) -extern long +extern long cf_check do_memory_op( unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, unsigned int nr_calls); -extern long +extern long cf_check do_set_timer_op( s_time_t timeout); -extern long +extern long cf_check do_event_channel_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_xen_version( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_console_io( unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer); -extern long +extern long cf_check do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count); -extern long +extern long cf_check do_vm_assist( unsigned int cmd, unsigned int type); -extern long +extern long cf_check do_vcpu_op( int cmd, unsigned int vcpuid, @@ -114,27 +114,27 @@ arch_do_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_nmi_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_hvm_op( unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_kexec_op( unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); -extern long +extern long cf_check do_xsm_op( XEN_GUEST_HANDLE_PARAM(void) u_xsm_op); #ifdef CONFIG_ARGO -extern long do_argo_op( +extern long cf_check do_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, @@ -142,20 +142,20 @@ extern long do_argo_op( unsigned long arg4); #endif -extern long +extern long cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); -extern long +extern long cf_check do_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs); #ifdef CONFIG_HYPFS -extern long +extern long cf_check do_hypfs_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, @@ -166,53 +166,54 @@ do_hypfs_op( #ifdef CONFIG_COMPAT -extern int +extern int cf_check compat_memory_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count); -extern int +extern int cf_check compat_vcpu_op( int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_xen_version( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_sched_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_set_timer_op( u32 lo, s32 hi); -extern int compat_xsm_op( +extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); -extern int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); +extern int cf_check compat_kexec_op( + unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); -extern int compat_multicall( +extern int cf_check compat_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, uint32_t nr_calls); #ifdef CONFIG_ARGO -extern long compat_argo_op( +extern long cf_check compat_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, @@ -220,7 +221,7 @@ extern long compat_argo_op( unsigned long arg4); #endif -extern int +extern int cf_check compat_dm_op( domid_t domid, unsigned int nr_bufs, diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 14d98f1f72..5fc3a5f754 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -219,13 +219,13 @@ bool __init has_xsm_magic(paddr_t start) #endif -long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +long cf_check do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_xsm_op(op); } #ifdef CONFIG_COMPAT -int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +int cf_check compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_compat_op(op); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277584.474164 (Exim 4.92) (envelope-from ) id 1nMuFW-0003nV-3V; Wed, 23 Feb 2022 16:12:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277584.474164; Wed, 23 Feb 2022 16:12:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFW-0003nO-0a; Wed, 23 Feb 2022 16:12:18 +0000 Received: by outflank-mailman (input) for mailman id 277584; Wed, 23 Feb 2022 16:12:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFU-0003mc-Be for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFU-00056e-Ap for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuFU-0003ek-9v for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AY9pPHhDVStFpA/mWIwOUsTPNLXmOwzZ9OPh8okt7L0=; b=GJuc5LYfQ4zMudnh22P+NQfAYq QCYqHurpk0qFSMgmhmsGDUfxvi1xWF08LufUjmf+kPmmsow+r6I66neA24xpUANcw92NTul+WoZrr onuJr9QU57+3Mm01Aj7HuCvnivuQlqbbM9gmtZ+dKA+AFfyrDLFF6ilwh9xz+4cl31dE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for custom_param() Message-Id: Date: Wed, 23 Feb 2022 16:12:16 +0000 commit 17f0c6176e16ada6b97ccc7caac4b0b00f8e9032 Author: Andrew Cooper AuthorDate: Wed Oct 27 14:21:51 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for custom_param() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The "watchdog_timeout" and "cpu_type" handlers were missing __init. The "numa", "acpi", "irq_vector_map" and "flask" handlers can skip forward declarations by altering the custom_param() position. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/apic.c | 4 ++-- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/cpuid.c | 8 ++++---- xen/arch/x86/dom0_build.c | 8 ++++---- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/hpet.c | 2 +- xen/arch/x86/hvm/viridian/viridian.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 8 ++++---- xen/arch/x86/io_apic.c | 2 +- xen/arch/x86/irq.c | 6 ++---- xen/arch/x86/mm.c | 2 +- xen/arch/x86/nmi.c | 4 ++-- xen/arch/x86/numa.c | 6 ++---- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/pv/domain.c | 8 ++++---- xen/arch/x86/pv/shim.c | 2 +- xen/arch/x86/setup.c | 11 +++++------ xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/arch/x86/time.c | 2 +- xen/arch/x86/tsx.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 2 +- xen/common/argo.c | 2 +- xen/common/core_parking.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/domain.c | 2 +- xen/common/efi/boot.c | 2 +- xen/common/grant_table.c | 14 +++++++------- xen/common/kexec.c | 6 +++--- xen/common/memory.c | 2 +- xen/common/page_alloc.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/sched/credit2.c | 2 +- xen/drivers/acpi/tables.c | 2 +- xen/drivers/char/console.c | 18 +++++++++--------- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/passthrough/amd/iommu_acpi.c | 6 +++--- xen/drivers/passthrough/iommu.c | 4 ++-- xen/drivers/passthrough/pci.c | 4 ++-- xen/drivers/passthrough/vtd/dmar.c | 2 +- xen/drivers/passthrough/vtd/quirks.c | 2 +- xen/drivers/video/vesa.c | 2 +- xen/xsm/flask/flask_op.c | 5 ++--- xen/xsm/xsm_core.c | 2 +- 49 files changed, 92 insertions(+), 98 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index d788c8bffc..5d73eb5917 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -106,7 +106,7 @@ void (*__read_mostly pm_idle_save)(void); unsigned int max_cstate __read_mostly = UINT_MAX; unsigned int max_csubstate __read_mostly = UINT_MAX; -static int __init parse_cstate(const char *s) +static int __init cf_check parse_cstate(const char *s) { max_cstate = simple_strtoul(s, &s, 0); if ( *s == ',' ) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..912d4c4d62 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -35,7 +35,7 @@ uint32_t system_reset_counter = 1; -static int __init parse_acpi_sleep(const char *s) +static int __init cf_check parse_acpi_sleep(const char *s) { const char *ss; unsigned int flag = 0; diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 5836561585..68e4d870c7 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -775,7 +775,7 @@ int lapic_resume(void) * Original code written by Keir Fraser. */ -static int __init lapic_disable(const char *str) +static int __init cf_check lapic_disable(const char *str) { enable_local_apic = -1; setup_clear_cpu_cap(X86_FEATURE_APIC); @@ -784,7 +784,7 @@ static int __init lapic_disable(const char *str) custom_param("nolapic", lapic_disable); boolean_param("lapic", enable_local_apic); -static int __init apic_set_verbosity(const char *str) +static int __init cf_check apic_set_verbosity(const char *str) { if (strcmp("debug", str) == 0) apic_verbosity = APIC_DEBUG; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index eae08caa07..ea86d84481 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -63,7 +63,7 @@ struct mca_banks *mca_allbanks; #endif int mce_verbosity; -static int __init mce_set_verbosity(const char *str) +static int __init cf_check mce_set_verbosity(const char *str) { if ( strcmp("verbose", str) == 0 ) mce_verbosity = MCE_VERBOSE; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index ac3ceb567c..95d35ca0f3 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -111,7 +111,7 @@ void __init microcode_set_module(unsigned int idx) * optional. If the EFI has forced which of the multiboot payloads is to be * used, only nmi= is parsed. */ -static int __init parse_ucode(const char *s) +static int __init cf_check parse_ucode(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 598291f4ec..b10d6e2eb4 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -56,7 +56,7 @@ static unsigned vpmu_count; static DEFINE_PER_CPU(struct vcpu *, last_vcpu); -static int __init parse_vpmu_params(const char *s) +static int __init cf_check parse_vpmu_params(const char *s) { const char *ss; int rc = 0, val; diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 7c638eff2b..bb554b06a7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -101,7 +101,7 @@ static int __init always_inline parse_cpuid( return rc; } -static void __init _parse_xen_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_xen_cpuid(unsigned int feat, bool val) { if ( !val ) setup_clear_cpu_cap(feat); @@ -110,7 +110,7 @@ static void __init _parse_xen_cpuid(unsigned int feat, bool val) setup_force_cpu_cap(X86_FEATURE_RDRAND); } -static int __init parse_xen_cpuid(const char *s) +static int __init cf_check parse_xen_cpuid(const char *s) { return parse_cpuid(s, _parse_xen_cpuid); } @@ -120,13 +120,13 @@ static bool __initdata dom0_cpuid_cmdline; static uint32_t __initdata dom0_enable_feat[FSCAPINTS]; static uint32_t __initdata dom0_disable_feat[FSCAPINTS]; -static void __init _parse_dom0_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_dom0_cpuid(unsigned int feat, bool val) { __set_bit (feat, val ? dom0_enable_feat : dom0_disable_feat); __clear_bit(feat, val ? dom0_disable_feat : dom0_enable_feat ); } -static int __init parse_dom0_cpuid(const char *s) +static int __init cf_check parse_dom0_cpuid(const char *s) { dom0_cpuid_cmdline = true; diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index a7fec05956..4d1c5c60e4 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -115,7 +115,7 @@ static int __init parse_amt(const char *s, const char **ps, struct memsize *sz) return 0; } -static int __init parse_dom0_mem(const char *s) +static int __init cf_check parse_dom0_mem(const char *s) { int ret; @@ -144,7 +144,7 @@ custom_param("dom0_mem", parse_dom0_mem); static unsigned int __initdata opt_dom0_max_vcpus_min = 1; static unsigned int __initdata opt_dom0_max_vcpus_max = UINT_MAX; -static int __init parse_dom0_max_vcpus(const char *s) +static int __init cf_check parse_dom0_max_vcpus(const char *s) { if ( *s == '-' ) /* -M */ opt_dom0_max_vcpus_max = simple_strtoul(s + 1, &s, 0); @@ -168,7 +168,7 @@ static __initdata unsigned int dom0_pxms[MAX_NUMNODES] = { [0 ... MAX_NUMNODES - 1] = ~0 }; bool __initdata dom0_affinity_relaxed; -static int __init parse_dom0_nodes(const char *s) +static int __init cf_check parse_dom0_nodes(const char *s) { const char *ss; int rc = 0; @@ -266,7 +266,7 @@ bool __initdata opt_dom0_pvh = !IS_ENABLED(CONFIG_PV); bool __initdata opt_dom0_verbose = IS_ENABLED(CONFIG_VERBOSE_DEBUG); bool __initdata opt_dom0_msr_relaxed; -static int __init parse_dom0_param(const char *s) +static int __init cf_check parse_dom0_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index 66bc5ce072..ad57912f50 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -43,7 +43,7 @@ void __init generic_bigsmp_probe(void) } } -static int __init genapic_apic_force(const char *str) +static int __init cf_check genapic_apic_force(const char *str) { int i, rc = -EINVAL; diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 2fe8b005a5..7a810e4e71 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -65,7 +65,7 @@ u8 __initdata hpet_flags; static bool __initdata force_hpet_broadcast; boolean_param("hpetbroadcast", force_hpet_broadcast); -static int __init parse_hpet_param(const char *s) +static int __init cf_check parse_hpet_param(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/hvm/viridian/viridian.c b/xen/arch/x86/hvm/viridian/viridian.c index 8986b8e03c..7ebcaa1c89 100644 --- a/xen/arch/x86/hvm/viridian/viridian.c +++ b/xen/arch/x86/hvm/viridian/viridian.c @@ -1186,7 +1186,7 @@ static int viridian_load_vcpu_ctxt(struct domain *d, HVM_REGISTER_SAVE_RESTORE(VIRIDIAN_VCPU, viridian_save_vcpu_ctxt, viridian_load_vcpu_ctxt, 1, HVMSR_PER_VCPU); -static int __init parse_viridian_version(const char *arg) +static int __init cf_check parse_viridian_version(const char *arg) { const char *t; unsigned int n[3]; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 7ab15e07a0..f72a7db045 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -71,7 +71,7 @@ static bool __read_mostly opt_ept_pml = true; static s8 __read_mostly opt_ept_ad = -1; int8_t __read_mostly opt_ept_exec_sp = -1; -static int __init parse_ept_param(const char *s) +static int __init cf_check parse_ept_param(const char *s) { const char *ss; int val, rc = 0; @@ -107,16 +107,16 @@ static void update_ept_param(void) opt_ept_exec_sp); } -static void __init init_ept_param(struct param_hypfs *par) +static void __init cf_check init_ept_param(struct param_hypfs *par) { update_ept_param(); custom_runtime_set_var(par, opt_ept_setting); } -static int parse_ept_param_runtime(const char *s); +static int cf_check parse_ept_param_runtime(const char *s); custom_runtime_only_param("ept", parse_ept_param_runtime, init_ept_param); -static int parse_ept_param_runtime(const char *s) +static int cf_check parse_ept_param_runtime(const char *s) { struct domain *d; int val; diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 1c49a0fe14..4135a9c060 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1601,7 +1601,7 @@ static unsigned int startup_level_ioapic_irq(struct irq_desc *desc) return 0; /* don't check for pending */ } -static int __init setup_ioapic_ack(const char *s) +static int __init cf_check setup_ioapic_ack(const char *s) { if ( !strcmp(s, "old") ) { diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 67cbf6b979..84b174d0f5 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -28,8 +28,6 @@ #include #include -static int parse_irq_vector_map_param(const char *s); - /* opt_noirqbalance: If true, software IRQ balancing/affinity is disabled. */ bool __read_mostly opt_noirqbalance; boolean_param("noirqbalance", opt_noirqbalance); @@ -40,7 +38,6 @@ integer_param("nr_irqs", nr_irqs); /* This default may be changed by the AMD IOMMU code */ int __read_mostly opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_DEFAULT; -custom_param("irq_vector_map", parse_irq_vector_map_param); /* Max number of guests IRQ could be shared with */ static unsigned char __read_mostly irq_max_guests; @@ -66,7 +63,7 @@ static struct timer irq_ratelimit_timer; static unsigned int __read_mostly irq_ratelimit_threshold = 10000; integer_param("irq_ratelimit", irq_ratelimit_threshold); -static int __init parse_irq_vector_map_param(const char *s) +static int __init cf_check parse_irq_vector_map_param(const char *s) { const char *ss; int rc = 0; @@ -90,6 +87,7 @@ static int __init parse_irq_vector_map_param(const char *s) return rc; } +custom_param("irq_vector_map", parse_irq_vector_map_param); /* Must be called when irq disabled */ void lock_vector_lock(void) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index cdbd04e197..a1b8737096 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -189,7 +189,7 @@ static uint32_t base_disallow_mask; static s8 __read_mostly opt_mmio_relax; -static int __init parse_mmio_relax(const char *s) +static int __init cf_check parse_mmio_relax(const char *s) { if ( !*s ) opt_mmio_relax = 1; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index c515de6336..515a3633e5 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -48,7 +48,7 @@ bool __initdata opt_watchdog; /* watchdog_force: If true, process unknown NMIs when running the watchdog. */ bool watchdog_force; -static int __init parse_watchdog(const char *s) +static int __init cf_check parse_watchdog(const char *s) { if ( !*s ) { @@ -78,7 +78,7 @@ custom_param("watchdog", parse_watchdog); /* opt_watchdog_timeout: Number of seconds to wait before panic. */ static unsigned int opt_watchdog_timeout = 5; -static int parse_watchdog_timeout(const char *s) +static int __init cf_check parse_watchdog_timeout(const char *s) { const char *q; diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index ce79ee44ce..6be5a0c933 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -19,9 +19,6 @@ #include #include -static int numa_setup(const char *s); -custom_param("numa", numa_setup); - #ifndef Dprintk #define Dprintk(x...) #endif @@ -294,7 +291,7 @@ void numa_set_node(int cpu, nodeid_t node) } /* [numa=off] */ -static __init int numa_setup(const char *opt) +static int __init cf_check numa_setup(const char *opt) { if ( !strncmp(opt,"off",3) ) numa_off = true; @@ -321,6 +318,7 @@ static __init int numa_setup(const char *opt) return 0; } +custom_param("numa", numa_setup); /* * Setup early cpu_to_node. diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index a13bd82915..7842d95b95 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -340,7 +340,7 @@ static int __init p4_init(char ** cpu_type) static int force_arch_perfmon; -static int force_cpu_type(const char *str) +static int __init cf_check force_cpu_type(const char *str) { if (!strcmp(str, "arch_perfmon")) { force_arch_perfmon = 1; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index d805b85dc6..56916344cb 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -573,7 +573,7 @@ static bool __init parse_psr_bool(const char *s, const char *delim, return false; } -static int __init parse_psr_param(const char *s) +static int __init cf_check parse_psr_param(const char *s) { const char *ss, *val_delim; const char *q; diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 6ad533183b..125c4561a7 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -20,7 +20,7 @@ int8_t __read_mostly opt_pv32 = -1; #endif -static __init int parse_pv(const char *s) +static int __init cf_check parse_pv(const char *s) { const char *ss; int val, rc = 0; @@ -63,16 +63,16 @@ static const char opt_pcid_2_string[][7] = { [PCID_NOXPTI] = "noxpti", }; -static void __init opt_pcid_init(struct param_hypfs *par) +static void __init cf_check opt_pcid_init(struct param_hypfs *par) { custom_runtime_set_var(par, opt_pcid_2_string[opt_pcid]); } #endif -static int parse_pcid(const char *s); +static int cf_check parse_pcid(const char *s); custom_runtime_param("pcid", parse_pcid, opt_pcid_init); -static int parse_pcid(const char *s) +static int cf_check parse_pcid(const char *s) { int rc = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 4c710ad891..ae4d8913fa 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -73,7 +73,7 @@ static uint64_t __initdata shim_nrpages; static uint64_t __initdata shim_min_nrpages; static uint64_t __initdata shim_max_nrpages; -static int __init parse_shim_mem(const char *s) +static int __init cf_check parse_shim_mem(const char *s) { do { if ( !strncmp(s, "min:", 4) ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 2f6e10d0cf..3a4ec1fcfd 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -81,8 +81,6 @@ unsigned long __read_mostly cr4_pv32_mask; /* "acpi=ht": Limit ACPI just to boot-time to enable HT. */ /* "acpi=noirq": Disables ACPI interrupt routing. */ /* "acpi=verbose": Enables more verbose ACPI boot time logging. */ -static int parse_acpi_param(const char *s); -custom_param("acpi", parse_acpi_param); /* **** Linux config option: propagated to domain0. */ /* noapic: Disable IOAPIC setup. */ @@ -104,7 +102,7 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif -static int __init parse_cet(const char *s) +static int __init cf_check parse_cet(const char *s) { const char *ss; int val, rc = 0; @@ -159,7 +157,7 @@ static s8 __initdata opt_smep = -1; */ static struct domain *__initdata dom0; -static int __init parse_smep_param(const char *s) +static int __init cf_check parse_smep_param(const char *s) { if ( !*s ) { @@ -190,7 +188,7 @@ custom_param("smep", parse_smep_param); #define SMAP_HVM_ONLY (-2) static s8 __initdata opt_smap = -1; -static int __init parse_smap_param(const char *s) +static int __init cf_check parse_smap_param(const char *s) { if ( !*s ) { @@ -221,7 +219,7 @@ bool __read_mostly acpi_disabled; bool __initdata acpi_force; static char __initdata acpi_param[10] = ""; -static int __init parse_acpi_param(const char *s) +static int __init cf_check parse_acpi_param(const char *s) { /* Interpret the parameter for use within Xen. */ if ( !parse_bool(s, NULL) ) @@ -257,6 +255,7 @@ static int __init parse_acpi_param(const char *s) return 0; } +custom_param("acpi", parse_acpi_param); static const module_t *__initdata initial_images; static unsigned int __initdata nr_initial_images; diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index acef033143..a01354d933 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -56,7 +56,7 @@ static int reboot_mode; */ static enum reboot_type reboot_type = BOOT_INVALID; -static int __init set_reboot_type(const char *str) +static int __init cf_check set_reboot_type(const char *str) { int rc = 0; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index db27bc3f64..2d4cf5c7ef 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -68,7 +68,7 @@ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. static int8_t __initdata opt_srb_lock = -1; -static int __init parse_spec_ctrl(const char *s) +static int __init cf_check parse_spec_ctrl(const char *s) { const char *ss; int val, rc = 0; @@ -218,7 +218,7 @@ static __init void xpti_init_default(uint64_t caps) } } -static __init int parse_xpti(const char *s) +static int __init cf_check parse_xpti(const char *s) { const char *ss; int val, rc = 0; @@ -264,7 +264,7 @@ custom_param("xpti", parse_xpti); int8_t __read_mostly opt_pv_l1tf_hwdom = -1; int8_t __read_mostly opt_pv_l1tf_domu = -1; -static __init int parse_pv_l1tf(const char *s) +static int __init cf_check parse_pv_l1tf(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index bc41a3aa37..818a42a406 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2354,7 +2354,7 @@ int hwdom_pit_access(struct ioreq *ioreq) * tsc=skewed: Assume TSCs are individually reliable, but skewed across CPUs. * tsc=stable:socket: Assume TSCs are reliable across sockets. */ -static int __init tsc_parse(const char *s) +static int __init cf_check tsc_parse(const char *s) { if ( !strcmp(s, "unstable") ) { diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index be89741a2f..b156844cde 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -22,7 +22,7 @@ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; bool __read_mostly rtm_disabled; -static int __init parse_tsx(const char *s) +static int __init cf_check parse_tsx(const char *s) { int rc = 0, val = parse_bool(s, NULL); diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 7c3ed64b4c..2fa7f3f0bc 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -29,7 +29,7 @@ unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_MMCONF; -static int __init parse_mmcfg(const char *s) +static int __init cf_check parse_mmcfg(const char *s) { const char *ss; int rc = 0; diff --git a/xen/common/argo.c b/xen/common/argo.c index 1448faf657..297f6d11f0 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -78,7 +78,7 @@ DEFINE_COMPAT_HANDLE(compat_argo_iov_t); static bool __read_mostly opt_argo; static bool __read_mostly opt_argo_mac_permissive; -static int __init parse_argo(const char *s) +static int __init cf_check parse_argo(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 411106c675..aa432ed2f5 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -40,7 +40,7 @@ static enum core_parking_controller { PERFORMANCE_FIRST } core_parking_controller __initdata = POWER_FIRST; -static int __init setup_core_parking_option(const char *str) +static int __init cf_check setup_core_parking_option(const char *str) { if ( !strcmp(str, "power") ) core_parking_controller = POWER_FIRST; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index f3794b9453..29b11239f5 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -38,7 +38,7 @@ static bool debugtrace_buf_empty = true; static bool debugtrace_used; static DEFINE_SPINLOCK(debugtrace_lock); -static int __init debugtrace_parse_param(const char *s) +static int __init cf_check debugtrace_parse_param(const char *s) { unsigned long bytes; diff --git a/xen/common/domain.c b/xen/common/domain.c index ac2746d0d6..dacd03254c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -354,7 +354,7 @@ static int late_hwdom_init(struct domain *d) static unsigned int __read_mostly extra_hwdom_irqs; static unsigned int __read_mostly extra_domU_irqs = 32; -static int __init parse_extra_guest_irqs(const char *s) +static int __init cf_check parse_extra_guest_irqs(const char *s) { if ( isdigit(*s) ) extra_domU_irqs = simple_strtoul(s, &s, 0); diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 12fd0844bd..f31f68fd4c 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1417,7 +1417,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) static bool __initdata efi_map_uc; -static int __init parse_efi_param(const char *s) +static int __init cf_check parse_efi_param(const char *s) { const char *ss; int rc = 0, val; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 153332b7bf..b663845d9c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -117,12 +117,12 @@ static void update_gnttab_par(unsigned int val, struct param_hypfs *par, custom_runtime_set_var_sz(par, parval, GRANT_CUSTOM_VAL_SZ); } -static void __init gnttab_max_frames_init(struct param_hypfs *par) +static void __init cf_check gnttab_max_frames_init(struct param_hypfs *par) { update_gnttab_par(opt_max_grant_frames, par, opt_max_grant_frames_val); } -static void __init max_maptrack_frames_init(struct param_hypfs *par) +static void __init cf_check max_maptrack_frames_init(struct param_hypfs *par) { update_gnttab_par(opt_max_maptrack_frames, par, opt_max_maptrack_frames_val); @@ -156,23 +156,23 @@ static int parse_gnttab_limit(const char *arg, unsigned int *valp, return 0; } -static int parse_gnttab_max_frames(const char *arg); +static int cf_check parse_gnttab_max_frames(const char *arg); custom_runtime_param("gnttab_max_frames", parse_gnttab_max_frames, gnttab_max_frames_init); -static int parse_gnttab_max_frames(const char *arg) +static int cf_check parse_gnttab_max_frames(const char *arg) { return parse_gnttab_limit(arg, &opt_max_grant_frames, param_2_parfs(parse_gnttab_max_frames), opt_max_grant_frames_val); } -static int parse_gnttab_max_maptrack_frames(const char *arg); +static int cf_check parse_gnttab_max_maptrack_frames(const char *arg); custom_runtime_param("gnttab_max_maptrack_frames", parse_gnttab_max_maptrack_frames, max_maptrack_frames_init); -static int parse_gnttab_max_maptrack_frames(const char *arg) +static int cf_check parse_gnttab_max_maptrack_frames(const char *arg) { return parse_gnttab_limit(arg, &opt_max_maptrack_frames, param_2_parfs(parse_gnttab_max_maptrack_frames), @@ -191,7 +191,7 @@ static bool __ro_after_init opt_grant_transfer = true; #define opt_grant_transfer false #endif -static int __init parse_gnttab(const char *s) +static int __init cf_check parse_gnttab(const char *s) { const char *ss, *e; int val, rc = 0; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 8471590aee..6286c0bbf0 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -104,7 +104,7 @@ static void *crash_heap_current = NULL, *crash_heap_end = NULL; * < and below are synonyomous, the latter being useful for grub2 systems * which would otherwise require escaping of the < option */ -static int __init parse_crashkernel(const char *str) +static int __init cf_check parse_crashkernel(const char *str) { const char *cur; int rc = 0; @@ -201,7 +201,7 @@ custom_param("crashkernel", parse_crashkernel); * - all will allocate additional structures such as domain and vcpu structs * low so the crash kernel can perform an extended analysis of state. */ -static int __init parse_low_crashinfo(const char *str) +static int __init cf_check parse_low_crashinfo(const char *str) { if ( !strlen(str) ) @@ -230,7 +230,7 @@ custom_param("low_crashinfo", parse_low_crashinfo); * * will be rounded down to the nearest power of two. Defaults to 64G */ -static int __init parse_crashinfo_maxaddr(const char *str) +static int __init cf_check parse_crashinfo_maxaddr(const char *str) { u64 addr; const char *q; diff --git a/xen/common/memory.c b/xen/common/memory.c index 38732dde6f..ede45c4af9 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -62,7 +62,7 @@ static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif -static int __init parse_max_order(const char *s) +static int __init cf_check parse_max_order(const char *s) { if ( *s != ',' ) domu_max_order = simple_strtoul(s, &s, 0); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index f8749b0787..ad06655158 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -179,7 +179,7 @@ enum bootscrub_mode { * https://bugs.llvm.org/show_bug.cgi?id=39707 */ static enum bootscrub_mode __read_mostly opt_bootscrub = BOOTSCRUB_IDLE; -static int __init parse_bootscrub_param(const char *s) +static int __init cf_check parse_bootscrub_param(const char *s) { /* Interpret 'bootscrub' alone in its positive boolean form */ if ( *s == '\0' ) diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index 8c6e6eb9cc..f0dd626054 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -93,7 +93,7 @@ static int sched_gran_get(const char *str, enum sched_gran *mode) return -EINVAL; } -static int __init sched_select_granularity(const char *str) +static int __init cf_check sched_select_granularity(const char *str) { return sched_gran_get(str, &opt_sched_granularity); } diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index 6396b38e04..a5f073cda5 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -456,7 +456,7 @@ static const char *const opt_runqueue_str[] = { }; static int __read_mostly opt_runqueue = OPT_RUNQUEUE_SOCKET; -static int __init parse_credit2_runqueue(const char *s) +static int __init cf_check parse_credit2_runqueue(const char *s) { unsigned int i; diff --git a/xen/drivers/acpi/tables.c b/xen/drivers/acpi/tables.c index f39cd5eaac..96ff96b84c 100644 --- a/xen/drivers/acpi/tables.c +++ b/xen/drivers/acpi/tables.c @@ -472,7 +472,7 @@ int __init acpi_table_init(void) return 0; } -static int __init acpi_parse_apic_instance(const char *str) +static int __init cf_check acpi_parse_apic_instance(const char *str) { const char *q; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index a043e9521a..4694be83db 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -88,7 +88,7 @@ static const char con_timestamp_mode_2_string[][7] = { [TSM_RAW] = "raw", }; -static void con_timestamp_mode_upd(struct param_hypfs *par) +static void cf_check con_timestamp_mode_upd(struct param_hypfs *par) { const char *val = con_timestamp_mode_2_string[opt_con_timestamp_mode]; @@ -98,7 +98,7 @@ static void con_timestamp_mode_upd(struct param_hypfs *par) #define con_timestamp_mode_upd(par) #endif -static int parse_console_timestamps(const char *s); +static int cf_check parse_console_timestamps(const char *s); custom_runtime_param("console_timestamps", parse_console_timestamps, con_timestamp_mode_upd); @@ -160,8 +160,8 @@ static int __read_mostly xenlog_guest_upper_thresh = static int __read_mostly xenlog_guest_lower_thresh = XENLOG_GUEST_LOWER_THRESHOLD; -static int parse_loglvl(const char *s); -static int parse_guest_loglvl(const char *s); +static int cf_check parse_loglvl(const char *s); +static int cf_check parse_guest_loglvl(const char *s); #ifdef CONFIG_HYPFS #define LOGLVL_VAL_SZ 16 @@ -176,13 +176,13 @@ static void xenlog_update_val(int lower, int upper, char *val) snprintf(val, LOGLVL_VAL_SZ, "%s/%s", lvl2opt[lower], lvl2opt[upper]); } -static void __init xenlog_init(struct param_hypfs *par) +static void __init cf_check xenlog_init(struct param_hypfs *par) { xenlog_update_val(xenlog_lower_thresh, xenlog_upper_thresh, xenlog_val); custom_runtime_set_var(par, xenlog_val); } -static void __init xenlog_guest_init(struct param_hypfs *par) +static void __init cf_check xenlog_guest_init(struct param_hypfs *par) { xenlog_update_val(xenlog_guest_lower_thresh, xenlog_guest_upper_thresh, xenlog_guest_val); @@ -240,7 +240,7 @@ static int _parse_loglvl(const char *s, int *lower, int *upper, char *val) return *s ? -EINVAL : 0; } -static int parse_loglvl(const char *s) +static int cf_check parse_loglvl(const char *s) { int ret; @@ -251,7 +251,7 @@ static int parse_loglvl(const char *s) return ret; } -static int parse_guest_loglvl(const char *s) +static int cf_check parse_guest_loglvl(const char *s) { int ret; @@ -793,7 +793,7 @@ static int printk_prefix_check(char *p, char **pp) ((loglvl < upper_thresh) && printk_ratelimit())); } -static int parse_console_timestamps(const char *s) +static int cf_check parse_console_timestamps(const char *s) { switch ( parse_bool(s, NULL) ) { diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 419aae83ee..36b0792962 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -65,7 +65,7 @@ enum cpufreq_controller cpufreq_controller = FREQCTL_xen; static int __init cpufreq_cmdline_parse(const char *s); -static int __init setup_cpufreq_option(const char *str) +static int __init cf_check setup_cpufreq_option(const char *str) { const char *arg = strpbrk(str, ",:"); int choice; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index b07fa4c401..5ea2277328 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -704,7 +704,7 @@ static u16 __init parse_ivhd_device_extended_range( return dev_length; } -static int __init parse_ivrs_ioapic(const char *str) +static int __init cf_check parse_ivrs_ioapic(const char *str) { const char *s = str; unsigned long id; @@ -742,7 +742,7 @@ static int __init parse_ivrs_ioapic(const char *str) } custom_param("ivrs_ioapic[", parse_ivrs_ioapic); -static int __init parse_ivrs_hpet(const char *str) +static int __init cf_check parse_ivrs_hpet(const char *str) { const char *s = str; unsigned long id; @@ -1369,7 +1369,7 @@ int __init amd_iommu_get_supported_ivhd_type(void) * Format: * ivmd=[-][=[-'][,[-'][,...]]][;...] */ -static int __init parse_ivmd_param(const char *s) +static int __init cf_check parse_ivmd_param(const char *s) { do { unsigned long start, end; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index fc18f63bd4..6ee267d2bf 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -64,7 +64,7 @@ bool_t __read_mostly amd_iommu_perdev_intremap = 1; DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); -static int __init parse_iommu_param(const char *s) +static int __init cf_check parse_iommu_param(const char *s) { const char *ss; int val, rc = 0; @@ -135,7 +135,7 @@ static int __init parse_iommu_param(const char *s) } custom_param("iommu", parse_iommu_param); -static int __init parse_dom0_iommu_param(const char *s) +static int __init cf_check parse_dom0_iommu_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 70b6684981..4b59b332f0 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -146,7 +146,7 @@ static struct phantom_dev { } phantom_devs[8]; static unsigned int nr_phantom_devs; -static int __init parse_phantom_dev(const char *str) +static int __init cf_check parse_phantom_dev(const char *str) { const char *s; unsigned int seg, bus, slot; @@ -182,7 +182,7 @@ custom_param("pci-phantom", parse_phantom_dev); static u16 __read_mostly command_mask; static u16 __read_mostly bridge_ctl_mask; -static int __init parse_pci_param(const char *s) +static int __init cf_check parse_pci_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 33a12b2ae9..b152f3da91 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -1084,7 +1084,7 @@ int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) * If a segment is specified for other than the first device, and it does not * match the one specified for the first one, an error will be reported. */ -static int __init parse_rmrr_param(const char *str) +static int __init cf_check parse_rmrr_param(const char *str) { const char *s = str, *cur, *stmp; unsigned int seg, bus, dev, func, dev_count; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 52b47dd893..0590ddeea7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -308,7 +308,7 @@ void vtd_ops_postamble_quirk(struct vtd_iommu *iommu) } } -static int __init parse_snb_timeout(const char *s) +static int __init cf_check parse_snb_timeout(const char *s) { int t; const char *q = NULL; diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 0342a3dede..c8f81a5cc5 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -29,7 +29,7 @@ integer_param("vesa-ram", vram_total); static unsigned int __initdata vram_remap; static unsigned int __initdata font_height; -static int __init parse_font_height(const char *s) +static int __init cf_check parse_font_height(const char *s) { if ( simple_strtoul(s, &s, 10) == 8 && (*s++ == 'x') ) font_height = simple_strtoul(s, &s, 10); diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index bb3bebc30e..2d7ca3abae 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -28,8 +28,6 @@ #define _copy_from_guest copy_from_guest enum flask_bootparam_t __read_mostly flask_bootparam = FLASK_BOOTPARAM_ENFORCING; -static int parse_flask_param(const char *s); -custom_param("flask", parse_flask_param); bool __read_mostly flask_enforcing = true; @@ -60,7 +58,7 @@ static int flask_security_make_bools(void); extern int ss_initialized; -static int __init parse_flask_param(const char *s) +static int __init cf_check parse_flask_param(const char *s) { if ( !strcmp(s, "enforcing") ) flask_bootparam = FLASK_BOOTPARAM_ENFORCING; @@ -75,6 +73,7 @@ static int __init parse_flask_param(const char *s) return (flask_bootparam == FLASK_BOOTPARAM_INVALID) ? -EINVAL : 0; } +custom_param("flask", parse_flask_param); static int domain_has_security(struct domain *d, u32 perms) { diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 5fc3a5f754..2286a502e3 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -55,7 +55,7 @@ static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY; #endif -static int __init parse_xsm_param(const char *s) +static int __init cf_check parse_xsm_param(const char *s) { int rc = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277588.474168 (Exim 4.92) (envelope-from ) id 1nMuFg-0003xl-7H; Wed, 23 Feb 2022 16:12:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277588.474168; Wed, 23 Feb 2022 16:12:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFg-0003xc-41; Wed, 23 Feb 2022 16:12:28 +0000 Received: by outflank-mailman (input) for mailman id 277588; Wed, 23 Feb 2022 16:12:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFe-0003x7-HN for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFe-00056i-Ga for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuFe-0003fg-Fq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TyknL+8SLxXjlWo7M8D6BVlu6f4GaqgyEuUa2XHNJWU=; b=xAHjDtFK79XeLQmzJe2azRbDzs 6INR4O6prQEQThx/xXf1CTmSHbFjCZtqrYVtwhYsDOaanXG+v7+WQa5TdCocgneps5Fokk3otKpxn De8CapMmW0+4zY84TJoSVY3H8FsXK62LKSWrW6uDMUdT12vLrUfbgVtHmAaQy028KC88=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for __initcall() Message-Id: Date: Wed, 23 Feb 2022 16:12:26 +0000 commit 7629460eeb8487de8a13fefe6b73716cc0cdeafe Author: Andrew Cooper AuthorDate: Thu Oct 28 10:24:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for __initcall() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 4 ++-- xen/arch/x86/acpi/cpufreq/cpufreq.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/mtrr/main.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/domain.c | 2 +- xen/arch/x86/extable.c | 2 +- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/arch/x86/hvm/irq.c | 2 +- xen/arch/x86/hvm/mtrr.c | 2 +- xen/arch/x86/hvm/nestedhvm.c | 3 +-- xen/arch/x86/hvm/quirks.c | 2 +- xen/arch/x86/include/asm/hvm/save.h | 2 +- xen/arch/x86/ioport_emulate.c | 4 ++-- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/mm/shadow/common.c | 4 ++-- xen/arch/x86/msi.c | 2 +- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/numa.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/pv/domain.c | 2 +- xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/time.c | 8 ++++---- xen/common/core_parking.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/gdbstub.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/kernel.c | 4 ++-- xen/common/kexec.c | 2 +- xen/common/livepatch.c | 2 +- xen/common/page_alloc.c | 4 ++-- xen/common/radix-tree.c | 2 +- xen/common/random.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/spinlock.c | 2 +- xen/common/stop_machine.c | 2 +- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/cpufreq/cpufreq_misc_governors.c | 6 +++--- xen/drivers/cpufreq/cpufreq_ondemand.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 2 +- xen/drivers/passthrough/pci.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 48 files changed, 60 insertions(+), 61 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 5d73eb5917..7902ccce6b 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -410,7 +410,7 @@ static void dump_cx(unsigned char key) } } -static int __init cpu_idle_key_init(void) +static int __init cf_check cpu_idle_key_init(void) { register_keyhandler('c', dump_cx, "dump ACPI Cx structures", 1); return 0; @@ -1655,7 +1655,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpuidle_presmp_init(void) +static int __init cf_check cpuidle_presmp_init(void) { void *cpu = (void *)(long)smp_processor_id(); diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 029c9398c4..9510f05340 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -630,7 +630,7 @@ static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { .exit = acpi_cpufreq_cpu_exit, }; -static int __init cpufreq_driver_init(void) +static int __init cf_check cpufreq_driver_init(void) { int ret = 0; diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index ec52d37c96..2679c220a8 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -86,7 +86,7 @@ static void mce_work_fn(void *data) adjust = 0; } -static int __init init_nonfatal_mce_checker(void) +static int __init cf_check init_nonfatal_mce_checker(void) { struct cpuinfo_x86 *c = &boot_cpu_data; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 95d35ca0f3..46f55fe7f1 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -696,7 +696,7 @@ int microcode_update(XEN_GUEST_HANDLE(const_void) buf, unsigned long len) microcode_update_helper, buffer); } -static int __init microcode_init(void) +static int __init cf_check microcode_init(void) { /* * At this point, all CPUs should have updated their microcode diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index e9df53f00d..428133100d 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -632,7 +632,7 @@ void mtrr_bp_restore(void) mtrr_if->set_all(); } -static int __init mtrr_init_finialize(void) +static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index b10d6e2eb4..9fc897dc84 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -844,7 +844,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init vpmu_init(void) +static int __init cf_check vpmu_init(void) { int vendor = current_cpu_data.x86_vendor; const struct arch_vpmu_ops *ops = NULL; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9835f90ea0..36748f67da 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2533,7 +2533,7 @@ static void vcpu_kick_softirq(void) */ } -static int __init init_vcpu_kick_softirq(void) +static int __init cf_check init_vcpu_kick_softirq(void) { open_softirq(VCPU_KICK_SOFTIRQ, vcpu_kick_softirq); return 0; diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 78d6727225..51ef863d78 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -126,7 +126,7 @@ search_exception_table(const struct cpu_user_regs *regs) #ifndef NDEBUG #include -static int __init stub_selftest(void) +static int __init cf_check stub_selftest(void) { static const struct { uint8_t opc[4]; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4e685c1b0c..2ae1685d0a 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -164,7 +164,7 @@ static bool __init hap_supported(struct hvm_function_table *fns) return true; } -static int __init hvm_enable(void) +static int __init cf_check hvm_enable(void) { const struct hvm_function_table *fns = NULL; @@ -1506,7 +1506,7 @@ static int hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) /* We need variable length data chunks for XSAVE area and MSRs, hence * a custom declaration rather than HVM_REGISTER_SAVE_RESTORE. */ -static int __init hvm_register_CPU_save_and_restore(void) +static int __init cf_check hvm_register_CPU_save_and_restore(void) { hvm_register_savevm(CPU_XSAVE_CODE, "CPU_XSAVE", diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 52aae4565f..6045c9149b 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -650,7 +650,7 @@ static void dump_irq_info(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static int __init dump_irq_info_key_init(void) +static int __init cf_check dump_irq_info_key_init(void) { register_keyhandler('I', dump_irq_info, "dump HVM irq info", 1); return 0; diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index 4a9f3177ed..b3ef1bf541 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -75,7 +75,7 @@ static uint8_t __read_mostly mtrr_epat_tbl[MTRR_NUM_TYPES][MEMORY_NUM_TYPES] = static uint8_t __read_mostly pat_entry_tbl[PAT_TYPE_NUMS] = { [0 ... PAT_TYPE_NUMS-1] = INVALID_MEM_TYPE }; -static int __init hvm_mtrr_pat_init(void) +static int __init cf_check hvm_mtrr_pat_init(void) { unsigned int i, j; diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 5021da667a..2351688448 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -125,8 +125,7 @@ nestedhvm_vmcx_flushtlb(struct p2m_domain *p2m) * iomap[2] set set */ -static int __init -nestedhvm_setup(void) +static int __init cf_check nestedhvm_setup(void) { /* Same format and size as hvm_io_bitmap (Intel needs only 2 pages). */ unsigned nr = cpu_has_vmx ? 2 : 3; diff --git a/xen/arch/x86/hvm/quirks.c b/xen/arch/x86/hvm/quirks.c index 54cc66c382..917356b131 100644 --- a/xen/arch/x86/hvm/quirks.c +++ b/xen/arch/x86/hvm/quirks.c @@ -36,7 +36,7 @@ static int __init dmi_hvm_deny_port80(const struct dmi_system_id *id) return 0; } -static int __init check_port80(void) +static int __init cf_check check_port80(void) { /* * Quirk table for systems that misbehave (lock up, etc.) if port diff --git a/xen/arch/x86/include/asm/hvm/save.h b/xen/arch/x86/include/asm/hvm/save.h index 4efc535055..e975011ddb 100644 --- a/xen/arch/x86/include/asm/hvm/save.h +++ b/xen/arch/x86/include/asm/hvm/save.h @@ -115,7 +115,7 @@ void hvm_register_savevm(uint16_t typecode, /* Syntactic sugar around that function: specify the max number of * saves, and this calculates the size of buffer needed */ #define HVM_REGISTER_SAVE_RESTORE(_x, _save, _load, _num, _k) \ -static int __init __hvm_register_##_x##_save_and_restore(void) \ +static int __init cf_check __hvm_register_##_x##_save_and_restore(void) \ { \ hvm_register_savevm(HVM_SAVE_CODE(_x), \ #_x, \ diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index cf1f3f9229..6caeb3d470 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -11,7 +11,7 @@ unsigned int (*__read_mostly ioemul_handle_quirk)( uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); -static unsigned int ioemul_handle_proliant_quirk( +static unsigned int cf_check ioemul_handle_proliant_quirk( u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) { static const char stub[] = { @@ -100,7 +100,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { { } }; -static int __init ioport_quirks_init(void) +static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) ioemul_handle_quirk = ioemul_handle_proliant_quirk; diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 84b174d0f5..bcf46cd54d 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -954,7 +954,7 @@ static void irq_ratelimit_timer_fn(void *data) spin_unlock_irqrestore(&irq_ratelimit_lock, flags); } -static int __init irq_ratelimit_init(void) +static int __init cf_check irq_ratelimit_init(void) { if ( irq_ratelimit_threshold ) init_timer(&irq_ratelimit_timer, irq_ratelimit_timer_fn, NULL, 0); @@ -2504,7 +2504,7 @@ static void dump_irqs(unsigned char key) dump_ioapic_irq_info(); } -static int __init setup_dump_irqs(void) +static int __init cf_check setup_dump_irqs(void) { /* In lieu of being able to live in init_irq_data(). */ BUILD_BUG_ON(sizeof(irq_max_guests) > diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 6221630fc2..b8730a9441 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -105,7 +105,7 @@ static void shadow_audit_key(unsigned char key) __func__, shadow_audit_enable); } -static int __init shadow_audit_key_init(void) +static int __init cf_check shadow_audit_key_init(void) { register_keyhandler('O', shadow_audit_key, "toggle shadow audits", 0); return 0; @@ -1057,7 +1057,7 @@ static void shadow_blow_all_tables(unsigned char c) } /* Register this function in the Xen console keypress table */ -static __init int shadow_blow_tables_keyhandler_init(void) +static int __init cf_check shadow_blow_tables_keyhandler_init(void) { register_keyhandler('S', shadow_blow_all_tables, "reset shadow pagetables", 1); return 0; diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 5febc0ea4b..d1497254b1 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1485,7 +1485,7 @@ static void dump_msi(unsigned char key) vpci_dump_msi(); } -static int __init msi_setup_keyhandler(void) +static int __init cf_check msi_setup_keyhandler(void) { register_keyhandler('M', dump_msi, "dump MSI state", 1); return 0; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 515a3633e5..b112921b39 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -605,7 +605,7 @@ static void do_nmi_stats(unsigned char key) printk("%pv: NMI neither pending nor masked\n", v); } -static __init int register_nmi_trigger(void) +static int __init cf_check register_nmi_trigger(void) { register_keyhandler('N', do_nmi_trigger, "trigger an NMI", 0); register_keyhandler('n', do_nmi_stats, "NMI statistics", 1); diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 6be5a0c933..5de9db4e99 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -504,7 +504,7 @@ static void dump_numa(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static __init int register_numa_trigger(void) +static int __init cf_check register_numa_trigger(void) { register_keyhandler('u', dump_numa, "dump NUMA info", 1); return 0; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index 7842d95b95..ba9c4b9804 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -388,7 +388,7 @@ static int __init arch_perfmon_init(char **cpu_type) return 1; } -static int __init nmi_init(void) +static int __init cf_check nmi_init(void) { __u8 vendor = current_cpu_data.x86_vendor; __u8 family = current_cpu_data.x86; diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index 5ea14b6ec3..0e0b6577ca 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -94,7 +94,7 @@ static struct notifier_block cpu_percpu_nfb = { .priority = 100 /* highest priority */ }; -static int __init percpu_presmp_init(void) +static int __init cf_check percpu_presmp_init(void) { register_cpu_notifier(&cpu_percpu_nfb); diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 56916344cb..9a3670afc3 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1675,7 +1675,7 @@ static struct notifier_block cpu_nfb = { .priority = -1 }; -static int __init psr_presmp_init(void) +static int __init cf_check psr_presmp_init(void) { if ( (opt_psr & PSR_CMT) && opt_rmid_max ) init_psr_cmt(opt_rmid_max); diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 125c4561a7..55146c15c8 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -167,7 +167,7 @@ unsigned long pv_fixup_guest_cr4(const struct vcpu *v, unsigned long cr4) static int8_t __read_mostly opt_global_pages = -1; boolean_runtime_param("global-pages", opt_global_pages); -static int __init pge_init(void) +static int __init cf_check pge_init(void) { if ( opt_global_pages == -1 ) opt_global_pages = !cpu_has_hypervisor || diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index a01354d933..ad3e3a7691 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -533,7 +533,7 @@ static const struct dmi_system_id __initconstrel reboot_dmi_table[] = { { } }; -static int __init reboot_init(void) +static int __init cf_check reboot_init(void) { /* * Only do the DMI check if reboot_type hasn't been overridden diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 818a42a406..b94aa8f216 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -537,7 +537,7 @@ static struct platform_timesource __initdata plt_pmtimer = static struct time_scale __read_mostly pmt_scale; -static __init int init_pmtmr_scale(void) +static __init int cf_check init_pmtmr_scale(void) { set_time_scale(&pmt_scale, ACPI_PM_FREQUENCY); return 0; @@ -2051,7 +2051,7 @@ static void __init try_platform_timer_tail(void) } /* Late init function, after all cpus have booted */ -static int __init verify_tsc_reliability(void) +static int __init cf_check verify_tsc_reliability(void) { if ( boot_cpu_has(X86_FEATURE_TSC_RELIABLE) ) { @@ -2221,7 +2221,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) return ret; } -static int __init disable_pit_irq(void) +static int __init cf_check disable_pit_irq(void) { if ( !_disable_pit_irq(hpet_broadcast_init) ) { @@ -2584,7 +2584,7 @@ static void dump_softtsc(unsigned char key) printk("No domains have emulated TSC\n"); } -static int __init setup_dump_softtsc(void) +static int __init cf_check setup_dump_softtsc(void) { register_keyhandler('s', dump_softtsc, "dump softtsc stats", 1); return 0; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index aa432ed2f5..44a907abfd 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -258,7 +258,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) return 0; } -static int __init core_parking_init(void) +static int __init cf_check core_parking_init(void) { int ret = 0; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index 29b11239f5..f3c0fd8aa1 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -279,7 +279,7 @@ static struct notifier_block debugtrace_nfb = { .notifier_call = debugtrace_cpu_callback }; -static int __init debugtrace_init(void) +static int __init cf_check debugtrace_init(void) { unsigned int cpu; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index a5ee8b8ebf..2026bc30dc 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1642,7 +1642,7 @@ static void dump_evtchn_info(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static int __init dump_evtchn_info_key_init(void) +static int __init cf_check dump_evtchn_info_key_init(void) { register_keyhandler('e', dump_evtchn_info, "dump evtchn info", 1); return 0; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 848c1f4327..99bfd9a654 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -640,7 +640,7 @@ __trap_to_gdb(struct cpu_user_regs *regs, unsigned long cookie) return rc; } -static int __init initialise_gdb(void) +static int __init cf_check initialise_gdb(void) { if ( *opt_gdb == '\0' ) return 0; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b663845d9c..1078e3e16c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4291,7 +4291,7 @@ static void gnttab_usage_print_all(unsigned char key) printk("%s ] done\n", __func__); } -static int __init gnttab_usage_init(void) +static int __init cf_check gnttab_usage_init(void) { register_keyhandler('g', gnttab_usage_print_all, "print grant table usage", 1); diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 752c2e0dae..adff2d2c77 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -393,7 +393,7 @@ static HYPFS_STRING_INIT(extra, "extra"); static HYPFS_STRING_INIT(config, "config"); #endif -static int __init buildinfo_init(void) +static int __init cf_check buildinfo_init(void) { hypfs_add_dir(&hypfs_root, &buildinfo, true); @@ -431,7 +431,7 @@ __initcall(buildinfo_init); static HYPFS_DIR_INIT(params, "params"); -static int __init param_init(void) +static int __init cf_check param_init(void) { struct param_hypfs *param; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 6286c0bbf0..36384f782d 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -570,7 +570,7 @@ void __init kexec_early_calculations(void) crashinfo_maxaddr_bits = fls64(crashinfo_maxaddr) - 1; } -static int __init kexec_init(void) +static int __init cf_check kexec_init(void) { void *cpu = (void *)(unsigned long)smp_processor_id(); diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..33708b4e23 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2139,7 +2139,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init livepatch_init(void) +static int __init cf_check livepatch_init(void) { unsigned int cpu; diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index ad06655158..561e238d2d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2549,7 +2549,7 @@ static void pagealloc_info(unsigned char key) printk(" Dom heap: %lukB free\n", total << (PAGE_SHIFT-10)); } -static __init int pagealloc_keyhandler_init(void) +static __init int cf_check pagealloc_keyhandler_init(void) { register_keyhandler('m', pagealloc_info, "memory info", 1); return 0; @@ -2597,7 +2597,7 @@ static void dump_heap(unsigned char key) } } -static __init int register_heap_trigger(void) +static __init int cf_check register_heap_trigger(void) { register_keyhandler('H', dump_heap, "dump heap info", 1); return 0; diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 2384655a2e..628a7e0698 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -744,7 +744,7 @@ static __init unsigned long __maxindex(unsigned int height) return ~0UL >> shift; } -static __init int radix_tree_init_maxindex(void) +static int __init cf_check radix_tree_init_maxindex(void) { unsigned int i; diff --git a/xen/common/random.c b/xen/common/random.c index fb805b0ecd..a29f2fcb99 100644 --- a/xen/common/random.c +++ b/xen/common/random.c @@ -31,7 +31,7 @@ unsigned int get_random(void) return val; } -static int __init init_boot_random(void) +static int __init cf_check init_boot_random(void) { boot_random = get_random(); return 0; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index f0dd626054..f26c7f2895 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1218,7 +1218,7 @@ static void cpupool_hypfs_init(void) #endif /* CONFIG_HYPFS */ -static int __init cpupool_init(void) +static int __init cf_check cpupool_init(void) { unsigned int cpu; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index b90981bb27..5ce7e33638 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -508,7 +508,7 @@ void _lock_profile_deregister_struct( spin_unlock(&lock_profile_lock); } -static int __init lock_prof_init(void) +static int __init cf_check lock_prof_init(void) { struct lock_profile **q; diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index 2d5f6aef61..8979d553d6 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -198,7 +198,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpu_stopmachine_init(void) +static int __init cf_check cpu_stopmachine_init(void) { unsigned int cpu; for_each_online_cpu ( cpu ) diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 36b0792962..e55e202d5a 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -657,7 +657,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpufreq_presmp_init(void) +static int __init cf_check cpufreq_presmp_init(void) { register_cpu_notifier(&cpu_nfb); return 0; diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index 746bbcd5ff..8343f491da 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -116,7 +116,7 @@ struct cpufreq_governor cpufreq_gov_userspace = { .handle_option = cpufreq_userspace_handle_option }; -static int __init cpufreq_gov_userspace_init(void) +static int __init cf_check cpufreq_gov_userspace_init(void) { unsigned int cpu; @@ -160,7 +160,7 @@ struct cpufreq_governor cpufreq_gov_performance = { .governor = cpufreq_governor_performance, }; -static int __init cpufreq_gov_performance_init(void) +static int __init cf_check cpufreq_gov_performance_init(void) { return cpufreq_register_governor(&cpufreq_gov_performance); } @@ -199,7 +199,7 @@ struct cpufreq_governor cpufreq_gov_powersave = { .governor = cpufreq_governor_powersave, }; -static int __init cpufreq_gov_powersave_init(void) +static int __init cf_check cpufreq_gov_powersave_init(void) { return cpufreq_register_governor(&cpufreq_gov_powersave); } diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index 6b905d7cfc..cabd9ffa88 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -356,7 +356,7 @@ struct cpufreq_governor cpufreq_gov_dbs = { .handle_option = cpufreq_dbs_handle_option }; -static int __init cpufreq_gov_dbs_init(void) +static int __init cf_check cpufreq_gov_dbs_init(void) { return cpufreq_register_governor(&cpufreq_gov_dbs); } diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 93243424e8..04517c1a02 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -234,7 +234,7 @@ int amd_iommu_prepare(bool xt); int amd_iommu_init(bool xt); int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int iov_adjust_irq_affinities(void); +int cf_check iov_adjust_irq_affinities(void); int amd_iommu_quarantine_init(struct domain *d); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 559a734bda..f1ed755582 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -808,7 +808,7 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) return 1; } -int iov_adjust_irq_affinities(void) +int cf_check iov_adjust_irq_affinities(void) { const struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 4b59b332f0..9f79a01608 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1358,7 +1358,7 @@ static void dump_pci_devices(unsigned char ch) pcidevs_unlock(); } -static int __init setup_dump_pcidevs(void) +static int __init cf_check setup_dump_pcidevs(void) { register_keyhandler('Q', dump_pci_devices, "dump PCI devices", 1); return 0; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 0fc818fd27..6ed32922c4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2106,7 +2106,7 @@ static void adjust_irq_affinity(struct acpi_drhd_unit *drhd) spin_unlock_irqrestore(&desc->lock, flags); } -static int adjust_vtd_irq_affinities(void) +static int cf_check adjust_vtd_irq_affinities(void) { struct acpi_drhd_unit *drhd; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0b37cd145b..e5a2c58303 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1076,7 +1076,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback, }; -static int __init setup_dpci_softirq(void) +static int __init cf_check setup_dpci_softirq(void) { unsigned int cpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277590.474173 (Exim 4.92) (envelope-from ) id 1nMuFp-00045R-B5; Wed, 23 Feb 2022 16:12:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277590.474173; Wed, 23 Feb 2022 16:12:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFp-00045H-7E; Wed, 23 Feb 2022 16:12:37 +0000 Received: by outflank-mailman (input) for mailman id 277590; Wed, 23 Feb 2022 16:12:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFo-000452-M2 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFo-00056m-L9 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuFo-0003gY-KF for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GNapm0+hdvE370uXM0rqwKYhlhavo8to5ZdoRkflMvU=; b=g+Z7uq/VhzfZZuloSb3YOpqSOw brMM0F8O4to9Es69usHWpaU5lLTyOzVq7bs1210rERNnY11QC0wm5eRAcRa30d7Ld1M1ppxL6w/Eo +NDy9mV3oNLh3VL0rjJk3TuO3IvcuV2i1zMv8+keuFwRbs7Ix/IzhWjzS9knnZ4ZduuY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for notifier callbacks Message-Id: Date: Wed, 23 Feb 2022 16:12:36 +0000 commit 22939d3c83da3f94c612b1f49f6f91f11ee3490d Author: Andrew Cooper AuthorDate: Fri Oct 29 10:11:55 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for notifier callbacks Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +- xen/arch/x86/cpu/mwait-idle.c | 4 ++-- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/genapic/x2apic.c | 2 +- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/common/debugtrace.c | 4 ++-- xen/common/kexec.c | 2 +- xen/common/livepatch.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/stop_machine.c | 2 +- xen/common/tasklet.c | 2 +- xen/common/timer.c | 2 +- xen/common/trace.c | 2 +- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/cpufreq/cpufreq_misc_governors.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 24 files changed, 26 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 7902ccce6b..fb47eb9ad6 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -1622,7 +1622,7 @@ bool cpuidle_using_deep_cstate(void) : ACPI_STATE_C1); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index ea86d84481..a449fa0424 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -733,7 +733,7 @@ static int cpu_bank_alloc(unsigned int cpu) return 0; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index d63d6083d3..b6da8262e6 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -931,7 +931,7 @@ static int cpu_mcabank_alloc(unsigned int cpu) return -ENOMEM; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 24d073d315..fe1b7af25f 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -1275,8 +1275,8 @@ static int __init mwait_idle_probe(void) return 0; } -static int mwait_idle_cpu_init(struct notifier_block *nfb, - unsigned long action, void *hcpu) +static int cf_check mwait_idle_cpu_init( + struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu, cstate; struct acpi_processor_power *dev = processor_powers[cpu]; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 9fc897dc84..df3c9201b2 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -817,7 +817,7 @@ long cf_check do_xenpmu_op( return ret; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index 9064a0ca46..bd44bb7539 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -187,7 +187,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { .send_IPI_self = send_IPI_self_x2apic }; -static int update_clusterinfo( +static int cf_check update_clusterinfo( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 2ae1685d0a..0a19353068 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -117,7 +117,7 @@ static const char __initconst warning_hvm_fep[] = static bool_t __initdata opt_altp2m_enabled = 0; boolean_param("altp2m", opt_altp2m_enabled); -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index b112921b39..d6018f0c42 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -427,7 +427,7 @@ void setup_apic_nmi_watchdog(void) nmi_active = 1; } -static int cpu_nmi_callback( +static int cf_check cpu_nmi_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index 0e0b6577ca..eb3ba7bc88 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -63,7 +63,7 @@ static void free_percpu_area(unsigned int cpu) call_rcu(&info->rcu, _free_percpu_area); } -static int cpu_percpu_callback( +static int cf_check cpu_percpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 9a3670afc3..5b9991bd5b 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1642,7 +1642,7 @@ static void psr_cpu_fini(unsigned int cpu) free_socket_resources(socket); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { int rc = 0; diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 335129a010..709704d71a 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1112,7 +1112,7 @@ static int cpu_smpboot_alloc(unsigned int cpu) return rc; } -static int cpu_smpboot_callback( +static int cf_check cpu_smpboot_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index f3c0fd8aa1..160d00b796 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -263,8 +263,8 @@ static void debugtrace_alloc_buffer(struct debugtrace_data **ptr, *ptr = data; } -static int debugtrace_cpu_callback(struct notifier_block *nfb, - unsigned long action, void *hcpu) +static int cf_check debugtrace_cpu_callback( + struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 36384f782d..3b223cd03d 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -531,7 +531,7 @@ static int kexec_init_cpu_notes(const unsigned long cpu) return ret; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned long cpu = (unsigned long)hcpu; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 33708b4e23..701efd87a1 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2124,7 +2124,7 @@ static void livepatch_printall(unsigned char key) spin_unlock(&payload_lock); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index a5a27af3de..2ec5606de5 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -641,7 +641,7 @@ static void rcu_init_percpu_data(int cpu, struct rcu_ctrlblk *rcp, init_timer(&rdp->idle_timer, rcu_idle_timer_handler, rdp, cpu); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6c1ee7879a..fbd2dfb59b 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2839,7 +2839,7 @@ void sched_rm_cpu(unsigned int cpu) cpu_schedule_down(cpu); } -static int cpu_schedule_callback( +static int cf_check cpu_schedule_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index f26c7f2895..e5cfb03b85 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -985,7 +985,7 @@ void dump_runq(unsigned char key) spin_unlock(&cpupool_lock); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index 8979d553d6..a122bd4afe 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -182,7 +182,7 @@ static void stopmachine_action(void *data) local_irq_enable(); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/tasklet.c b/xen/common/tasklet.c index ac89511a09..1b16bbcdeb 100644 --- a/xen/common/tasklet.c +++ b/xen/common/tasklet.c @@ -214,7 +214,7 @@ void softirq_tasklet_init(struct tasklet *t, void (*func)(void *), void *data) t->is_softirq = 1; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/timer.c b/xen/common/timer.c index 1bb265ceea..b788050ea1 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -637,7 +637,7 @@ static void free_percpu_timers(unsigned int cpu) ASSERT(ts->heap == dummy_heap); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/trace.c b/xen/common/trace.c index 61fecc2b2b..b5358508f8 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -79,7 +79,7 @@ static u32 tb_event_mask = TRC_ALL; * i.e., sizeof(_type) * ans >= _x. */ #define fit_to_type(_type, _x) (((_x)+sizeof(_type)-1) / sizeof(_type)) -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index e55e202d5a..a94520ee57 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -632,7 +632,7 @@ static int __init cpufreq_cmdline_parse(const char *s) return rc; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index 8343f491da..ad79d0f5d2 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -91,7 +91,7 @@ cpufreq_userspace_handle_option(const char *name, const char *val) return 0; } -static int cpufreq_userspace_cpu_callback( +static int cf_check cpufreq_userspace_cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index e5a2c58303..527bd6a56d 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1046,7 +1046,7 @@ static void dpci_softirq(void) } } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277591.474176 (Exim 4.92) (envelope-from ) id 1nMuFz-00049g-Bt; Wed, 23 Feb 2022 16:12:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277591.474176; Wed, 23 Feb 2022 16:12:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFz-00049Y-8n; Wed, 23 Feb 2022 16:12:47 +0000 Received: by outflank-mailman (input) for mailman id 277591; Wed, 23 Feb 2022 16:12:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFy-00049M-PN for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuFy-00056x-OZ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuFy-0003hD-Ns for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TYm0lGLKkZJV44Sf2Wbh0wL1u4j/EgSLbXAhhhH4zmw=; b=RgPy1Vpspwc6PH82gEJ4Qk1Lye +hZRkbwYfZycwxMEVpDLkpUBciEXfU1zO3tHua9XBHgHC7VdL1Dk9R5Xc58oSv/9s+1FSSvZ8o2qf I76bpOPZqg2BZYqCIYrlgGhu7wqh+/gBB6c2qllw6p1IwWC0xtf1N3sOMOE/W8oOMggM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for acpi_table_parse() Message-Id: Date: Wed, 23 Feb 2022 16:12:46 +0000 commit 56773dfd5d89a0291249694974d26c624c14421e Author: Andrew Cooper AuthorDate: Thu Oct 28 11:30:00 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for acpi_table_parse() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/boot.c | 24 ++++++++++++------------ xen/arch/x86/hvm/dom0_build.c | 16 ++++++++-------- xen/arch/x86/include/asm/tboot.h | 2 +- xen/arch/x86/srat.c | 4 ++-- xen/arch/x86/tboot.c | 2 +- xen/arch/x86/x86_64/acpi_mmcfg.c | 2 +- xen/arch/x86/x86_64/mmconfig.h | 2 +- xen/drivers/acpi/apei/hest.c | 4 ++-- xen/drivers/acpi/numa.c | 10 +++++----- xen/drivers/passthrough/amd/iommu_acpi.c | 9 +++++---- xen/drivers/passthrough/pci.c | 3 ++- xen/drivers/passthrough/vtd/dmar.c | 2 +- xen/include/xen/acpi.h | 2 +- 13 files changed, 42 insertions(+), 40 deletions(-) diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c index cc4bbc0284..54b72d716b 100644 --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -60,7 +60,7 @@ static u64 acpi_lapic_addr __initdata = APIC_DEFAULT_PHYS_BASE; Boot-time Configuration -------------------------------------------------------------------------- */ -static int __init acpi_parse_madt(struct acpi_table_header *table) +static int __init cf_check acpi_parse_madt(struct acpi_table_header *table) { struct acpi_table_madt *madt = container_of(table, struct acpi_table_madt, header); @@ -77,7 +77,7 @@ static int __init acpi_parse_madt(struct acpi_table_header *table) return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic(struct acpi_subtable_header *header, const unsigned long end) { struct acpi_madt_local_x2apic *processor = @@ -133,7 +133,7 @@ acpi_parse_x2apic(struct acpi_subtable_header *header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_lapic(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_local_apic *processor = @@ -171,7 +171,7 @@ acpi_parse_lapic(struct acpi_subtable_header * header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_lapic_addr_ovr(struct acpi_subtable_header * header, const unsigned long end) { @@ -187,7 +187,7 @@ acpi_parse_lapic_addr_ovr(struct acpi_subtable_header * header, return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic_nmi(struct acpi_subtable_header *header, const unsigned long end) { @@ -206,7 +206,7 @@ acpi_parse_x2apic_nmi(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_lapic_nmi(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_local_apic_nmi *lapic_nmi = @@ -223,7 +223,7 @@ acpi_parse_lapic_nmi(struct acpi_subtable_header * header, const unsigned long e return 0; } -static int __init +static int __init cf_check acpi_parse_ioapic(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_io_apic *ioapic = @@ -240,7 +240,7 @@ acpi_parse_ioapic(struct acpi_subtable_header * header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_int_src_ovr(struct acpi_subtable_header * header, const unsigned long end) { @@ -267,7 +267,7 @@ acpi_parse_int_src_ovr(struct acpi_subtable_header * header, return 0; } -static int __init +static int __init cf_check acpi_parse_nmi_src(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_nmi_source *nmi_src = @@ -283,7 +283,7 @@ acpi_parse_nmi_src(struct acpi_subtable_header * header, const unsigned long end return 0; } -static int __init acpi_parse_hpet(struct acpi_table_header *table) +static int __init cf_check acpi_parse_hpet(struct acpi_table_header *table) { const struct acpi_table_hpet *hpet_tbl = container_of(table, const struct acpi_table_hpet, header); @@ -319,7 +319,7 @@ static int __init acpi_parse_hpet(struct acpi_table_header *table) return 0; } -static int __init acpi_invalidate_bgrt(struct acpi_table_header *table) +static int __init cf_check acpi_invalidate_bgrt(struct acpi_table_header *table) { struct acpi_table_bgrt *bgrt_tbl = container_of(table, struct acpi_table_bgrt, header); @@ -472,7 +472,7 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) acpi_sinfo.wakeup_vector, acpi_sinfo.vector_width); } -static int __init acpi_parse_fadt(struct acpi_table_header *table) +static int __init cf_check acpi_parse_fadt(struct acpi_table_header *table) { const struct acpi_table_fadt *fadt = container_of(table, const struct acpi_table_fadt, header); diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index f9e17249dc..25fb05a389 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -745,15 +745,15 @@ static int __init pvh_setup_cpus(struct domain *d, paddr_t entry, return 0; } -static int __init acpi_count_intr_ovr(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_count_intr_ovr( + struct acpi_subtable_header *header, const unsigned long end) { acpi_intr_overrides++; return 0; } -static int __init acpi_set_intr_ovr(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_set_intr_ovr( + struct acpi_subtable_header *header, const unsigned long end) { const struct acpi_madt_interrupt_override *intr = container_of(header, struct acpi_madt_interrupt_override, header); @@ -764,15 +764,15 @@ static int __init acpi_set_intr_ovr(struct acpi_subtable_header *header, return 0; } -static int __init acpi_count_nmi_src(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_count_nmi_src( + struct acpi_subtable_header *header, const unsigned long end) { acpi_nmi_sources++; return 0; } -static int __init acpi_set_nmi_src(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_set_nmi_src( + struct acpi_subtable_header *header, const unsigned long end) { const struct acpi_madt_nmi_source *src = container_of(header, struct acpi_madt_nmi_source, header); diff --git a/xen/arch/x86/include/asm/tboot.h b/xen/arch/x86/include/asm/tboot.h index bfeed1542f..818d5fa451 100644 --- a/xen/arch/x86/include/asm/tboot.h +++ b/xen/arch/x86/include/asm/tboot.h @@ -124,7 +124,7 @@ void tboot_probe(void); void tboot_shutdown(uint32_t shutdown_type); int tboot_in_measured_env(void); int tboot_protect_mem_regions(void); -int tboot_parse_dmar_table(acpi_table_handler dmar_handler); +int cf_check tboot_parse_dmar_table(acpi_table_handler dmar_handler); int tboot_s3_resume(void); void tboot_s3_error(int error); int tboot_wake_ap(int apicid, unsigned long sipi_vec); diff --git a/xen/arch/x86/srat.c b/xen/arch/x86/srat.c index 6b77b98201..cfe24c7e78 100644 --- a/xen/arch/x86/srat.c +++ b/xen/arch/x86/srat.c @@ -407,8 +407,8 @@ void __init acpi_numa_arch_fixup(void) {} static uint64_t __initdata srat_region_mask; -static int __init srat_parse_region(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check srat_parse_region( + struct acpi_subtable_header *header, const unsigned long end) { struct acpi_srat_mem_affinity *ma; diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 529367ed81..fe1abfdf08 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -450,7 +450,7 @@ int __init tboot_protect_mem_regions(void) return 1; } -int __init tboot_parse_dmar_table(acpi_table_handler dmar_handler) +int __init cf_check tboot_parse_dmar_table(acpi_table_handler dmar_handler) { int rc; uint64_t size; diff --git a/xen/arch/x86/x86_64/acpi_mmcfg.c b/xen/arch/x86/x86_64/acpi_mmcfg.c index 0db8f57abb..2159c68189 100644 --- a/xen/arch/x86/x86_64/acpi_mmcfg.c +++ b/xen/arch/x86/x86_64/acpi_mmcfg.c @@ -68,7 +68,7 @@ static int __init acpi_mcfg_check_entry(struct acpi_table_mcfg *mcfg, return -EINVAL; } -int __init acpi_parse_mcfg(struct acpi_table_header *header) +int __init cf_check acpi_parse_mcfg(struct acpi_table_header *header) { struct acpi_table_mcfg *mcfg; unsigned long i; diff --git a/xen/arch/x86/x86_64/mmconfig.h b/xen/arch/x86/x86_64/mmconfig.h index 4d3b9fcbdd..433046be66 100644 --- a/xen/arch/x86/x86_64/mmconfig.h +++ b/xen/arch/x86/x86_64/mmconfig.h @@ -76,7 +76,7 @@ static inline void mmio_config_writel(void __iomem *pos, u32 val) /* function prototypes */ struct acpi_table_header; -int acpi_parse_mcfg(struct acpi_table_header *header); +int cf_check acpi_parse_mcfg(struct acpi_table_header *header); int pci_mmcfg_reserved(uint64_t address, unsigned int segment, unsigned int start_bus, unsigned int end_bus, unsigned int flags); diff --git a/xen/drivers/acpi/apei/hest.c b/xen/drivers/acpi/apei/hest.c index c5f3aaab7c..5881275d2f 100644 --- a/xen/drivers/acpi/apei/hest.c +++ b/xen/drivers/acpi/apei/hest.c @@ -128,8 +128,8 @@ int apei_hest_parse(apei_hest_func_t func, void *data) * Check if firmware advertises firmware first mode. We need FF bit to be set * along with a set of MC banks which work in FF mode. */ -static int __init hest_parse_cmc(const struct acpi_hest_header *hest_hdr, - void *data) +static int __init cf_check hest_parse_cmc( + const struct acpi_hest_header *hest_hdr, void *data) { #ifdef CONFIG_X86_MCE unsigned int i; diff --git a/xen/drivers/acpi/numa.c b/xen/drivers/acpi/numa.c index 85f891757c..bc6e888234 100644 --- a/xen/drivers/acpi/numa.c +++ b/xen/drivers/acpi/numa.c @@ -112,14 +112,14 @@ void __init acpi_table_print_srat_entry(struct acpi_subtable_header * header) } } -static int __init acpi_parse_slit(struct acpi_table_header *table) +static int __init cf_check acpi_parse_slit(struct acpi_table_header *table) { acpi_numa_slit_init((struct acpi_table_slit *)table); return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -138,7 +138,7 @@ acpi_parse_x2apic_affinity(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_processor_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -156,7 +156,7 @@ acpi_parse_processor_affinity(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_memory_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -174,7 +174,7 @@ acpi_parse_memory_affinity(struct acpi_subtable_header *header, return 0; } -int __init acpi_parse_srat(struct acpi_table_header *table) +int __init cf_check acpi_parse_srat(struct acpi_table_header *table) { if (!table) return -EINVAL; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 5ea2277328..3a79314589 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -1078,7 +1078,7 @@ static inline bool_t is_ivmd_block(u8 type) type == ACPI_IVRS_TYPE_MEMORY_IOMMU); } -static int __init parse_ivrs_table(struct acpi_table_header *table) +static int __init cf_check parse_ivrs_table(struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length; @@ -1170,7 +1170,7 @@ static int __init parse_ivrs_table(struct acpi_table_header *table) return error; } -static int __init detect_iommu_acpi(struct acpi_table_header *table) +static int __init cf_check detect_iommu_acpi(struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length = sizeof(struct acpi_table_ivrs); @@ -1264,7 +1264,8 @@ static int __init get_last_bdf_ivhd( return last_bdf; } -static int __init get_last_bdf_acpi(struct acpi_table_header *table) +static int __init cf_check cf_check get_last_bdf_acpi( + struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length = sizeof(struct acpi_table_ivrs); @@ -1306,7 +1307,7 @@ int __init amd_iommu_update_ivrs_mapping_acpi(void) return acpi_table_parse(ACPI_SIG_IVRS, parse_ivrs_table); } -static int __init +static int __init cf_check get_supported_ivhd_type(struct acpi_table_header *table) { size_t length = sizeof(struct acpi_table_ivrs); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 9f79a01608..099312365d 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1287,7 +1287,8 @@ static bool_t hest_source_is_pcie_aer(const struct acpi_hest_header *hest_hdr) return 0; } -static int aer_hest_parse(const struct acpi_hest_header *hest_hdr, void *data) +static int cf_check aer_hest_parse( + const struct acpi_hest_header *hest_hdr, void *data) { struct aer_hest_parse_info *info = data; const struct acpi_hest_aer_common *p; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index b152f3da91..b8e91f5be1 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -767,7 +767,7 @@ acpi_parse_one_rhsa(struct acpi_dmar_header *header) return ret; } -static int __init acpi_parse_dmar(struct acpi_table_header *table) +static int __init cf_check acpi_parse_dmar(struct acpi_table_header *table) { struct acpi_table_dmar *dmar; struct acpi_dmar_header *entry_header; diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h index 08834f1402..39d51fcd01 100644 --- a/xen/include/xen/acpi.h +++ b/xen/include/xen/acpi.h @@ -91,7 +91,7 @@ struct acpi_subtable_header *acpi_table_get_entry_madt(enum acpi_madt_type id, int acpi_table_parse_madt(enum acpi_madt_type id, acpi_table_entry_handler handler, unsigned int max_entries); int acpi_table_parse_srat(int id, acpi_madt_entry_handler handler, unsigned int max_entries); -int acpi_parse_srat(struct acpi_table_header *); +int cf_check acpi_parse_srat(struct acpi_table_header *); void acpi_table_print (struct acpi_table_header *header, unsigned long phys_addr); void acpi_table_print_madt_entry (struct acpi_subtable_header *madt); void acpi_table_print_srat_entry (struct acpi_subtable_header *srat); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:12:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:12:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277592.474179 (Exim 4.92) (envelope-from ) id 1nMuG9-0004DD-Eg; Wed, 23 Feb 2022 16:12:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277592.474179; Wed, 23 Feb 2022 16:12:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuG9-0004D5-Bq; Wed, 23 Feb 2022 16:12:57 +0000 Received: by outflank-mailman (input) for mailman id 277592; Wed, 23 Feb 2022 16:12:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuG8-0004Cz-Sp for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuG8-00057K-S3 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuG8-0003i7-RF for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:12:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OxTqW5Csa579PguyvD/PZbNbj/vsR0KjEYE/SHsOT8w=; b=H1oAeLO33Lir1QlQYFc8US64MI 17ASDgTnsm0PJ1EQuxh2/dP3/HHzMYaCHf0nfXO+Nvlix+snzZNqyzQLaxOcYyMm3GKFAZCHWDXuy WFlz21Pa/46eVrqd4veZIPRBF3sOJf7Bz8kg8ggaXWVP6nWRGYhpondBy6/3+ggBvQz8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for continue_hypercall_on_cpu() Message-Id: Date: Wed, 23 Feb 2022 16:12:56 +0000 commit 19804ed02902e78c82c6c97af8bd5ec348d5f071 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:49 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for continue_hypercall_on_cpu() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/include/asm/pv/shim.h | 8 ++++---- xen/arch/x86/include/asm/smp.h | 6 +++--- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/pv/shim.c | 4 ++-- xen/arch/x86/smp.c | 4 ++-- xen/arch/x86/sysctl.c | 2 +- xen/common/core_parking.c | 2 +- xen/common/kexec.c | 2 +- xen/common/sched/cpupool.c | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 912d4c4d62..c4e7e86989 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -326,7 +326,7 @@ static int enter_state(u32 state) return error; } -static long enter_state_helper(void *data) +static long cf_check enter_state_helper(void *data) { struct acpi_sleep_info *sinfo = (struct acpi_sleep_info *)data; return enter_state(sinfo->sleep_state); diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 46f55fe7f1..9631042190 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -558,7 +558,7 @@ struct ucode_buf { char buffer[]; }; -static long microcode_update_helper(void *data) +static long cf_check microcode_update_helper(void *data) { int ret; struct ucode_buf *buffer = data; diff --git a/xen/arch/x86/include/asm/pv/shim.h b/xen/arch/x86/include/asm/pv/shim.h index 6415f8068e..a43c3689b4 100644 --- a/xen/arch/x86/include/asm/pv/shim.h +++ b/xen/arch/x86/include/asm/pv/shim.h @@ -38,8 +38,8 @@ void pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, start_info_t *si); int pv_shim_shutdown(uint8_t reason); void pv_shim_inject_evtchn(unsigned int port); -long pv_shim_cpu_up(void *data); -long pv_shim_cpu_down(void *data); +long cf_check pv_shim_cpu_up(void *data); +long cf_check pv_shim_cpu_down(void *data); void pv_shim_online_memory(unsigned int nr, unsigned int order); void pv_shim_offline_memory(unsigned int nr, unsigned int order); domid_t get_initial_domain_id(void); @@ -69,12 +69,12 @@ static inline void pv_shim_inject_evtchn(unsigned int port) { ASSERT_UNREACHABLE(); } -static inline long pv_shim_cpu_up(void *data) +static inline long cf_check pv_shim_cpu_up(void *data) { ASSERT_UNREACHABLE(); return 0; } -static inline long pv_shim_cpu_down(void *data) +static inline long cf_check pv_shim_cpu_down(void *data) { ASSERT_UNREACHABLE(); return 0; diff --git a/xen/arch/x86/include/asm/smp.h b/xen/arch/x86/include/asm/smp.h index f7485f602e..1747772d23 100644 --- a/xen/arch/x86/include/asm/smp.h +++ b/xen/arch/x86/include/asm/smp.h @@ -57,10 +57,10 @@ int cpu_add(uint32_t apic_id, uint32_t acpi_id, uint32_t pxm); void __stop_this_cpu(void); -long cpu_up_helper(void *data); -long cpu_down_helper(void *data); +long cf_check cpu_up_helper(void *data); +long cf_check cpu_down_helper(void *data); -long core_parking_helper(void *data); +long cf_check core_parking_helper(void *data); bool core_parking_remove(unsigned int cpu); uint32_t get_cur_idle_nums(void); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 84566bbfaa..f5d7adc1e8 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -45,7 +45,7 @@ struct resource_access { xenpf_resource_entry_t *entries; }; -long cpu_frequency_change_helper(void *); +long cf_check cpu_frequency_change_helper(void *); void check_resource_access(struct resource_access *); void resource_access(void *); @@ -59,7 +59,7 @@ DEFINE_SPINLOCK(xenpf_lock); # undef guest_from_compat_handle # define guest_from_compat_handle(x,y) ((x)=(y)) -long cpu_frequency_change_helper(void *data) +long cf_check cpu_frequency_change_helper(void *data) { return cpu_frequency_change((uint64_t)data); } diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index ae4d8913fa..2ee290a392 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -845,7 +845,7 @@ int cf_check compat_grant_table_op( #endif #endif -long pv_shim_cpu_up(void *data) +long cf_check pv_shim_cpu_up(void *data) { struct vcpu *v = data; struct domain *d = v->domain; @@ -883,7 +883,7 @@ long pv_shim_cpu_up(void *data) return 0; } -long pv_shim_cpu_down(void *data) +long cf_check pv_shim_cpu_down(void *data) { struct vcpu *v = data; long rc; diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index eef0f9c6cb..f4952a6bf9 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -399,7 +399,7 @@ void call_function_interrupt(struct cpu_user_regs *regs) smp_call_function_interrupt(); } -long cpu_up_helper(void *data) +long cf_check cpu_up_helper(void *data) { unsigned int cpu = (unsigned long)data; int ret = cpu_up(cpu); @@ -422,7 +422,7 @@ long cpu_up_helper(void *data) return ret; } -long cpu_down_helper(void *data) +long cf_check cpu_down_helper(void *data) { int cpu = (unsigned long)data; int ret = cpu_down(cpu); diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index aff52a13f3..1772f51f8f 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -79,7 +79,7 @@ static void l3_cache_get(void *arg) l3_info->size = info.size / 1024; /* in KB unit */ } -static long smt_up_down_helper(void *data) +static long cf_check smt_up_down_helper(void *data) { bool up = (bool)data; unsigned int cpu, sibling_mask = boot_cpu_data.x86_num_siblings - 1; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 44a907abfd..4afad04f2f 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -169,7 +169,7 @@ static unsigned int core_parking_power(unsigned int event) return cpu; } -long core_parking_helper(void *data) +long cf_check core_parking_helper(void *data) { uint32_t idle_nums = (unsigned long)data; unsigned int cpu; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 3b223cd03d..b222a5fd78 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -395,7 +395,7 @@ void kexec_crash(enum crash_reason reason) BUG(); } -static long kexec_reboot(void *_image) +static long cf_check kexec_reboot(void *_image) { struct kexec_image *image = _image; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index e5cfb03b85..b9d4babd0d 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -544,7 +544,7 @@ static int cpupool_unassign_cpu_start(struct cpupool *c, unsigned int cpu) return ret; } -static long cpupool_unassign_cpu_helper(void *info) +static long cf_check cpupool_unassign_cpu_helper(void *info) { struct cpupool *c = info; long ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277594.474184 (Exim 4.92) (envelope-from ) id 1nMuGJ-0004Gg-GZ; Wed, 23 Feb 2022 16:13:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277594.474184; Wed, 23 Feb 2022 16:13:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGJ-0004GY-DM; Wed, 23 Feb 2022 16:13:07 +0000 Received: by outflank-mailman (input) for mailman id 277594; Wed, 23 Feb 2022 16:13:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGJ-0004GO-13 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGJ-00057l-0O for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuGI-0003ix-Vg for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wWcYPXZYvBkPChYZgSF6/lRXKYGM9p/ntnCVyOEz2a0=; b=CwJbKIGLYe2OCT7FRotS8+Abmh PH4cq9hchiMpRoYVmbH/XX9ZHatEItZz2HbrbRyimZZIRyO7d2UazoZBoJJbe2UgA1gX6scL9Dvuy D4VyJgYmZZHLaBND1NF6+GmtaYCqFRl+SCecJU60630BIPfboR30sYs4VOVx6+tDbwcs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for init_timer() Message-Id: Date: Wed, 23 Feb 2022 16:13:06 +0000 commit 17bafcdcc84f67307a28acc42f0e842a7f5c08a7 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:42:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for init_timer() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/amd_nonfatal.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/hvm/pmtimer.c | 2 +- xen/arch/x86/hvm/rtc.c | 6 +++--- xen/arch/x86/hvm/viridian/time.c | 2 +- xen/arch/x86/hvm/vpt.c | 2 +- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/time.c | 4 ++-- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 18 +++++++++--------- xen/common/sched/credit.c | 10 ++++------ xen/common/sched/credit2.c | 2 +- xen/common/sched/rt.c | 5 +++-- xen/drivers/char/ehci-dbgp.c | 2 +- xen/drivers/char/ns16550.c | 6 +++--- xen/drivers/cpufreq/cpufreq_ondemand.c | 2 +- 17 files changed, 36 insertions(+), 37 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c index 6e8901530a..da0bf85f02 100644 --- a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c +++ b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c @@ -127,7 +127,7 @@ static void mce_amd_checkregs(void *info) * multiple correctable errors between two polls. In that case, * increase polling frequency higher than normal. */ -static void mce_amd_work_fn(void *data) +static void cf_check mce_amd_work_fn(void *data) { on_each_cpu(mce_amd_checkregs, data, 1); diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index 2679c220a8..f7e411c087 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -67,7 +67,7 @@ static void mce_checkregs (void *info) } } -static void mce_work_fn(void *data) +static void cf_check mce_work_fn(void *data) { on_each_cpu(mce_checkregs, NULL, 1); diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 97b9e41712..808819d1de 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -124,7 +124,7 @@ static void pmt_update_time(PMTState *s) /* This function should be called soon after each time the MSB of the * pmtimer register rolls over, to make sure we update the status * registers and SCI at least once per rollover */ -static void pmt_timer_callback(void *opaque) +static void cf_check pmt_timer_callback(void *opaque) { PMTState *s = opaque; uint32_t pmt_cycles_until_flip; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 3150f5f147..09d3501276 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -217,7 +217,7 @@ static void check_update_timer(RTCState *s) s->use_timer = 0; } -static void rtc_update_timer(void *opaque) +static void cf_check rtc_update_timer(void *opaque) { RTCState *s = opaque; @@ -230,7 +230,7 @@ static void rtc_update_timer(void *opaque) spin_unlock(&s->lock); } -static void rtc_update_timer2(void *opaque) +static void cf_check rtc_update_timer2(void *opaque) { RTCState *s = opaque; @@ -421,7 +421,7 @@ static void alarm_timer_update(RTCState *s) } } -static void rtc_alarm_cb(void *opaque) +static void cf_check rtc_alarm_cb(void *opaque) { RTCState *s = opaque; diff --git a/xen/arch/x86/hvm/viridian/time.c b/xen/arch/x86/hvm/viridian/time.c index 24ff117edb..b56fd67662 100644 --- a/xen/arch/x86/hvm/viridian/time.c +++ b/xen/arch/x86/hvm/viridian/time.c @@ -126,7 +126,7 @@ static void stop_stimer(struct viridian_stimer *vs) vs->started = false; } -static void stimer_expire(void *data) +static void cf_check stimer_expire(void *data) { struct viridian_stimer *vs = data; struct vcpu *v = vs->v; diff --git a/xen/arch/x86/hvm/vpt.c b/xen/arch/x86/hvm/vpt.c index 6fdc3e19fe..cb1d81bf9e 100644 --- a/xen/arch/x86/hvm/vpt.c +++ b/xen/arch/x86/hvm/vpt.c @@ -271,7 +271,7 @@ void pt_restore_timer(struct vcpu *v) pt_vcpu_unlock(v); } -static void pt_timer_fn(void *data) +static void cf_check pt_timer_fn(void *data) { struct periodic_time *pt = data; diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index bcf46cd54d..f9c8084555 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -935,7 +935,7 @@ void alloc_direct_apic_vector( spin_unlock(&lock); } -static void irq_ratelimit_timer_fn(void *data) +static void cf_check irq_ratelimit_timer_fn(void *data) { struct irq_desc *desc, *tmp; unsigned long flags; @@ -1129,7 +1129,7 @@ static inline void clear_pirq_eoi(struct domain *d, unsigned int irq) static void set_eoi_ready(void *data); -static void irq_guest_eoi_timer_fn(void *data) +static void cf_check irq_guest_eoi_timer_fn(void *data) { struct irq_desc *desc = data; unsigned int i, irq = desc - irq_desc; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index d6018f0c42..d8605ffddd 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -211,7 +211,7 @@ void __init check_nmi_watchdog(void) return; } -static void nmi_timer_fn(void *unused) +static void cf_check nmi_timer_fn(void *unused) { this_cpu(nmi_timer_ticks)++; set_timer(&this_cpu(nmi_timer), NOW() + MILLISECS(1000)); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index b94aa8f216..bee5fd755a 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -814,7 +814,7 @@ static s_time_t __read_platform_stime(u64 platform_time) return (stime_platform_stamp + scale_delta(diff, &plt_scale)); } -static void plt_overflow(void *unused) +static void cf_check plt_overflow(void *unused) { int i; u64 count; @@ -1854,7 +1854,7 @@ static void time_calibration_nop_rendezvous(void *rv) static void (*time_calibration_rendezvous_fn)(void *) = time_calibration_std_rendezvous; -static void time_calibration(void *unused) +static void cf_check time_calibration(void *unused) { struct calibration_rendezvous r = { .semaphore = ATOMIC_INIT(0) diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index 2ec5606de5..f9dd2584a8 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -575,7 +575,7 @@ static void rcu_idle_timer_stop(void) stop_timer(&rdp->idle_timer); } -static void rcu_idle_timer_handler(void* data) +static void cf_check rcu_idle_timer_handler(void* data) { perfc_incr(rcu_idle_timer); diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index fbd2dfb59b..6a1f17e94e 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -71,10 +71,10 @@ cpumask_t sched_res_mask; static DEFINE_SPINLOCK(sched_free_cpu_lock); /* Various timer handlers. */ -static void s_timer_fn(void *unused); -static void vcpu_periodic_timer_fn(void *data); -static void vcpu_singleshot_timer_fn(void *data); -static void poll_timer_fn(void *data); +static void cf_check s_timer_fn(void *unused); +static void cf_check vcpu_periodic_timer_fn(void *data); +static void cf_check vcpu_singleshot_timer_fn(void *data); +static void cf_check poll_timer_fn(void *data); /* This is global for now so that private implementations can reach it */ DEFINE_PER_CPU_READ_MOSTLY(struct sched_resource *, sched_res); @@ -1535,7 +1535,7 @@ long vcpu_yield(void) return 0; } -static void domain_watchdog_timeout(void *data) +static void cf_check domain_watchdog_timeout(void *data) { struct domain *d = data; @@ -2697,28 +2697,28 @@ static void schedule(void) } /* The scheduler timer: force a run through the scheduler */ -static void s_timer_fn(void *unused) +static void cf_check s_timer_fn(void *unused) { raise_softirq(SCHEDULE_SOFTIRQ); SCHED_STAT_CRANK(sched_irq); } /* Per-VCPU periodic timer function: sends a virtual timer interrupt. */ -static void vcpu_periodic_timer_fn(void *data) +static void cf_check vcpu_periodic_timer_fn(void *data) { struct vcpu *v = data; vcpu_periodic_timer_work(v); } /* Per-VCPU single-shot timer function: sends a virtual timer interrupt. */ -static void vcpu_singleshot_timer_fn(void *data) +static void cf_check vcpu_singleshot_timer_fn(void *data) { struct vcpu *v = data; send_timer_event(v); } /* SCHEDOP_poll timeout callback. */ -static void poll_timer_fn(void *data) +static void cf_check poll_timer_fn(void *data) { struct vcpu *v = data; diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index d0aa017c64..5635271f6f 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -230,8 +230,8 @@ struct csched_private { struct timer master_ticker; }; -static void csched_tick(void *_cpu); -static void csched_acct(void *dummy); +static void cf_check csched_tick(void *_cpu); +static void cf_check csched_acct(void *dummy); static inline int __unit_on_runq(const struct csched_unit *svc) @@ -1356,8 +1356,7 @@ csched_runq_sort(struct csched_private *prv, unsigned int cpu) pcpu_schedule_unlock_irqrestore(lock, flags, cpu); } -static void -csched_acct(void* dummy) +static void cf_check csched_acct(void* dummy) { struct csched_private *prv = dummy; unsigned long flags; @@ -1563,8 +1562,7 @@ out: set_timer( &prv->master_ticker, NOW() + prv->tslice); } -static void -csched_tick(void *_cpu) +static void cf_check csched_tick(void *_cpu) { unsigned int cpu = (unsigned long)_cpu; const struct sched_resource *sr = get_sched_res(cpu); diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index a5f073cda5..d96e2749dd 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -2072,7 +2072,7 @@ static inline void do_replenish(struct csched2_dom *sdom) sdom->budget += sdom->tot_budget; } -static void replenish_domain_budget(void* data) +static void cf_check replenish_domain_budget(void *data) { struct csched2_dom *sdom = data; unsigned long flags; diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c index c24cd2ac32..5ea6f01f26 100644 --- a/xen/common/sched/rt.c +++ b/xen/common/sched/rt.c @@ -173,7 +173,7 @@ #define TRC_RTDS_SCHED_TASKLET TRC_SCHED_CLASS_EVT(RTDS, 5) #define TRC_RTDS_SCHEDULE TRC_SCHED_CLASS_EVT(RTDS, 6) -static void repl_timer_handler(void *data); +static void cf_check repl_timer_handler(void *data); /* * System-wide private data, include global RunQueue/DepletedQ @@ -1452,7 +1452,8 @@ rt_dom_cntl( * The replenishment timer handler picks units * from the replq and does the actual replenishment. */ -static void repl_timer_handler(void *data){ +static void cf_check repl_timer_handler(void *data) +{ s_time_t now; const struct scheduler *ops = data; struct rt_private *prv = rt_priv(ops); diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..a6b57fdf2d 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1289,7 +1289,7 @@ static void _ehci_dbgp_poll(struct cpu_user_regs *regs) set_timer(&dbgp->timer, NOW() + timeout); } -static void ehci_dbgp_poll(void *data) +static void cf_check ehci_dbgp_poll(void *data) { poll_port = data; #ifdef run_in_exception_handler diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 30596d60d4..990cad39fe 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -111,7 +111,7 @@ struct ns16550_config_param { static void enable_exar_enhanced_bits(const struct ns16550 *uart); #endif -static void ns16550_delayed_resume(void *data); +static void cf_check ns16550_delayed_resume(void *data); static u8 ns_read_reg(const struct ns16550 *uart, unsigned int reg) { @@ -229,7 +229,7 @@ out: set_timer(&uart->timer, NOW() + MILLISECS(uart->timeout_ms)); } -static void ns16550_poll(void *data) +static void cf_check ns16550_poll(void *data) { this_cpu(poll_port) = data; #ifdef run_in_exception_handler @@ -532,7 +532,7 @@ static void _ns16550_resume(struct serial_port *port) } static int delayed_resume_tries; -static void ns16550_delayed_resume(void *data) +static void cf_check ns16550_delayed_resume(void *data) { struct serial_port *port = data; struct ns16550 *uart = port->uart; diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index cabd9ffa88..ba03eaa233 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -172,7 +172,7 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info) } } -static void do_dbs_timer(void *dbs) +static void cf_check do_dbs_timer(void *dbs) { struct cpu_dbs_info_s *dbs_info = (struct cpu_dbs_info_s *)dbs; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277595.474188 (Exim 4.92) (envelope-from ) id 1nMuGU-0004Ka-I8; Wed, 23 Feb 2022 16:13:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277595.474188; Wed, 23 Feb 2022 16:13:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGU-0004KQ-FB; Wed, 23 Feb 2022 16:13:18 +0000 Received: by outflank-mailman (input) for mailman id 277595; Wed, 23 Feb 2022 16:13:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGT-0004K4-4n for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGT-00057p-45 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuGT-0003jo-3G for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uxGq9a+D3wpLhBIRvnjKbaQ02QwpDP43iISw666RdpY=; b=7CEMuVoh8Ca+xZ1YYdL7y3+C7X M/wcDu5sv1C6DuB/0cqzoNUUdGfO6yyZwvjhn7FMB3z3pJ8GM3FZC3CZPWEIFQn+cZ1KuXpd9x15A Goyf03ew6NxBtLq8VKB+ZTK9pmXHHrZNJ1OS/Zjda9hsnbAGfNC6M2RR/CrVHTGGYcDk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for call_rcu() Message-Id: Date: Wed, 23 Feb 2022 16:13:17 +0000 commit d910f5ce7744f992a4a69bbb94d1e85a741962a9 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:28:35 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for call_rcu() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/mtrr.c | 2 +- xen/arch/x86/hvm/vmsi.c | 2 +- xen/arch/x86/mm/mem_sharing.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/common/domain.c | 4 ++-- xen/common/radix-tree.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 2 +- xen/xsm/flask/avc.c | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index b3ef1bf541..42f3d83192 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -586,7 +586,7 @@ int hvm_get_mem_pinned_cacheattr(struct domain *d, gfn_t gfn, return rc; } -static void free_pinned_cacheattr_entry(struct rcu_head *rcu) +static void cf_check free_pinned_cacheattr_entry(struct rcu_head *rcu) { xfree(container_of(rcu, struct hvm_mem_pinned_cacheattr_range, rcu)); } diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c index 13e2a190b4..2889575a20 100644 --- a/xen/arch/x86/hvm/vmsi.c +++ b/xen/arch/x86/hvm/vmsi.c @@ -441,7 +441,7 @@ static void add_msixtbl_entry(struct domain *d, list_add_rcu(&entry->list, &d->arch.hvm.msixtbl_list); } -static void free_msixtbl_entry(struct rcu_head *rcu) +static void cf_check free_msixtbl_entry(struct rcu_head *rcu) { struct msixtbl_entry *entry; diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 74d2869c0e..15e6a7ed81 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -75,7 +75,7 @@ static DEFINE_SPINLOCK(shr_audit_lock); static DEFINE_RCU_READ_LOCK(shr_audit_read_lock); /* RCU delayed free of audit list entry */ -static void _free_pg_shared_info(struct rcu_head *head) +static void cf_check _free_pg_shared_info(struct rcu_head *head) { xfree(container_of(head, struct page_sharing_info, rcu_head)); } diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index eb3ba7bc88..46460689b7 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -45,7 +45,7 @@ struct free_info { }; static DEFINE_PER_CPU(struct free_info, free_info); -static void _free_percpu_area(struct rcu_head *head) +static void cf_check _free_percpu_area(struct rcu_head *head) { struct free_info *info = container_of(head, struct free_info, rcu); unsigned int cpu = info->cpu; diff --git a/xen/common/domain.c b/xen/common/domain.c index dacd03254c..c5716cd72f 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1075,7 +1075,7 @@ void vcpu_end_shutdown_deferral(struct vcpu *v) } /* Complete domain destroy after RCU readers are not holding old references. */ -static void complete_domain_destroy(struct rcu_head *head) +static void cf_check complete_domain_destroy(struct rcu_head *head) { struct domain *d = container_of(head, struct domain, rcu); struct vcpu *v; @@ -1798,7 +1798,7 @@ struct pirq *pirq_get_info(struct domain *d, int pirq) return info; } -static void _free_pirq_struct(struct rcu_head *head) +static void cf_check _free_pirq_struct(struct rcu_head *head) { xfree(container_of(head, struct pirq, rcu_head)); } diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 628a7e0698..33b47748ae 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -58,7 +58,7 @@ static struct radix_tree_node *rcu_node_alloc(void *arg) return rcu_node ? &rcu_node->node : NULL; } -static void _rcu_node_free(struct rcu_head *head) +static void cf_check _rcu_node_free(struct rcu_head *head) { struct rcu_node *rcu_node = container_of(head, struct rcu_node, rcu_head); diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index f9dd2584a8..423d6b1d6d 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -167,7 +167,7 @@ static int rsinterval = 1000; static atomic_t cpu_count = ATOMIC_INIT(0); static atomic_t pending_count = ATOMIC_INIT(0); -static void rcu_barrier_callback(struct rcu_head *head) +static void cf_check rcu_barrier_callback(struct rcu_head *head) { /* * We need a barrier making all previous writes visible to other cpus diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6a1f17e94e..aaa7ef2a6f 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2798,7 +2798,7 @@ static int cpu_schedule_up(unsigned int cpu) return 0; } -static void sched_res_free(struct rcu_head *head) +static void cf_check sched_res_free(struct rcu_head *head) { struct sched_resource *sr = container_of(head, struct sched_resource, rcu); diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c index 87ea38b7a0..e20c165042 100644 --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -276,7 +276,7 @@ int avc_get_hash_stats(struct xen_flask_hash_stats *arg) return 0; } -static void avc_node_free(struct rcu_head *rhead) +static void cf_check avc_node_free(struct rcu_head *rhead) { struct avc_node *node = container_of(rhead, struct avc_node, rhead); xfree(node); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277596.474192 (Exim 4.92) (envelope-from ) id 1nMuGe-0004O4-Le; Wed, 23 Feb 2022 16:13:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277596.474192; Wed, 23 Feb 2022 16:13:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGe-0004Nw-Ia; Wed, 23 Feb 2022 16:13:28 +0000 Received: by outflank-mailman (input) for mailman id 277596; Wed, 23 Feb 2022 16:13:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGd-0004Nk-9C for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGd-00057u-8X for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuGd-0003kW-7p for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CeCSApjmFM6LoN/TeQpRXjg1CzmkfsThM0RZtz3RxKg=; b=i3jZK46m3k3dou7oyhuI05Hr/B iU+MxxnG6Cqpu08QSl2QtOoX47MObBjZzEm8oWqzS2DnchUkpB3ysrARqUyxQDfQ4+k+s1ovklA7t fH3kuuXSauFOGdwOlrFylYChpjY+I63uyWgPKCvjFigW9TjL7gFx62deedUCFZhiMhJk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for IPIs Message-Id: Date: Wed, 23 Feb 2022 16:13:27 +0000 commit 4ea76ad84748b49a46b71c64772531e81dd2fd42 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:53 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for IPIs Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/acpi/cpufreq/cpufreq.c | 8 ++++---- xen/arch/x86/acpi/cpufreq/powernow.c | 6 +++--- xen/arch/x86/acpi/lib.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/mcheck/amd_nonfatal.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 6 +++--- xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/mtrr/generic.c | 2 +- xen/arch/x86/cpu/mtrr/main.c | 2 +- xen/arch/x86/cpu/mwait-idle.c | 6 +++--- xen/arch/x86/cpu/vpmu.c | 4 ++-- xen/arch/x86/guest/xen/xen.c | 2 +- xen/arch/x86/hvm/nestedhvm.c | 3 +-- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/mtrr.h | 2 +- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 10 +++++----- xen/arch/x86/oprofile/op_model_athlon.c | 2 +- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/psr.c | 2 +- xen/arch/x86/shutdown.c | 4 ++-- xen/arch/x86/smp.c | 2 +- xen/arch/x86/sysctl.c | 2 +- xen/arch/x86/time.c | 8 ++++---- xen/common/cpu.c | 4 ++-- xen/common/gdbstub.c | 2 +- xen/common/keyhandler.c | 2 +- xen/common/page_alloc.c | 2 +- 32 files changed, 53 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index fb47eb9ad6..22c8bb0c2d 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -145,7 +145,7 @@ struct hw_residencies uint64_t cc7; }; -static void do_get_hw_residencies(void *arg) +static void cf_check do_get_hw_residencies(void *arg) { struct cpuinfo_x86 *c = ¤t_cpu_data; struct hw_residencies *hw_res = arg; diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 9510f05340..8133c2dd95 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -129,7 +129,7 @@ struct drv_cmd { u32 val; }; -static void do_drv_read(void *drvcmd) +static void cf_check do_drv_read(void *drvcmd) { struct drv_cmd *cmd; @@ -148,7 +148,7 @@ static void do_drv_read(void *drvcmd) } } -static void do_drv_write(void *drvcmd) +static void cf_check do_drv_write(void *drvcmd) { struct drv_cmd *cmd; uint64_t msr_content; @@ -244,7 +244,7 @@ struct perf_pair { static DEFINE_PER_CPU(struct perf_pair, gov_perf_pair); static DEFINE_PER_CPU(struct perf_pair, usr_perf_pair); -static void read_measured_perf_ctrs(void *_readin) +static void cf_check read_measured_perf_ctrs(void *_readin) { struct perf_pair *readin = _readin; @@ -340,7 +340,7 @@ static unsigned int get_cur_freq_on_cpu(unsigned int cpu) return extract_freq(get_cur_val(cpumask_of(cpu)), data); } -static void feature_detect(void *info) +static void cf_check feature_detect(void *info) { struct cpufreq_policy *policy = info; unsigned int eax; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index da8fc40b9a..ca71ecf72d 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -44,12 +44,12 @@ #define ARCH_CPU_FLAG_RESUME 1 -static void transition_pstate(void *pstate) +static void cf_check transition_pstate(void *pstate) { wrmsrl(MSR_PSTATE_CTRL, *(unsigned int *)pstate); } -static void update_cpb(void *data) +static void cf_check update_cpb(void *data) { struct cpufreq_policy *policy = data; @@ -165,7 +165,7 @@ struct amd_cpu_data { u32 max_hw_pstate; }; -static void get_cpu_data(void *arg) +static void cf_check get_cpu_data(void *arg) { struct amd_cpu_data *data = arg; struct processor_performance *perf = data->perf; diff --git a/xen/arch/x86/acpi/lib.c b/xen/arch/x86/acpi/lib.c index b66e7338e7..43831b92d1 100644 --- a/xen/arch/x86/acpi/lib.c +++ b/xen/arch/x86/acpi/lib.c @@ -99,7 +99,7 @@ unsigned int acpi_get_processor_id(unsigned int cpu) return INVALID_ACPIID; } -static void get_mwait_ecx(void *info) +static void cf_check get_mwait_ecx(void *info) { *(u32 *)info = cpuid_ecx(CPUID_MWAIT_LEAF); } diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index a8e37dbb1f..2d18223f20 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -430,7 +430,7 @@ static void disable_c1_ramping(void) } } -static void disable_c1e(void *unused) +static void cf_check disable_c1e(void *unused) { uint64_t msr_content; diff --git a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c index da0bf85f02..efb45c931e 100644 --- a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c +++ b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c @@ -79,7 +79,7 @@ static int variable_period = 1; * Collects information of correctable errors and notifies * Dom0 via an event. */ -static void mce_amd_checkregs(void *info) +static void cf_check mce_amd_checkregs(void *info) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index a449fa0424..43f6c8471a 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -961,7 +961,7 @@ void x86_mcinfo_dump(struct mc_info *mi) } while ( 1 ); } -static void do_mc_get_cpu_info(void *v) +static void cf_check do_mc_get_cpu_info(void *v) { int cpu = smp_processor_id(); int cindex, cpn; @@ -1242,7 +1242,7 @@ static void x86_mc_hwcr_wren_restore(uint64_t hwcr) wrmsrl(MSR_K8_HWCR, hwcr); } -static void x86_mc_msrinject(void *data) +static void cf_check x86_mc_msrinject(void *data) { struct xen_mc_msrinject *mci = data; struct mcinfo_msr *msr; @@ -1274,7 +1274,7 @@ static void x86_mc_msrinject(void *data) } /*ARGSUSED*/ -static void x86_mc_mceinject(void *data) +static void cf_check x86_mc_mceinject(void *data) { printk("Simulating #MC on cpu %d\n", smp_processor_id()); __asm__ __volatile__("int $0x12"); diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index b6da8262e6..a691e10bdc 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -599,7 +599,7 @@ static void mce_set_owner(void) cmci_discover(); } -static void __cpu_mcheck_distribute_cmci(void *unused) +static void cf_check __cpu_mcheck_distribute_cmci(void *unused) { cmci_discover(); } diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index f7e411c087..1c0c32ba08 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -32,7 +32,7 @@ static uint64_t period = MCE_PERIOD; static int adjust = 0; static int variable_period = 1; -static void mce_checkregs (void *info) +static void cf_check mce_checkregs(void *info) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 9631042190..8413642080 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -533,7 +533,7 @@ static int control_thread_fn(const struct microcode_patch *patch) return ret; } -static int do_microcode_update(void *patch) +static int cf_check do_microcode_update(void *patch) { unsigned int cpu = smp_processor_id(); int ret; diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 883e3398ff..7cf4cd01f3 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -84,7 +84,7 @@ bool is_var_mtrr_overlapped(const struct mtrr_state *m) return false; } -void mtrr_save_fixed_ranges(void *info) +void cf_check mtrr_save_fixed_ranges(void *info) { get_fixed_ranges(mtrr_state.fixed_ranges); } diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 428133100d..4e01c8d6f9 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -131,7 +131,7 @@ struct set_mtrr_data { */ int hold_mtrr_updates_on_aps; -static void ipi_handler(void *info) +static void cf_check ipi_handler(void *info) /* [SUMMARY] Synchronisation handler. Executed by "other" CPUs. [RETURNS] Nothing. */ diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index fe1b7af25f..927ce1b67a 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -877,7 +877,7 @@ static void mwait_idle(void) cpuidle_current_governor->reflect(power); } -static void auto_demotion_disable(void *dummy) +static void cf_check auto_demotion_disable(void *dummy) { u64 msr_bits; @@ -886,13 +886,13 @@ static void auto_demotion_disable(void *dummy) wrmsrl(MSR_PKG_CST_CONFIG_CONTROL, msr_bits); } -static void byt_auto_demotion_disable(void *dummy) +static void cf_check byt_auto_demotion_disable(void *dummy) { wrmsrl(MSR_CC6_DEMOTION_POLICY_CONFIG, 0); wrmsrl(MSR_MC6_DEMOTION_POLICY_CONFIG, 0); } -static void c1e_promotion_disable(void *dummy) +static void cf_check c1e_promotion_disable(void *dummy) { u64 msr_bits; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index df3c9201b2..4fedc7c570 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -335,7 +335,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs) #endif } -static void vpmu_save_force(void *arg) +static void cf_check vpmu_save_force(void *arg) { struct vcpu *v = arg; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -528,7 +528,7 @@ void vpmu_initialise(struct vcpu *v) put_vpmu(v); } -static void vpmu_clear_last(void *arg) +static void cf_check vpmu_clear_last(void *arg) { if ( this_cpu(last_vcpu) == arg ) this_cpu(last_vcpu) = NULL; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 2ff63d370a..b2aa3a009b 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -289,7 +289,7 @@ int xg_free_unused_page(mfn_t mfn) return rangeset_remove_range(mem, mfn_x(mfn), mfn_x(mfn)); } -static void ap_resume(void *unused) +static void cf_check ap_resume(void *unused) { BUG_ON(map_vcpuinfo()); BUG_ON(init_evtchn()); diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 2351688448..58370190ff 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -82,8 +82,7 @@ nestedhvm_vcpu_destroy(struct vcpu *v) alternative_vcall(hvm_funcs.nhvm_vcpu_destroy, v); } -static void -nestedhvm_flushtlb_ipi(void *info) +static void cf_check nestedhvm_flushtlb_ipi(void *info) { struct vcpu *v = current; struct domain *d = info; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f72a7db045..2b6bafe9d5 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -589,7 +589,7 @@ static void vmx_free_vmcs(paddr_t pa) free_domheap_page(maddr_to_page(pa)); } -static void __vmx_clear_vmcs(void *info) +static void cf_check __vmx_clear_vmcs(void *info) { struct vcpu *v = info; struct vmx_vcpu *vmx = &v->arch.hvm.vmx; diff --git a/xen/arch/x86/include/asm/mtrr.h b/xen/arch/x86/include/asm/mtrr.h index e0fd1005ce..7733800b79 100644 --- a/xen/arch/x86/include/asm/mtrr.h +++ b/xen/arch/x86/include/asm/mtrr.h @@ -64,7 +64,7 @@ struct mtrr_state { }; extern struct mtrr_state mtrr_state; -extern void mtrr_save_fixed_ranges(void *); +extern void cf_check mtrr_save_fixed_ranges(void *); extern void mtrr_save_state(void); extern int mtrr_add(unsigned long base, unsigned long size, unsigned int type, char increment); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index f9c8084555..d9bd355113 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1127,7 +1127,7 @@ static inline void clear_pirq_eoi(struct domain *d, unsigned int irq) } } -static void set_eoi_ready(void *data); +static void cf_check set_eoi_ready(void *data); static void cf_check irq_guest_eoi_timer_fn(void *data) { @@ -1398,7 +1398,7 @@ static void __set_eoi_ready(const struct irq_desc *desc) } /* Mark specified IRQ as ready-for-EOI (if it really is) and attempt to EOI. */ -static void set_eoi_ready(void *data) +static void cf_check set_eoi_ready(void *data) { struct irq_desc *desc = data; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index d8605ffddd..0a1c9b8e9a 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -149,7 +149,7 @@ int nmi_active; (P4_CCCR_OVF_PMI0|P4_CCCR_THRESHOLD(15)|P4_CCCR_COMPLEMENT| \ P4_CCCR_COMPARE|P4_CCCR_REQUIRED|P4_CCCR_ESCR_SELECT(4)|P4_CCCR_ENABLE) -static void __init wait_for_nmis(void *p) +static void __init cf_check wait_for_nmis(void *p) { unsigned int start_count = this_cpu(nmi_count); unsigned long ticks = 10 * 1000 * cpu_khz / nmi_hz; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index ba9c4b9804..6ebe20bd1d 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -131,7 +131,7 @@ static void nmi_cpu_save_registers(struct op_msrs *msrs) } -static void nmi_save_registers(void * dummy) +static void cf_check nmi_save_registers(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -179,7 +179,7 @@ static int allocate_msrs(void) } -static void nmi_cpu_setup(void * dummy) +static void cf_check nmi_cpu_setup(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -245,7 +245,7 @@ static void nmi_restore_registers(struct op_msrs * msrs) } -static void nmi_cpu_shutdown(void * dummy) +static void cf_check nmi_cpu_shutdown(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -261,7 +261,7 @@ void nmi_release_counters(void) } -static void nmi_cpu_start(void * dummy) +static void cf_check nmi_cpu_start(void *dummy) { int cpu = smp_processor_id(); struct op_msrs const * msrs = &cpu_msrs[cpu]; @@ -278,7 +278,7 @@ int nmi_start(void) } -static void nmi_cpu_stop(void * dummy) +static void cf_check nmi_cpu_stop(void *dummy) { unsigned int v; int cpu = smp_processor_id(); diff --git a/xen/arch/x86/oprofile/op_model_athlon.c b/xen/arch/x86/oprofile/op_model_athlon.c index ee6eb0ecae..2177f02946 100644 --- a/xen/arch/x86/oprofile/op_model_athlon.c +++ b/xen/arch/x86/oprofile/op_model_athlon.c @@ -436,7 +436,7 @@ static void athlon_stop(struct op_msrs const * const msrs) #define APIC_EILVT_MSG_NMI 0x4 #define APIC_EILVT_LVTOFF_IBS 1 #define APIC_EILVTn(n) (0x500 + 0x10 * n) -static inline void __init init_ibs_nmi_per_cpu(void *arg) +static inline void __init cf_check init_ibs_nmi_per_cpu(void *arg) { unsigned long reg; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index f5d7adc1e8..b91ccff589 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -47,7 +47,7 @@ struct resource_access { long cf_check cpu_frequency_change_helper(void *); void check_resource_access(struct resource_access *); -void resource_access(void *); +void cf_check resource_access(void *); #ifndef COMPAT typedef long ret_t; @@ -149,7 +149,7 @@ void check_resource_access(struct resource_access *ra) ra->nr_done = i; } -void resource_access(void *info) +void cf_check resource_access(void *info) { struct resource_access *ra = info; unsigned int i; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 5b9991bd5b..6c9cabf384 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1247,7 +1247,7 @@ struct cos_write_info const uint32_t *val; }; -static void do_write_psr_msrs(void *data) +static void cf_check do_write_psr_msrs(void *data) { const struct cos_write_info *info = data; unsigned int i, index, cos = info->cos; diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index ad3e3a7691..30985d36a6 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -118,7 +118,7 @@ static inline void kb_wait(void) break; } -static void noreturn __machine_halt(void *unused) +static void noreturn cf_check __machine_halt(void *unused) { local_irq_disable(); @@ -548,7 +548,7 @@ static int __init cf_check reboot_init(void) } __initcall(reboot_init); -static void noreturn __machine_restart(void *pdelay) +static void cf_check noreturn __machine_restart(void *pdelay) { machine_restart(*(unsigned int *)pdelay); } diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index f4952a6bf9..f6fd7f95df 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -339,7 +339,7 @@ void __stop_this_cpu(void) cpumask_clear_cpu(smp_processor_id(), &cpu_online_map); } -static void stop_this_cpu(void *dummy) +static void cf_check stop_this_cpu(void *dummy) { __stop_this_cpu(); for ( ; ; ) diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index 1772f51f8f..f82abc2488 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -69,7 +69,7 @@ struct l3_cache_info { unsigned long size; }; -static void l3_cache_get(void *arg) +static void cf_check l3_cache_get(void *arg) { struct cpuid4_info info; struct l3_cache_info *l3_info = arg; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index bee5fd755a..a78f350b23 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -1660,7 +1660,7 @@ static void check_tsc_warp(unsigned long tsc_khz, unsigned long *max_warp) static unsigned long tsc_max_warp, tsc_check_count; static cpumask_t tsc_check_cpumask; -static void tsc_check_slave(void *unused) +static void cf_check tsc_check_slave(void *unused) { unsigned int cpu = smp_processor_id(); local_irq_disable(); @@ -1808,7 +1808,7 @@ static void time_calibration_tsc_rendezvous(void *_r) } /* Ordinary rendezvous function which does not modify TSC values. */ -static void time_calibration_std_rendezvous(void *_r) +static void cf_check time_calibration_std_rendezvous(void *_r) { struct calibration_rendezvous *r = _r; unsigned int total_cpus = cpumask_weight(&r->cpu_calibration_map); @@ -1839,7 +1839,7 @@ static void time_calibration_std_rendezvous(void *_r) * Rendezvous function used when clocksource is TSC and * no CPU hotplug will be performed. */ -static void time_calibration_nop_rendezvous(void *rv) +static void cf_check time_calibration_nop_rendezvous(void *rv) { const struct calibration_rendezvous *r = rv; struct cpu_time_stamp *c = &this_cpu(cpu_calibration); @@ -2031,7 +2031,7 @@ static void __init tsc_check_writability(void) disable_tsc_sync = true; } -static void __init reset_percpu_time(void *unused) +static void __init cf_check reset_percpu_time(void *unused) { struct cpu_time *t = &this_cpu(cpu_time); diff --git a/xen/common/cpu.c b/xen/common/cpu.c index 1f976db0a5..b0b63cdb36 100644 --- a/xen/common/cpu.c +++ b/xen/common/cpu.c @@ -84,13 +84,13 @@ static int cpu_notifier_call_chain(unsigned int cpu, unsigned long action, return ret; } -static void _take_cpu_down(void *unused) +static void cf_check _take_cpu_down(void *unused) { cpu_notifier_call_chain(smp_processor_id(), CPU_DYING, NULL, true); __cpu_disable(); } -static int take_cpu_down(void *arg) +static int cf_check take_cpu_down(void *arg) { _take_cpu_down(arg); return 0; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 99bfd9a654..079c3ca961 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -660,7 +660,7 @@ static int __init cf_check initialise_gdb(void) } presmp_initcall(initialise_gdb); -static void gdb_pause_this_cpu(void *unused) +static void cf_check gdb_pause_this_cpu(void *unused) { unsigned long flags; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 8b9f378371..2c916d528a 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -360,7 +360,7 @@ static cpumask_t read_clocks_cpumask; static DEFINE_PER_CPU(s_time_t, read_clocks_time); static DEFINE_PER_CPU(u64, read_cycles_time); -static void read_clocks_slave(void *unused) +static void cf_check read_clocks_slave(void *unused) { unsigned int cpu = smp_processor_id(); local_irq_disable(); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 561e238d2d..827617502e 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1898,7 +1898,7 @@ void __init end_boot_allocator(void) printk("\n"); } -static void __init smp_scrub_heap_pages(void *data) +static void __init cf_check smp_scrub_heap_pages(void *data) { unsigned long mfn, start, end; struct page_info *pg; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277597.474196 (Exim 4.92) (envelope-from ) id 1nMuGo-0004RI-N3; Wed, 23 Feb 2022 16:13:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277597.474196; Wed, 23 Feb 2022 16:13:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGo-0004RA-KC; Wed, 23 Feb 2022 16:13:38 +0000 Received: by outflank-mailman (input) for mailman id 277597; Wed, 23 Feb 2022 16:13:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGn-0004R2-Ct for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGn-000585-CD for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuGn-0003l7-BU for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dvEcFZKCLfvoNlMfvwISxzr1BSGFtES20G4QXCTtnU8=; b=I57O7sl4y1L3Cpm2TRiYIOVstx TFlqm6RHpM56DU8vrzRN3BhPyi/fg5Pi1iHd+5AogTzec/05qeLJI08t8CUQ2Tf8rEmWDFTS9ADoE mmiK93HgUbtX4OB/NMpND3Ydj6EJx0+8soN9hd0nzMMygsCtjc930DxPoDIRNRV8l97s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: CFI hardening for open_softirq() Message-Id: Date: Wed, 23 Feb 2022 16:13:37 +0000 commit 078dfe2fe0084e9a656928a186213821c5c5bad4 Author: Andrew Cooper AuthorDate: Fri Oct 29 10:58:21 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for open_softirq() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/domain.c | 2 +- xen/arch/x86/include/asm/flushtlb.h | 2 +- xen/arch/x86/pv/traps.c | 2 +- xen/arch/x86/smp.c | 2 +- xen/arch/x86/time.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 6 +++--- xen/common/tasklet.c | 2 +- xen/common/timer.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 43f6c8471a..3467e0f1a3 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1837,7 +1837,7 @@ static int mce_delayed_action(mctelem_cookie_t mctc) } /* Softirq Handler for this MCE# processing */ -static void mce_softirq(void) +static void cf_check mce_softirq(void) { static DEFINE_MCE_BARRIER(mce_inside_bar); static DEFINE_MCE_BARRIER(mce_severity_bar); diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 36748f67da..ec0b631f7c 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2524,7 +2524,7 @@ void vcpu_mark_events_pending(struct vcpu *v) vcpu_kick(v); } -static void vcpu_kick_softirq(void) +static void cf_check vcpu_kick_softirq(void) { /* * Nothing to do here: we merely prevent notifiers from racing with checks diff --git a/xen/arch/x86/include/asm/flushtlb.h b/xen/arch/x86/include/asm/flushtlb.h index 0be2273387..18777f1d4c 100644 --- a/xen/arch/x86/include/asm/flushtlb.h +++ b/xen/arch/x86/include/asm/flushtlb.h @@ -87,7 +87,7 @@ static inline void tlbflush_filter(cpumask_t *mask, uint32_t page_timestamp) __cpumask_clear_cpu(cpu, mask); } -void new_tlbflush_clock_period(void); +void cf_check new_tlbflush_clock_period(void); /* Read pagetable base. */ static inline unsigned long read_cr3(void) diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index 170e103098..97fe54b5ee 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -130,7 +130,7 @@ bool set_guest_nmi_trapbounce(void) static DEFINE_PER_CPU(struct vcpu *, softirq_nmi_vcpu); -static void nmi_softirq(void) +static void cf_check nmi_softirq(void) { struct vcpu **v_ptr = &this_cpu(softirq_nmi_vcpu); diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index f6fd7f95df..b9a696f619 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -290,7 +290,7 @@ void flush_area_mask(const cpumask_t *mask, const void *va, unsigned int flags) } /* Call with no locks held and interrupts enabled (e.g., softirq context). */ -void new_tlbflush_clock_period(void) +void cf_check new_tlbflush_clock_period(void) { cpumask_t allbutself; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index a78f350b23..32111358a7 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -1454,7 +1454,7 @@ int cpu_frequency_change(u64 freq) static DEFINE_PER_CPU(struct cpu_time_stamp, cpu_calibration); /* Softirq handler for per-CPU time calibration. */ -static void local_time_calibration(void) +static void cf_check local_time_calibration(void) { struct cpu_time *t = &this_cpu(cpu_time); const struct cpu_time_stamp *c = &this_cpu(cpu_calibration); diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index 423d6b1d6d..212a99acd8 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -466,7 +466,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp, rcu_do_batch(rdp); } -static void rcu_process_callbacks(void) +static void cf_check rcu_process_callbacks(void) { struct rcu_data *rdp = &this_cpu(rcu_data); diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index aaa7ef2a6f..4e60500c7c 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2568,7 +2568,7 @@ static struct sched_unit *sched_wait_rendezvous_in(struct sched_unit *prev, return prev->next_task; } -static void sched_slave(void) +static void cf_check sched_slave(void) { struct vcpu *v, *vprev = current; struct sched_unit *prev = vprev->sched_unit, *next; @@ -2632,7 +2632,7 @@ static void sched_slave(void) * - deschedule the current domain (scheduler independent). * - pick a new domain (scheduler dependent). */ -static void schedule(void) +static void cf_check schedule(void) { struct vcpu *vnext, *vprev = current; struct sched_unit *prev = vprev->sched_unit, *next = NULL; @@ -2928,7 +2928,7 @@ const cpumask_t *sched_get_opt_cpumask(enum sched_gran opt, unsigned int cpu) return mask; } -static void schedule_dummy(void) +static void cf_check schedule_dummy(void) { sched_tasklet_check_cpu(smp_processor_id()); } diff --git a/xen/common/tasklet.c b/xen/common/tasklet.c index 1b16bbcdeb..3ad67b5c24 100644 --- a/xen/common/tasklet.c +++ b/xen/common/tasklet.c @@ -135,7 +135,7 @@ void do_tasklet(void) } /* Softirq context work */ -static void tasklet_softirq_action(void) +static void cf_check tasklet_softirq_action(void) { unsigned int cpu = smp_processor_id(); struct list_head *list = &per_cpu(softirq_tasklet_list, cpu); diff --git a/xen/common/timer.c b/xen/common/timer.c index b788050ea1..700f191a70 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -450,7 +450,7 @@ static void execute_timer(struct timers *ts, struct timer *t) } -static void timer_softirq_action(void) +static void cf_check timer_softirq_action(void) { struct timer *t, **heap, *next; struct timers *ts; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 527bd6a56d..0e3c0f6aee 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1003,7 +1003,7 @@ int arch_pci_clean_pirqs(struct domain *d) * Note: 'pt_pirq_softirq_reset' can clear the STATE_SCHED before we get to * doing it. If that is the case we let 'pt_pirq_softirq_reset' do ref-counting. */ -static void dpci_softirq(void) +static void cf_check dpci_softirq(void) { unsigned int cpu = smp_processor_id(); LIST_HEAD(our_list); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277599.474201 (Exim 4.92) (envelope-from ) id 1nMuGy-0004V6-QU; Wed, 23 Feb 2022 16:13:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277599.474201; Wed, 23 Feb 2022 16:13:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGy-0004Uu-N2; Wed, 23 Feb 2022 16:13:48 +0000 Received: by outflank-mailman (input) for mailman id 277599; Wed, 23 Feb 2022 16:13:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGx-0004Ua-GJ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuGx-00058I-Fa for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuGx-0003lk-Ei for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3VsWSfToMcvXRQX0LhjHisyPTQhpRlS9feCLJK/TDcI=; b=CNyYE90dcdXDoebB5ZmdyKkzYL BFpvEmx6v+BzH2YEqyaxPCJBepGnJbXwYhCpTUIoG2PW8gwbw/Z0WAA+E5/XuDEJagISDdbWcKGvG KKpxDRqjWgMBqLJKuZziYkMqdGz1Yc9vyU/AoW86pyM8mm5rHo34qicEhtAWIYXdk2D8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm/flask/ss: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:13:47 +0000 commit c9e0a06259aff799b57b3180ba815081c914f4e8 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:32:08 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm/flask/ss: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/xsm/flask/ss/avtab.c | 4 ++-- xen/xsm/flask/ss/conditional.c | 10 ++++---- xen/xsm/flask/ss/conditional.h | 6 ++--- xen/xsm/flask/ss/policydb.c | 53 ++++++++++++++++++++++-------------------- xen/xsm/flask/ss/services.c | 6 ++--- xen/xsm/flask/ss/symtab.c | 5 ++-- 6 files changed, 44 insertions(+), 40 deletions(-) diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c index bfc91c8b0c..55c2b4d8a4 100644 --- a/xen/xsm/flask/ss/avtab.c +++ b/xen/xsm/flask/ss/avtab.c @@ -482,8 +482,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return insertf(a, &key, &datum, p); } -static int avtab_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *p) +static int cf_check avtab_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p) { return avtab_insert(a, k, d); } diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c index 3e58aea551..b4b116666c 100644 --- a/xen/xsm/flask/ss/conditional.c +++ b/xen/xsm/flask/ss/conditional.c @@ -189,14 +189,14 @@ int cond_init_bool_indexes(struct policydb *p) return 0; } -int cond_destroy_bool(void *key, void *datum, void *p) +int cf_check cond_destroy_bool(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -int cond_index_bool(void *key, void *datum, void *datap) +int cf_check cond_index_bool(void *key, void *datum, void *datap) { struct policydb *p; struct cond_bool_datum *booldatum; @@ -220,7 +220,7 @@ static int bool_isvalid(struct cond_bool_datum *b) return 1; } -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cond_bool_datum *booldatum; @@ -268,8 +268,8 @@ struct cond_insertf_data struct cond_av_list *tail; }; -static int cond_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *ptr) +static int cf_check cond_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr) { struct cond_insertf_data *data = ptr; struct policydb *p = data->p; diff --git a/xen/xsm/flask/ss/conditional.h b/xen/xsm/flask/ss/conditional.h index 59ac6b4b57..500fe4305a 100644 --- a/xen/xsm/flask/ss/conditional.h +++ b/xen/xsm/flask/ss/conditional.h @@ -63,11 +63,11 @@ int cond_policydb_init(struct policydb* p); void cond_policydb_destroy(struct policydb* p); int cond_init_bool_indexes(struct policydb* p); -int cond_destroy_bool(void *key, void *datum, void *p); +int cf_check cond_destroy_bool(void *key, void *datum, void *p); -int cond_index_bool(void *key, void *datum, void *datap); +int cf_check cond_index_bool(void *key, void *datum, void *datap); -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); int cond_read_list(struct policydb *p, void *fp); void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd); diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c index 9426164353..ff2103c63e 100644 --- a/xen/xsm/flask/ss/policydb.c +++ b/xen/xsm/flask/ss/policydb.c @@ -257,12 +257,12 @@ out_free_symtab: * of a class, role, or user are needed. */ -static int common_index(void *key, void *datum, void *datap) +static int cf_check common_index(void *key, void *datum, void *datap) { return 0; } -static int class_index(void *key, void *datum, void *datap) +static int cf_check class_index(void *key, void *datum, void *datap) { struct policydb *p; struct class_datum *cladatum; @@ -276,7 +276,7 @@ static int class_index(void *key, void *datum, void *datap) return 0; } -static int role_index(void *key, void *datum, void *datap) +static int cf_check role_index(void *key, void *datum, void *datap) { struct policydb *p; struct role_datum *role; @@ -292,7 +292,7 @@ static int role_index(void *key, void *datum, void *datap) return 0; } -static int type_index(void *key, void *datum, void *datap) +static int cf_check type_index(void *key, void *datum, void *datap) { struct policydb *p; struct type_datum *typdatum; @@ -313,7 +313,7 @@ static int type_index(void *key, void *datum, void *datap) return 0; } -static int user_index(void *key, void *datum, void *datap) +static int cf_check user_index(void *key, void *datum, void *datap) { struct policydb *p; struct user_datum *usrdatum; @@ -329,7 +329,7 @@ static int user_index(void *key, void *datum, void *datap) return 0; } -static int sens_index(void *key, void *datum, void *datap) +static int cf_check sens_index(void *key, void *datum, void *datap) { struct policydb *p; struct level_datum *levdatum; @@ -348,7 +348,7 @@ static int sens_index(void *key, void *datum, void *datap) return 0; } -static int cat_index(void *key, void *datum, void *datap) +static int cf_check cat_index(void *key, void *datum, void *datap) { struct policydb *p; struct cat_datum *catdatum; @@ -506,14 +506,14 @@ out: * symbol data in the policy database. */ -static int perm_destroy(void *key, void *datum, void *p) +static int cf_check perm_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int common_destroy(void *key, void *datum, void *p) +static int cf_check common_destroy(void *key, void *datum, void *p) { struct common_datum *comdatum; @@ -525,7 +525,7 @@ static int common_destroy(void *key, void *datum, void *p) return 0; } -static int class_destroy(void *key, void *datum, void *p) +static int cf_check class_destroy(void *key, void *datum, void *p) { struct class_datum *cladatum; struct constraint_node *constraint, *ctemp; @@ -572,7 +572,7 @@ static int class_destroy(void *key, void *datum, void *p) return 0; } -static int role_destroy(void *key, void *datum, void *p) +static int cf_check role_destroy(void *key, void *datum, void *p) { struct role_datum *role; @@ -584,14 +584,14 @@ static int role_destroy(void *key, void *datum, void *p) return 0; } -static int type_destroy(void *key, void *datum, void *p) +static int cf_check type_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int user_destroy(void *key, void *datum, void *p) +static int cf_check user_destroy(void *key, void *datum, void *p) { struct user_datum *usrdatum; @@ -605,7 +605,7 @@ static int user_destroy(void *key, void *datum, void *p) return 0; } -static int sens_destroy(void *key, void *datum, void *p) +static int cf_check sens_destroy(void *key, void *datum, void *p) { struct level_datum *levdatum; @@ -617,7 +617,7 @@ static int sens_destroy(void *key, void *datum, void *p) return 0; } -static int cat_destroy(void *key, void *datum, void *p) +static int cf_check cat_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); @@ -989,7 +989,7 @@ bad: goto out; } -static int common_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check common_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct common_datum *comdatum; @@ -1151,7 +1151,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, return 0; } -static int class_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check class_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct class_datum *cladatum; @@ -1250,7 +1250,7 @@ bad: goto out; } -static int role_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check role_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct role_datum *role; @@ -1321,7 +1321,7 @@ bad: goto out; } -static int type_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check type_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct type_datum *typdatum; @@ -1415,7 +1415,7 @@ bad: return -EINVAL; } -static int user_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check user_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct user_datum *usrdatum; @@ -1479,7 +1479,7 @@ bad: goto out; } -static int sens_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check sens_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct level_datum *levdatum; @@ -1534,7 +1534,7 @@ bad: goto out; } -static int cat_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check cat_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cat_datum *catdatum; @@ -1591,7 +1591,8 @@ static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) cat_read, }; -static int user_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check user_bounds_sanity_check( + void *key, void *datum, void *datap) { struct user_datum *upper, *user; struct policydb *p = datap; @@ -1631,7 +1632,8 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int role_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check role_bounds_sanity_check( + void *key, void *datum, void *datap) { struct role_datum *upper, *role; struct policydb *p = datap; @@ -1671,7 +1673,8 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int type_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check type_bounds_sanity_check( + void *key, void *datum, void *datap) { struct type_datum *upper, *type; struct policydb *p = datap; diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 42686535f2..2f6d3d350d 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -283,7 +283,7 @@ mls_ops: * security_dump_masked_av - dumps masked permissions during * security_compute_av due to RBAC, MLS/Constraint and Type bounds. */ -static int dump_masked_av_helper(void *k, void *d, void *args) +static int cf_check dump_masked_av_helper(void *k, void *d, void *args) { struct perm_datum *pdatum = d; char **permission_names = args; @@ -1240,7 +1240,7 @@ static int validate_classes(struct policydb *p) } /* Clone the SID into the new SID table. */ -static int clone_sid(u32 sid, struct context *context, void *arg) +static int cf_check clone_sid(u32 sid, struct context *context, void *arg) { struct sidtab *s = arg; @@ -1277,7 +1277,7 @@ struct convert_context_args { * in the policy `p->newp'. Verify that the * context is valid under the new policy. */ -static int convert_context(u32 key, struct context *c, void *p) +static int cf_check convert_context(u32 key, struct context *c, void *p) { struct convert_context_args *args; struct context oldc; diff --git a/xen/xsm/flask/ss/symtab.c b/xen/xsm/flask/ss/symtab.c index d98c116d5b..0ce7e08c24 100644 --- a/xen/xsm/flask/ss/symtab.c +++ b/xen/xsm/flask/ss/symtab.c @@ -12,7 +12,7 @@ #include #include "symtab.h" -static unsigned int symhash(struct hashtab *h, const void *key) +static unsigned int cf_check symhash(struct hashtab *h, const void *key) { const char *p, *keyp; unsigned int size; @@ -26,7 +26,8 @@ static unsigned int symhash(struct hashtab *h, const void *key) return val & (h->size - 1); } -static int symcmp(struct hashtab *h, const void *key1, const void *key2) +static int cf_check symcmp( + struct hashtab *h, const void *key1, const void *key2) { const char *keyp1, *keyp2; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:13:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:13:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277601.474204 (Exim 4.92) (envelope-from ) id 1nMuH8-0004YH-Rl; Wed, 23 Feb 2022 16:13:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277601.474204; Wed, 23 Feb 2022 16:13:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuH8-0004Y9-Ob; Wed, 23 Feb 2022 16:13:58 +0000 Received: by outflank-mailman (input) for mailman id 277601; Wed, 23 Feb 2022 16:13:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuH7-0004Xw-KN for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuH7-00058c-JZ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuH7-0003o8-Ik for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:13:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Yf0GKWlsrdnZAa6jDaHUNGSJuYWVoxPT3DN1AmPvVp0=; b=UZARkcuH/9fnvosZdIwfKDFrsi XceQuUZ//npj32jgCY0iEPnb2NWSXBIZAuUw4Fi9YkPgh0CLGq4awXV3q2UMB0Dq+YgmabBIAC7fo J5P4mNbgEZPlAbCinlqjR132q7thtIyMFVmewFD2Z9z/s41tHTwh6zTr8jx2om4baBi0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:13:57 +0000 commit a096eaf12a0d558240c937fe44176aaa98b750a7 Author: Andrew Cooper AuthorDate: Fri Oct 29 21:26:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/include/xsm/dummy.h | 211 ++++++++++++++++++++++-------------------- xen/xsm/flask/flask_op.c | 2 +- xen/xsm/flask/hooks.c | 232 ++++++++++++++++++++++++++--------------------- xen/xsm/flask/private.h | 4 +- xen/xsm/silo.c | 24 ++--- 5 files changed, 257 insertions(+), 216 deletions(-) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index b024119896..58afc1d589 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -101,46 +101,48 @@ static always_inline int xsm_default_action( } } -static XSM_INLINE void xsm_security_domaininfo( +static XSM_INLINE void cf_check xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int xsm_domain_create( +static XSM_INLINE int cf_check xsm_domain_create( XSM_DEFAULT_ARG struct domain *d, uint32_t ssidref) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_getdomaininfo( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_domctl_scheduler_op( +static XSM_INLINE int cf_check xsm_domctl_scheduler_op( XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int cf_check xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_set_target( +static XSM_INLINE int cf_check xsm_set_target( XSM_DEFAULT_ARG struct domain *d, struct domain *e) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_domctl( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) @@ -157,91 +159,93 @@ static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) } } -static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) +static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_alloc_security_domain(struct domain *d) +static XSM_INLINE int cf_check xsm_alloc_security_domain(struct domain *d) { return 0; } -static XSM_INLINE void xsm_free_security_domain(struct domain *d) +static XSM_INLINE void cf_check xsm_free_security_domain(struct domain *d) { return; } -static XSM_INLINE int xsm_grant_mapref( +static XSM_INLINE int cf_check xsm_grant_mapref( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_unmapref( +static XSM_INLINE int cf_check xsm_grant_unmapref( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_setup( +static XSM_INLINE int cf_check xsm_grant_setup( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_transfer( +static XSM_INLINE int cf_check xsm_grant_transfer( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_copy( +static XSM_INLINE int cf_check xsm_grant_copy( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_query_size( +static XSM_INLINE int cf_check xsm_grant_query_size( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_memory_exchange( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_memory_adjust_reservation( +static XSM_INLINE int cf_check xsm_memory_adjust_reservation( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_stat_reservation( +static XSM_INLINE int cf_check xsm_memory_stat_reservation( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_console_io( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); if ( d->is_console ) @@ -253,26 +257,27 @@ static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) return xsm_default_action(XSM_PRIV, d, NULL); } -static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op) +static XSM_INLINE int cf_check xsm_profile( + XSM_DEFAULT_ARG struct domain *d, int op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_kexec(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_schedop_shutdown( +static XSM_INLINE int cf_check xsm_schedop_shutdown( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_pin_page( +static XSM_INLINE int cf_check xsm_memory_pin_page( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, struct page_info *page) { @@ -280,20 +285,20 @@ static XSM_INLINE int xsm_memory_pin_page( return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_unbound( +static XSM_INLINE int cf_check xsm_evtchn_unbound( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_interdomain( +static XSM_INLINE int cf_check xsm_evtchn_interdomain( XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { @@ -301,89 +306,94 @@ static XSM_INLINE int xsm_evtchn_interdomain( return xsm_default_action(action, d1, d2); } -static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) +static XSM_INLINE void cf_check xsm_evtchn_close_post(struct evtchn *chn) { return; } -static XSM_INLINE int xsm_evtchn_send( +static XSM_INLINE int cf_check xsm_evtchn_send( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_evtchn_status( +static XSM_INLINE int cf_check xsm_evtchn_status( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_reset( +static XSM_INLINE int cf_check xsm_evtchn_reset( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_alloc_security_evtchns( +static XSM_INLINE int cf_check xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { return 0; } -static XSM_INLINE void xsm_free_security_evtchns( +static XSM_INLINE void cf_check xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { return; } -static XSM_INLINE char *xsm_show_security_evtchn( +static XSM_INLINE char *cf_check xsm_show_security_evtchn( struct domain *d, const struct evtchn *chn) { return NULL; } -static XSM_INLINE int xsm_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_init_hardware_domain( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_get_pod_target( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_set_pod_target( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_get_vnumainfo( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int cf_check xsm_get_device_group( + XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_assign_device( +static XSM_INLINE int cf_check xsm_assign_device( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_device( +static XSM_INLINE int cf_check xsm_deassign_device( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -393,14 +403,14 @@ static XSM_INLINE int xsm_deassign_device( #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int xsm_assign_dtdevice( +static XSM_INLINE int cf_check xsm_assign_dtdevice( XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_dtdevice( +static XSM_INLINE int cf_check xsm_deassign_dtdevice( XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -409,142 +419,144 @@ static XSM_INLINE int xsm_deassign_dtdevice( #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_plug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_unplug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_plug_pci( +static XSM_INLINE int cf_check xsm_resource_plug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_pci( +static XSM_INLINE int cf_check xsm_resource_unplug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_pci( +static XSM_INLINE int cf_check xsm_resource_setup_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) +static XSM_INLINE int cf_check xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_setup_misc(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) +static XSM_INLINE int cf_check xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_hypfs_op(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +static XSM_INLINE long cf_check xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } #ifdef CONFIG_COMPAT -static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) +static XSM_INLINE int cf_check xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } #endif -static XSM_INLINE char *xsm_show_irq_sid(int irq) +static XSM_INLINE char *cf_check xsm_show_irq_sid(int irq) { return NULL; } -static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_map_domain_pirq( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_map_domain_irq( +static XSM_INLINE int cf_check xsm_map_domain_irq( XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_unmap_domain_pirq( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_bind_pt_irq( +static XSM_INLINE int cf_check xsm_bind_pt_irq( XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unbind_pt_irq( +static XSM_INLINE int cf_check xsm_unbind_pt_irq( XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_irq( +static XSM_INLINE int cf_check xsm_unmap_domain_irq( XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_irq_permission( +static XSM_INLINE int cf_check xsm_irq_permission( XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_permission( +static XSM_INLINE int cf_check xsm_iomem_permission( XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_mapping( +static XSM_INLINE int cf_check xsm_iomem_mapping( XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pci_config_permission( +static XSM_INLINE int cf_check xsm_pci_config_permission( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { @@ -552,41 +564,42 @@ static XSM_INLINE int xsm_pci_config_permission( return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_add_to_physmap( +static XSM_INLINE int cf_check xsm_add_to_physmap( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_remove_from_physmap( +static XSM_INLINE int cf_check xsm_remove_from_physmap( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_map_gmfn_foreign( +static XSM_INLINE int cf_check xsm_map_gmfn_foreign( XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_hvm_param( +static XSM_INLINE int cf_check xsm_hvm_param( XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_hvm_param_altp2mhvm( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_altp2mhvm_op( +static XSM_INLINE int cf_check xsm_hvm_altp2mhvm_op( XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -606,7 +619,7 @@ static XSM_INLINE int xsm_hvm_altp2mhvm_op( } } -static XSM_INLINE int xsm_vm_event_control( +static XSM_INLINE int cf_check xsm_vm_event_control( XSM_DEFAULT_ARG struct domain *d, int mode, int op) { XSM_ASSERT_ACTION(XSM_PRIV); @@ -614,7 +627,7 @@ static XSM_INLINE int xsm_vm_event_control( } #ifdef CONFIG_MEM_ACCESS -static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -622,7 +635,7 @@ static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_PAGING -static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -630,59 +643,61 @@ static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_SHARING -static XSM_INLINE int xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #endif -static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int cf_check xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } #ifdef CONFIG_X86 -static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_do_mca(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_shadow_control( +static XSM_INLINE int cf_check xsm_shadow_control( XSM_DEFAULT_ARG struct domain *d, uint32_t op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_sharing_op( +static XSM_INLINE int cf_check xsm_mem_sharing_op( XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, cd); } -static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_apic( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_machine_memory_map(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_domain_memory_map( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mmu_update( +static XSM_INLINE int cf_check xsm_mmu_update( XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { @@ -695,42 +710,42 @@ static XSM_INLINE int xsm_mmu_update( return rc; } -static XSM_INLINE int xsm_mmuext_op( +static XSM_INLINE int cf_check xsm_mmuext_op( XSM_DEFAULT_ARG struct domain *d, struct domain *f) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_update_va_mapping( +static XSM_INLINE int cf_check xsm_update_va_mapping( XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_priv_mapping( +static XSM_INLINE int cf_check xsm_priv_mapping( XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_ioport_permission( +static XSM_INLINE int cf_check xsm_ioport_permission( XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_mapping( +static XSM_INLINE int cf_check xsm_ioport_mapping( XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pmu_op( +static XSM_INLINE int cf_check xsm_pmu_op( XSM_DEFAULT_ARG struct domain *d, unsigned int op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -748,30 +763,31 @@ static XSM_INLINE int xsm_pmu_op( #endif /* CONFIG_X86 */ -static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_ARGO -static XSM_INLINE int xsm_argo_enable(const struct domain *d) +static XSM_INLINE int cf_check xsm_argo_enable(const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_register_single_source( +static XSM_INLINE int cf_check xsm_argo_register_single_source( const struct domain *d, const struct domain *t) { return 0; } -static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d) +static XSM_INLINE int cf_check xsm_argo_register_any_source( + const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_send( +static XSM_INLINE int cf_check xsm_argo_send( const struct domain *d, const struct domain *t) { return 0; @@ -780,7 +796,7 @@ static XSM_INLINE int xsm_argo_send( #endif /* CONFIG_ARGO */ #include -static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int cf_check xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -804,7 +820,8 @@ static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) } } -static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_domain_resource_map( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 2d7ca3abae..707be72a3b 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -607,7 +607,7 @@ static int flask_relabel_domain(struct xen_flask_relabel *arg) #endif /* !COMPAT */ -ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) +ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) { xen_flask_op_t op; int rv; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 6ff1be28e4..63484e323c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -157,7 +157,7 @@ static int avc_unknown_permission(const char *name, int id) return rc; } -static int flask_domain_alloc_security(struct domain *d) +static int cf_check flask_domain_alloc_security(struct domain *d) { struct domain_security_struct *dsec; @@ -186,7 +186,7 @@ static int flask_domain_alloc_security(struct domain *d) return 0; } -static void flask_domain_free_security(struct domain *d) +static void cf_check flask_domain_free_security(struct domain *d) { struct domain_security_struct *dsec = d->ssid; @@ -197,8 +197,8 @@ static void flask_domain_free_security(struct domain *d) xfree(dsec); } -static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, - domid_t id2) +static int cf_check flask_evtchn_unbound( + struct domain *d1, struct evtchn *chn, domid_t id2) { u32 sid1, sid2, newsid; int rc; @@ -230,8 +230,9 @@ static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, return rc; } -static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, - struct domain *d2, struct evtchn *chn2) +static int cf_check flask_evtchn_interdomain( + struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2) { u32 sid1, sid2, newsid, reverse_sid; int rc; @@ -273,12 +274,12 @@ static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, return rc; } -static void flask_evtchn_close_post(struct evtchn *chn) +static void cf_check flask_evtchn_close_post(struct evtchn *chn) { chn->ssid.flask_sid = SECINITSID_UNLABELED; } -static int flask_evtchn_send(struct domain *d, struct evtchn *chn) +static int cf_check flask_evtchn_send(struct domain *d, struct evtchn *chn) { int rc; @@ -298,17 +299,18 @@ static int flask_evtchn_send(struct domain *d, struct evtchn *chn) return rc; } -static int flask_evtchn_status(struct domain *d, struct evtchn *chn) +static int cf_check flask_evtchn_status(struct domain *d, struct evtchn *chn) { return domain_has_evtchn(d, chn, EVENT__STATUS); } -static int flask_evtchn_reset(struct domain *d1, struct domain *d2) +static int cf_check flask_evtchn_reset(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET); } -static int flask_alloc_security_evtchns(struct evtchn chn[], unsigned int nr) +static int cf_check flask_alloc_security_evtchns( + struct evtchn chn[], unsigned int nr) { unsigned int i; @@ -318,7 +320,8 @@ static int flask_alloc_security_evtchns(struct evtchn chn[], unsigned int nr) return 0; } -static void flask_free_security_evtchns(struct evtchn chn[], unsigned int nr) +static void cf_check flask_free_security_evtchns( + struct evtchn chn[], unsigned int nr) { unsigned int i; @@ -329,7 +332,8 @@ static void flask_free_security_evtchns(struct evtchn chn[], unsigned int nr) chn[i].ssid.flask_sid = SECINITSID_UNLABELED; } -static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *chn) +static char *cf_check flask_show_security_evtchn( + struct domain *d, const struct evtchn *chn) { int irq; u32 sid = 0; @@ -355,13 +359,13 @@ static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *c return ctx; } -static int flask_init_hardware_domain(struct domain *d) +static int cf_check flask_init_hardware_domain(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__CREATE_HARDWARE_DOMAIN); } -static int flask_grant_mapref(struct domain *d1, struct domain *d2, - uint32_t flags) +static int cf_check flask_grant_mapref( + struct domain *d1, struct domain *d2, uint32_t flags) { u32 perms = GRANT__MAP_READ; @@ -371,73 +375,75 @@ static int flask_grant_mapref(struct domain *d1, struct domain *d2, return domain_has_perm(d1, d2, SECCLASS_GRANT, perms); } -static int flask_grant_unmapref(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_unmapref(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP); } -static int flask_grant_setup(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_setup(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP); } -static int flask_grant_transfer(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_transfer(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER); } -static int flask_grant_copy(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_copy(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY); } -static int flask_grant_query_size(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_query_size(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY); } -static int flask_get_pod_target(struct domain *d) +static int cf_check flask_get_pod_target(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET); } -static int flask_set_pod_target(struct domain *d) +static int cf_check flask_set_pod_target(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET); } -static int flask_memory_exchange(struct domain *d) +static int cf_check flask_memory_exchange(struct domain *d) { return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE); } -static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2) +static int cf_check flask_memory_adjust_reservation( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST); } -static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2) +static int cf_check flask_memory_stat_reservation( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT); } -static int flask_memory_pin_page(struct domain *d1, struct domain *d2, - struct page_info *page) +static int cf_check flask_memory_pin_page( + struct domain *d1, struct domain *d2, struct page_info *page) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE); } -static int flask_claim_pages(struct domain *d) +static int cf_check flask_claim_pages(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETCLAIM); } -static int flask_get_vnumainfo(struct domain *d) +static int cf_check flask_get_vnumainfo(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_VNUMAINFO); } -static int flask_console_io(struct domain *d, int cmd) +static int cf_check flask_console_io(struct domain *d, int cmd) { u32 perm; @@ -456,7 +462,7 @@ static int flask_console_io(struct domain *d, int cmd) return domain_has_xen(d, perm); } -static int flask_profile(struct domain *d, int op) +static int cf_check flask_profile(struct domain *d, int op) { u32 perm; @@ -488,23 +494,23 @@ static int flask_profile(struct domain *d, int op) return domain_has_xen(d, perm); } -static int flask_kexec(void) +static int cf_check flask_kexec(void) { return domain_has_xen(current->domain, XEN__KEXEC); } -static int flask_schedop_shutdown(struct domain *d1, struct domain *d2) +static int cf_check flask_schedop_shutdown(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN); } -static void flask_security_domaininfo(struct domain *d, - struct xen_domctl_getdomaininfo *info) +static void cf_check flask_security_domaininfo( + struct domain *d, struct xen_domctl_getdomaininfo *info) { info->ssidref = domain_sid(d); } -static int flask_domain_create(struct domain *d, u32 ssidref) +static int cf_check flask_domain_create(struct domain *d, u32 ssidref) { int rc; struct domain_security_struct *dsec = d->ssid; @@ -532,12 +538,12 @@ static int flask_domain_create(struct domain *d, u32 ssidref) return rc; } -static int flask_getdomaininfo(struct domain *d) +static int cf_check flask_getdomaininfo(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO); } -static int flask_domctl_scheduler_op(struct domain *d, int op) +static int cf_check flask_domctl_scheduler_op(struct domain *d, int op) { switch ( op ) { @@ -554,7 +560,7 @@ static int flask_domctl_scheduler_op(struct domain *d, int op) } } -static int flask_sysctl_scheduler_op(int op) +static int cf_check flask_sysctl_scheduler_op(int op) { switch ( op ) { @@ -569,7 +575,7 @@ static int flask_sysctl_scheduler_op(int op) } } -static int flask_set_target(struct domain *d, struct domain *t) +static int cf_check flask_set_target(struct domain *d, struct domain *t) { int rc; struct domain_security_struct *dsec, *tsec; @@ -593,7 +599,7 @@ static int flask_set_target(struct domain *d, struct domain *t) return rc; } -static int flask_domctl(struct domain *d, int cmd) +static int cf_check flask_domctl(struct domain *d, int cmd) { switch ( cmd ) { @@ -757,7 +763,7 @@ static int flask_domctl(struct domain *d, int cmd) } } -static int flask_sysctl(int cmd) +static int cf_check flask_sysctl(int cmd) { switch ( cmd ) { @@ -835,7 +841,7 @@ static int flask_sysctl(int cmd) } } -static int flask_readconsole(uint32_t clear) +static int cf_check flask_readconsole(uint32_t clear) { u32 perms = XEN__READCONSOLE; @@ -853,7 +859,7 @@ static inline u32 resource_to_perm(uint8_t access) return RESOURCE__REMOVE; } -static char *flask_show_irq_sid (int irq) +static char *cf_check flask_show_irq_sid(int irq) { u32 sid, ctx_len; char *ctx; @@ -867,7 +873,7 @@ static char *flask_show_irq_sid (int irq) return ctx; } -static int flask_map_domain_pirq (struct domain *d) +static int cf_check flask_map_domain_pirq(struct domain *d) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); } @@ -907,7 +913,7 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) return perm; } -static int flask_map_domain_irq (struct domain *d, int irq, const void *data) +static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data) { u32 sid, dsid; int rc = -EPERM; @@ -933,7 +939,7 @@ static int flask_map_domain_irq (struct domain *d, int irq, const void *data) return rc; } -static int flask_unmap_domain_pirq (struct domain *d) +static int cf_check flask_unmap_domain_pirq(struct domain *d) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } @@ -954,7 +960,8 @@ static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, #endif } -static int flask_unmap_domain_irq (struct domain *d, int irq, const void *data) +static int cf_check flask_unmap_domain_irq( + struct domain *d, int irq, const void *data) { u32 sid; int rc = -EPERM; @@ -972,7 +979,8 @@ static int flask_unmap_domain_irq (struct domain *d, int irq, const void *data) return rc; } -static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static int cf_check flask_bind_pt_irq( + struct domain *d, struct xen_domctl_bind_pt_irq *bind) { u32 dsid, rsid; int rc = -EPERM; @@ -998,12 +1006,14 @@ static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *b return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static int cf_check flask_unbind_pt_irq( + struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } -static int flask_irq_permission (struct domain *d, int pirq, uint8_t access) +static int cf_check flask_irq_permission( + struct domain *d, int pirq, uint8_t access) { /* the PIRQ number is not useful; real IRQ is checked during mapping */ return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access)); @@ -1016,7 +1026,8 @@ struct iomem_has_perm_data { u32 use_perm; }; -static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long end) +static int cf_check _iomem_has_perm( + void *v, u32 sid, unsigned long start, unsigned long end) { struct iomem_has_perm_data *data = v; struct avc_audit_data ad; @@ -1034,7 +1045,8 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad); } -static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t end, uint8_t access) +static int cf_check flask_iomem_permission( + struct domain *d, uint64_t start, uint64_t end, uint8_t access) { struct iomem_has_perm_data data; int rc; @@ -1056,12 +1068,14 @@ static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t end return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data); } -static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) +static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) { return flask_iomem_permission(d, start, end, access); } -static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) +static int cf_check flask_pci_config_permission( + struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, + uint8_t access) { u32 dsid, rsid; int rc = -EPERM; @@ -1085,12 +1099,12 @@ static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, u } -static int flask_resource_plug_core(void) +static int cf_check flask_resource_plug_core(void) { return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__PLUG, NULL); } -static int flask_resource_unplug_core(void) +static int cf_check flask_resource_unplug_core(void) { return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__UNPLUG, NULL); } @@ -1100,7 +1114,7 @@ static int flask_resource_use_core(void) return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__USE, NULL); } -static int flask_resource_plug_pci(uint32_t machine_bdf) +static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1115,7 +1129,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG, &ad); } -static int flask_resource_unplug_pci(uint32_t machine_bdf) +static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1130,7 +1144,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG, &ad); } -static int flask_resource_setup_pci(uint32_t machine_bdf) +static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1145,7 +1159,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad); } -static int flask_resource_setup_gsi(int gsi) +static int cf_check flask_resource_setup_gsi(int gsi) { u32 rsid; int rc = -EPERM; @@ -1158,12 +1172,12 @@ static int flask_resource_setup_gsi(int gsi) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad); } -static int flask_resource_setup_misc(void) +static int cf_check flask_resource_setup_misc(void) { return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE, RESOURCE__SETUP, NULL); } -static inline int flask_page_offline(uint32_t cmd) +static inline int cf_check flask_page_offline(uint32_t cmd) { switch (cmd) { case sysctl_page_offline: @@ -1177,27 +1191,28 @@ static inline int flask_page_offline(uint32_t cmd) } } -static inline int flask_hypfs_op(void) +static inline int cf_check flask_hypfs_op(void) { return domain_has_xen(current->domain, XEN__HYPFS_OP); } -static int flask_add_to_physmap(struct domain *d1, struct domain *d2) +static int cf_check flask_add_to_physmap(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP); } -static int flask_remove_from_physmap(struct domain *d1, struct domain *d2) +static int cf_check flask_remove_from_physmap( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP); } -static int flask_map_gmfn_foreign(struct domain *d, struct domain *t) +static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t) { return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE); } -static int flask_hvm_param(struct domain *d, unsigned long op) +static int cf_check flask_hvm_param(struct domain *d, unsigned long op) { u32 perm; @@ -1216,12 +1231,12 @@ static int flask_hvm_param(struct domain *d, unsigned long op) return current_has_perm(d, SECCLASS_HVM, perm); } -static int flask_hvm_param_altp2mhvm(struct domain *d) +static int cf_check flask_hvm_param_altp2mhvm(struct domain *d) { return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM); } -static int flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) +static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) { /* * Require both mode and XSM to allow the operation. Assume XSM rules @@ -1245,34 +1260,34 @@ static int flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP); } -static int flask_vm_event_control(struct domain *d, int mode, int op) +static int cf_check flask_vm_event_control(struct domain *d, int mode, int op) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT); } #ifdef CONFIG_MEM_ACCESS -static int flask_mem_access(struct domain *d) +static int cf_check flask_mem_access(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS); } #endif #ifdef CONFIG_MEM_PAGING -static int flask_mem_paging(struct domain *d) +static int cf_check flask_mem_paging(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_PAGING); } #endif #ifdef CONFIG_MEM_SHARING -static int flask_mem_sharing(struct domain *d) +static int cf_check flask_mem_sharing(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_SHARING); } #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static int flask_get_device_group(uint32_t machine_bdf) +static int cf_check flask_get_device_group(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1296,7 +1311,7 @@ static int flask_test_assign_device(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL); } -static int flask_assign_device(struct domain *d, uint32_t machine_bdf) +static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) { u32 dsid, rsid; int rc = -EPERM; @@ -1326,7 +1341,8 @@ static int flask_assign_device(struct domain *d, uint32_t machine_bdf) return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_deassign_device(struct domain *d, uint32_t machine_bdf) +static int cf_check flask_deassign_device( + struct domain *d, uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1357,7 +1373,7 @@ static int flask_test_assign_dtdevice(const char *dtpath) NULL); } -static int flask_assign_dtdevice(struct domain *d, const char *dtpath) +static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) { u32 dsid, rsid; int rc = -EPERM; @@ -1387,7 +1403,8 @@ static int flask_assign_dtdevice(struct domain *d, const char *dtpath) return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_deassign_dtdevice(struct domain *d, const char *dtpath) +static int cf_check flask_deassign_dtdevice( + struct domain *d, const char *dtpath) { u32 rsid; int rc = -EPERM; @@ -1405,7 +1422,7 @@ static int flask_deassign_dtdevice(struct domain *d, const char *dtpath) } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static int flask_platform_op(uint32_t op) +static int cf_check flask_platform_op(uint32_t op) { switch ( op ) { @@ -1474,12 +1491,12 @@ static int flask_platform_op(uint32_t op) } #ifdef CONFIG_X86 -static int flask_do_mca(void) +static int cf_check flask_do_mca(void) { return domain_has_xen(current->domain, XEN__MCA_OP); } -static int flask_shadow_control(struct domain *d, uint32_t op) +static int cf_check flask_shadow_control(struct domain *d, uint32_t op) { u32 perm; @@ -1513,7 +1530,8 @@ struct ioport_has_perm_data { u32 use_perm; }; -static int _ioport_has_perm(void *v, u32 sid, unsigned long start, unsigned long end) +static int cf_check _ioport_has_perm( + void *v, u32 sid, unsigned long start, unsigned long end) { struct ioport_has_perm_data *data = v; struct avc_audit_data ad; @@ -1531,7 +1549,8 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned long start, unsigned long return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad); } -static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t end, uint8_t access) +static int cf_check flask_ioport_permission( + struct domain *d, uint32_t start, uint32_t end, uint8_t access) { int rc; struct ioport_has_perm_data data; @@ -1554,12 +1573,14 @@ static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t en return security_iterate_ioport_sids(start, end, _ioport_has_perm, &data); } -static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end, uint8_t access) +static int cf_check flask_ioport_mapping( + struct domain *d, uint32_t start, uint32_t end, uint8_t access) { return flask_ioport_permission(d, start, end, access); } -static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op) +static int cf_check flask_mem_sharing_op( + struct domain *d, struct domain *cd, int op) { int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING); if ( rc ) @@ -1567,7 +1588,7 @@ static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op) return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM); } -static int flask_apic(struct domain *d, int cmd) +static int cf_check flask_apic(struct domain *d, int cmd) { u32 perm; @@ -1587,18 +1608,18 @@ static int flask_apic(struct domain *d, int cmd) return domain_has_xen(d, perm); } -static int flask_machine_memory_map(void) +static int cf_check flask_machine_memory_map(void) { return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP, NULL); } -static int flask_domain_memory_map(struct domain *d) +static int cf_check flask_domain_memory_map(struct domain *d) { return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP); } -static int flask_mmu_update(struct domain *d, struct domain *t, - struct domain *f, uint32_t flags) +static int cf_check flask_mmu_update( + struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; u32 map_perms = 0; @@ -1620,13 +1641,13 @@ static int flask_mmu_update(struct domain *d, struct domain *t, return rc; } -static int flask_mmuext_op(struct domain *d, struct domain *f) +static int cf_check flask_mmuext_op(struct domain *d, struct domain *f) { return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP); } -static int flask_update_va_mapping(struct domain *d, struct domain *f, - l1_pgentry_t pte) +static int cf_check flask_update_va_mapping( + struct domain *d, struct domain *f, l1_pgentry_t pte) { u32 map_perms = MMU__MAP_READ; if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) ) @@ -1637,12 +1658,12 @@ static int flask_update_va_mapping(struct domain *d, struct domain *f, return domain_has_perm(d, f, SECCLASS_MMU, map_perms); } -static int flask_priv_mapping(struct domain *d, struct domain *t) +static int cf_check flask_priv_mapping(struct domain *d, struct domain *t) { return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK); } -static int flask_pmu_op (struct domain *d, unsigned int op) +static int cf_check flask_pmu_op(struct domain *d, unsigned int op) { u32 dsid = domain_sid(d); @@ -1666,12 +1687,12 @@ static int flask_pmu_op (struct domain *d, unsigned int op) } #endif /* CONFIG_X86 */ -static int flask_dm_op(struct domain *d) +static int cf_check flask_dm_op(struct domain *d) { return current_has_perm(d, SECCLASS_HVM, HVM__DM); } -static int flask_xen_version (uint32_t op) +static int cf_check flask_xen_version(uint32_t op) { u32 dsid = domain_sid(current->domain); @@ -1711,32 +1732,33 @@ static int flask_xen_version (uint32_t op) } } -static int flask_domain_resource_map(struct domain *d) +static int cf_check flask_domain_resource_map(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__RESOURCE_MAP); } #ifdef CONFIG_ARGO -static int flask_argo_enable(const struct domain *d) +static int cf_check flask_argo_enable(const struct domain *d) { return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, ARGO__ENABLE, NULL); } -static int flask_argo_register_single_source(const struct domain *d, - const struct domain *t) +static int cf_check flask_argo_register_single_source( + const struct domain *d, const struct domain *t) { return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__REGISTER_SINGLE_SOURCE); } -static int flask_argo_register_any_source(const struct domain *d) +static int cf_check flask_argo_register_any_source(const struct domain *d) { return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, ARGO__REGISTER_ANY_SOURCE, NULL); } -static int flask_argo_send(const struct domain *d, const struct domain *t) +static int cf_check flask_argo_send( + const struct domain *d, const struct domain *t) { return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__SEND); } diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h index 73b0de8724..429f213cce 100644 --- a/xen/xsm/flask/private.h +++ b/xen/xsm/flask/private.h @@ -3,7 +3,7 @@ #include -long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +long cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +int cf_check compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); #endif /* XSM_FLASK_PRIVATE */ diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 3550dded7b..4d5fc98e7e 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -33,8 +33,8 @@ static bool silo_mode_dom_check(const struct domain *ldom, is_control_domain(rdom) || ldom == rdom); } -static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn, - domid_t id2) +static int cf_check silo_evtchn_unbound( + struct domain *d1, struct evtchn *chn, domid_t id2) { int rc = -EPERM; struct domain *d2 = rcu_lock_domain_by_any_id(id2); @@ -51,30 +51,31 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn, return rc; } -static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1, - struct domain *d2, struct evtchn *chan2) +static int cf_check silo_evtchn_interdomain( + struct domain *d1, struct evtchn *chan1, + struct domain *d2, struct evtchn *chan2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_evtchn_interdomain(d1, chan1, d2, chan2); return -EPERM; } -static int silo_grant_mapref(struct domain *d1, struct domain *d2, - uint32_t flags) +static int cf_check silo_grant_mapref( + struct domain *d1, struct domain *d2, uint32_t flags) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_mapref(d1, d2, flags); return -EPERM; } -static int silo_grant_transfer(struct domain *d1, struct domain *d2) +static int cf_check silo_grant_transfer(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_transfer(d1, d2); return -EPERM; } -static int silo_grant_copy(struct domain *d1, struct domain *d2) +static int cf_check silo_grant_copy(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_copy(d1, d2); @@ -83,15 +84,16 @@ static int silo_grant_copy(struct domain *d1, struct domain *d2) #ifdef CONFIG_ARGO -static int silo_argo_register_single_source(const struct domain *d1, - const struct domain *d2) +static int cf_check silo_argo_register_single_source( + const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_argo_register_single_source(d1, d2); return -EPERM; } -static int silo_argo_send(const struct domain *d1, const struct domain *d2) +static int cf_check silo_argo_send( + const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_argo_send(d1, d2); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:14:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:14:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277602.474208 (Exim 4.92) (envelope-from ) id 1nMuHI-0004bU-VH; Wed, 23 Feb 2022 16:14:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277602.474208; Wed, 23 Feb 2022 16:14:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHI-0004bM-SI; Wed, 23 Feb 2022 16:14:08 +0000 Received: by outflank-mailman (input) for mailman id 277602; Wed, 23 Feb 2022 16:14:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHH-0004b2-OC for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHH-00058u-NW for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuHH-0003p0-Mj for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sYzDZyej187C53MxwSrj6tYyt9Jgi6F8XA/Wfxnm85Y=; b=d2YZHt5u0yS3PJx1K4hg3rlMOG 6JMkHs/o3fP5z8n9VRa2GJn1pxvNMRgdSvoLx2VwDfbZh/AW8V+BjZZ6bF0k4Loy0BZKiv0R36U8y j0PCqMJ7pDr21JBpYeDxYFIsFq8mpMgeyK0DrYh8DX8/NEJ8aEzObxX0mlA3FOeLMYu8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/sched: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:07 +0000 commit 15268d2ea32a194c30c79e67ba0ddc8dfb0e29fb Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:53 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/sched: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Dario Faggioli --- xen/common/sched/arinc653.c | 20 +++++++-------- xen/common/sched/core.c | 8 +++--- xen/common/sched/credit.c | 49 ++++++++++++++++++------------------ xen/common/sched/credit2.c | 51 +++++++++++++++++++------------------- xen/common/sched/null.c | 60 +++++++++++++++++++++++---------------------- xen/common/sched/rt.c | 42 +++++++++++++++---------------- 6 files changed, 115 insertions(+), 115 deletions(-) diff --git a/xen/common/sched/arinc653.c b/xen/common/sched/arinc653.c index 5421918221..a82c0d7314 100644 --- a/xen/common/sched/arinc653.c +++ b/xen/common/sched/arinc653.c @@ -343,7 +343,7 @@ arinc653_sched_get( *
  • !0 = error * */ -static int +static int cf_check a653sched_init(struct scheduler *ops) { a653sched_priv_t *prv; @@ -366,7 +366,7 @@ a653sched_init(struct scheduler *ops) * * @param ops Pointer to this instance of the scheduler structure */ -static void +static void cf_check a653sched_deinit(struct scheduler *ops) { xfree(SCHED_PRIV(ops)); @@ -381,7 +381,7 @@ a653sched_deinit(struct scheduler *ops) * * @return Pointer to the allocated data */ -static void * +static void *cf_check a653sched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -442,7 +442,7 @@ a653sched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, * * @param ops Pointer to this instance of the scheduler structure */ -static void +static void cf_check a653sched_free_udata(const struct scheduler *ops, void *priv) { a653sched_priv_t *sched_priv = SCHED_PRIV(ops); @@ -469,7 +469,7 @@ a653sched_free_udata(const struct scheduler *ops, void *priv) * @param ops Pointer to this instance of the scheduler structure * @param unit Pointer to struct sched_unit */ -static void +static void cf_check a653sched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { if ( AUNIT(unit) != NULL ) @@ -489,7 +489,7 @@ a653sched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) * @param ops Pointer to this instance of the scheduler structure * @param unit Pointer to struct sched_unit */ -static void +static void cf_check a653sched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { if ( AUNIT(unit) != NULL ) @@ -505,7 +505,7 @@ a653sched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) * @param ops Pointer to this instance of the scheduler structure * @param now Current time */ -static void +static void cf_check a653sched_do_schedule( const struct scheduler *ops, struct sched_unit *prev, @@ -604,7 +604,7 @@ a653sched_do_schedule( * * @return Scheduler resource to run on */ -static struct sched_resource * +static struct sched_resource *cf_check a653sched_pick_resource(const struct scheduler *ops, const struct sched_unit *unit) { @@ -634,7 +634,7 @@ a653sched_pick_resource(const struct scheduler *ops, * @param pdata scheduler specific PCPU data (we don't have any) * @param vdata scheduler specific UNIT data of the idle unit */ -static spinlock_t * +static spinlock_t *cf_check a653_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -656,7 +656,7 @@ a653_switch_sched(struct scheduler *new_ops, unsigned int cpu, * @param ops Pointer to this instance of the scheduler structure * @param sc Pointer to the scheduler operation specified by Domain 0 */ -static int +static int cf_check a653sched_adjust_global(const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 4e60500c7c..19ab678181 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -98,13 +98,13 @@ static bool scheduler_active; static void sched_set_affinity( struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft); -static struct sched_resource * +static struct sched_resource *cf_check sched_idle_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { return unit->res; } -static void * +static void *cf_check sched_idle_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -112,12 +112,12 @@ sched_idle_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return ZERO_BLOCK_PTR; } -static void +static void cf_check sched_idle_free_udata(const struct scheduler *ops, void *priv) { } -static void sched_idle_schedule( +static void cf_check sched_idle_schedule( const struct scheduler *ops, struct sched_unit *unit, s_time_t now, bool tasklet_work_scheduled) { diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index 5635271f6f..4d3bd8cba6 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -507,7 +507,7 @@ static inline void __runq_tickle(const struct csched_unit *new) SCHED_STAT_CRANK(tickled_no_cpu); } -static void +static void cf_check csched_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) { const struct csched_private *prv = CSCHED_PRIV(ops); @@ -524,7 +524,7 @@ csched_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) xfree(pcpu); } -static void +static void cf_check csched_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { struct csched_private *prv = CSCHED_PRIV(ops); @@ -566,7 +566,7 @@ csched_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check csched_alloc_pdata(const struct scheduler *ops, int cpu) { struct csched_pcpu *spc; @@ -615,7 +615,7 @@ init_pdata(struct csched_private *prv, struct csched_pcpu *spc, int cpu) } /* Change the scheduler of cpu to us (Credit). */ -static spinlock_t * +static spinlock_t *cf_check csched_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -848,7 +848,7 @@ _csched_cpu_pick(const struct scheduler *ops, const struct sched_unit *unit, return cpu; } -static struct sched_resource * +static struct sched_resource *cf_check csched_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct csched_unit *svc = CSCHED_UNIT(unit); @@ -985,9 +985,8 @@ csched_unit_acct(struct csched_private *prv, unsigned int cpu) } } -static void * -csched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, - void *dd) +static void *cf_check csched_alloc_udata( + const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct csched_unit *svc; @@ -1007,7 +1006,7 @@ csched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return svc; } -static void +static void cf_check csched_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit *svc = unit->priv; @@ -1032,7 +1031,7 @@ csched_unit_insert(const struct scheduler *ops, struct sched_unit *unit) SCHED_STAT_CRANK(unit_insert); } -static void +static void cf_check csched_free_udata(const struct scheduler *ops, void *priv) { struct csched_unit *svc = priv; @@ -1042,7 +1041,7 @@ csched_free_udata(const struct scheduler *ops, void *priv) xfree(svc); } -static void +static void cf_check csched_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct csched_private *prv = CSCHED_PRIV(ops); @@ -1069,7 +1068,7 @@ csched_unit_remove(const struct scheduler *ops, struct sched_unit *unit) BUG_ON( sdom == NULL ); } -static void +static void cf_check csched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1094,7 +1093,7 @@ csched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) runq_remove(svc); } -static void +static void cf_check csched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1156,7 +1155,7 @@ csched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) __runq_tickle(svc); } -static void +static void cf_check csched_unit_yield(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1165,7 +1164,7 @@ csched_unit_yield(const struct scheduler *ops, struct sched_unit *unit) set_bit(CSCHED_FLAG_UNIT_YIELD, &svc->flags); } -static int +static int cf_check csched_dom_cntl( const struct scheduler *ops, struct domain *d, @@ -1210,7 +1209,7 @@ csched_dom_cntl( return rc; } -static void +static void cf_check csched_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft) { @@ -1238,7 +1237,7 @@ __csched_set_tslice(struct csched_private *prv, unsigned int timeslice_ms) prv->credit = prv->credits_per_tslice * prv->ncpus; } -static int +static int cf_check csched_sys_cntl(const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { @@ -1281,7 +1280,7 @@ csched_sys_cntl(const struct scheduler *ops, return rc; } -static void * +static void *cf_check csched_alloc_domdata(const struct scheduler *ops, struct domain *dom) { struct csched_dom *sdom; @@ -1299,7 +1298,7 @@ csched_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check csched_free_domdata(const struct scheduler *ops, void *data) { xfree(data); @@ -1809,7 +1808,7 @@ csched_load_balance(struct csched_private *prv, int cpu, * This function is in the critical path. It is designed to be simple and * fast for the common case. */ -static void csched_schedule( +static void cf_check csched_schedule( const struct scheduler *ops, struct sched_unit *unit, s_time_t now, bool tasklet_work_scheduled) { @@ -2026,7 +2025,7 @@ csched_dump_unit(const struct csched_unit *svc) printk("\n"); } -static void +static void cf_check csched_dump_pcpu(const struct scheduler *ops, int cpu) { const struct list_head *runq; @@ -2079,7 +2078,7 @@ csched_dump_pcpu(const struct scheduler *ops, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void +static void cf_check csched_dump(const struct scheduler *ops) { struct list_head *iter_sdom, *iter_svc; @@ -2143,7 +2142,7 @@ csched_dump(const struct scheduler *ops) spin_unlock_irqrestore(&prv->lock, flags); } -static int __init +static int __init cf_check csched_global_init(void) { if ( sched_credit_tslice_ms > XEN_SYSCTL_CSCHED_TSLICE_MAX || @@ -2173,7 +2172,7 @@ csched_global_init(void) return 0; } -static int +static int cf_check csched_init(struct scheduler *ops) { struct csched_private *prv; @@ -2215,7 +2214,7 @@ csched_init(struct scheduler *ops) return 0; } -static void +static void cf_check csched_deinit(struct scheduler *ops) { struct csched_private *prv; diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index d96e2749dd..0e3f89e537 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -2164,7 +2164,7 @@ csched2_unit_check(const struct sched_unit *unit) #define CSCHED2_UNIT_CHECK(unit) #endif -static void * +static void *cf_check csched2_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -2208,7 +2208,7 @@ csched2_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return svc; } -static void +static void cf_check csched2_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2230,7 +2230,7 @@ csched2_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) __clear_bit(__CSFLAG_delayed_runq_add, &svc->flags); } -static void +static void cf_check csched2_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2285,7 +2285,7 @@ out: return; } -static void +static void cf_check csched2_unit_yield(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2293,7 +2293,7 @@ csched2_unit_yield(const struct scheduler *ops, struct sched_unit *unit) __set_bit(__CSFLAG_unit_yield, &svc->flags); } -static void +static void cf_check csched2_context_saved(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2335,7 +2335,7 @@ csched2_context_saved(const struct scheduler *ops, struct sched_unit *unit) } #define MAX_LOAD (STIME_MAX) -static struct sched_resource * +static struct sched_resource *cf_check csched2_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct csched2_private *prv = csched2_priv(ops); @@ -2867,8 +2867,7 @@ retry: return; } -static void -csched2_unit_migrate( +static void cf_check csched2_unit_migrate( const struct scheduler *ops, struct sched_unit *unit, unsigned int new_cpu) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2894,7 +2893,7 @@ csched2_unit_migrate( sched_set_res(unit, get_sched_res(new_cpu)); } -static int +static int cf_check csched2_dom_cntl( const struct scheduler *ops, struct domain *d, @@ -3100,7 +3099,7 @@ csched2_dom_cntl( return rc; } -static void +static void cf_check csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft) { @@ -3116,8 +3115,8 @@ csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, __clear_bit(__CSFLAG_pinned, &svc->flags); } -static int csched2_sys_cntl(const struct scheduler *ops, - struct xen_sysctl_scheduler_op *sc) +static int cf_check csched2_sys_cntl( + const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { struct xen_sysctl_credit2_schedule *params = &sc->u.sched_credit2; struct csched2_private *prv = csched2_priv(ops); @@ -3148,7 +3147,7 @@ static int csched2_sys_cntl(const struct scheduler *ops, return 0; } -static void * +static void *cf_check csched2_alloc_domdata(const struct scheduler *ops, struct domain *dom) { struct csched2_private *prv = csched2_priv(ops); @@ -3180,7 +3179,7 @@ csched2_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check csched2_free_domdata(const struct scheduler *ops, void *data) { struct csched2_dom *sdom = data; @@ -3200,7 +3199,7 @@ csched2_free_domdata(const struct scheduler *ops, void *data) } } -static void +static void cf_check csched2_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { const struct csched2_unit *svc = unit->priv; @@ -3231,7 +3230,7 @@ csched2_unit_insert(const struct scheduler *ops, struct sched_unit *unit) CSCHED2_UNIT_CHECK(unit); } -static void +static void cf_check csched2_free_udata(const struct scheduler *ops, void *priv) { struct csched2_unit *svc = priv; @@ -3239,7 +3238,7 @@ csched2_free_udata(const struct scheduler *ops, void *priv) xfree(svc); } -static void +static void cf_check csched2_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -3558,7 +3557,7 @@ runq_candidate(struct csched2_runqueue_data *rqd, * This function is in the critical path. It is designed to be simple and * fast for the common case. */ -static void csched2_schedule( +static void cf_check csched2_schedule( const struct scheduler *ops, struct sched_unit *currunit, s_time_t now, bool tasklet_work_scheduled) { @@ -3790,7 +3789,7 @@ dump_pcpu(const struct scheduler *ops, int cpu) } } -static void +static void cf_check csched2_dump(const struct scheduler *ops) { struct list_head *iter_sdom; @@ -3898,7 +3897,7 @@ csched2_dump(const struct scheduler *ops) read_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check csched2_alloc_pdata(const struct scheduler *ops, int cpu) { struct csched2_pcpu *spc; @@ -3988,7 +3987,7 @@ init_pdata(struct csched2_private *prv, struct csched2_pcpu *spc, } /* Change the scheduler of cpu to us (Credit2). */ -static spinlock_t * +static spinlock_t *cf_check csched2_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -4026,7 +4025,7 @@ csched2_switch_sched(struct scheduler *new_ops, unsigned int cpu, return &rqd->lock; } -static void +static void cf_check csched2_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { unsigned long flags; @@ -4086,7 +4085,7 @@ csched2_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) return; } -static void +static void cf_check csched2_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) { struct csched2_private *prv = csched2_priv(ops); @@ -4115,7 +4114,7 @@ csched2_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) xfree(pcpu); } -static int __init +static int __init cf_check csched2_global_init(void) { if ( opt_load_precision_shift < LOADAVG_PRECISION_SHIFT_MIN ) @@ -4142,7 +4141,7 @@ csched2_global_init(void) return 0; } -static int +static int cf_check csched2_init(struct scheduler *ops) { struct csched2_private *prv; @@ -4190,7 +4189,7 @@ csched2_init(struct scheduler *ops) return 0; } -static void +static void cf_check csched2_deinit(struct scheduler *ops) { struct csched2_private *prv; diff --git a/xen/common/sched/null.c b/xen/common/sched/null.c index 82d5d1baab..65a0a6c531 100644 --- a/xen/common/sched/null.c +++ b/xen/common/sched/null.c @@ -130,7 +130,7 @@ static inline bool unit_check_affinity(struct sched_unit *unit, return cpumask_test_cpu(cpu, cpumask_scratch_cpu(cpu)); } -static int null_init(struct scheduler *ops) +static int cf_check null_init(struct scheduler *ops) { struct null_private *prv; @@ -152,7 +152,7 @@ static int null_init(struct scheduler *ops) return 0; } -static void null_deinit(struct scheduler *ops) +static void cf_check null_deinit(struct scheduler *ops) { xfree(ops->sched_data); ops->sched_data = NULL; @@ -166,7 +166,8 @@ static void init_pdata(struct null_private *prv, struct null_pcpu *npc, npc->unit = NULL; } -static void null_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) +static void cf_check null_deinit_pdata( + const struct scheduler *ops, void *pcpu, int cpu) { struct null_private *prv = null_priv(ops); struct null_pcpu *npc = pcpu; @@ -177,7 +178,7 @@ static void null_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) npc->unit = NULL; } -static void *null_alloc_pdata(const struct scheduler *ops, int cpu) +static void *cf_check null_alloc_pdata(const struct scheduler *ops, int cpu) { struct null_pcpu *npc; @@ -188,13 +189,14 @@ static void *null_alloc_pdata(const struct scheduler *ops, int cpu) return npc; } -static void null_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) +static void cf_check null_free_pdata( + const struct scheduler *ops, void *pcpu, int cpu) { xfree(pcpu); } -static void *null_alloc_udata(const struct scheduler *ops, - struct sched_unit *unit, void *dd) +static void *cf_check null_alloc_udata( + const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct null_unit *nvc; @@ -210,15 +212,15 @@ static void *null_alloc_udata(const struct scheduler *ops, return nvc; } -static void null_free_udata(const struct scheduler *ops, void *priv) +static void cf_check null_free_udata(const struct scheduler *ops, void *priv) { struct null_unit *nvc = priv; xfree(nvc); } -static void * null_alloc_domdata(const struct scheduler *ops, - struct domain *d) +static void *cf_check null_alloc_domdata( + const struct scheduler *ops, struct domain *d) { struct null_private *prv = null_priv(ops); struct null_dom *ndom; @@ -237,7 +239,7 @@ static void * null_alloc_domdata(const struct scheduler *ops, return ndom; } -static void null_free_domdata(const struct scheduler *ops, void *data) +static void cf_check null_free_domdata(const struct scheduler *ops, void *data) { struct null_dom *ndom = data; struct null_private *prv = null_priv(ops); @@ -426,9 +428,8 @@ static bool unit_deassign(struct null_private *prv, const struct sched_unit *uni } /* Change the scheduler of cpu to us (null). */ -static spinlock_t *null_switch_sched(struct scheduler *new_ops, - unsigned int cpu, - void *pdata, void *vdata) +static spinlock_t *cf_check null_switch_sched( + struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { struct sched_resource *sr = get_sched_res(cpu); struct null_private *prv = null_priv(new_ops); @@ -450,8 +451,8 @@ static spinlock_t *null_switch_sched(struct scheduler *new_ops, return &sr->_lock; } -static void null_unit_insert(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_insert( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -516,8 +517,8 @@ static void null_unit_insert(const struct scheduler *ops, SCHED_STAT_CRANK(unit_insert); } -static void null_unit_remove(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_remove( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -556,8 +557,8 @@ static void null_unit_remove(const struct scheduler *ops, SCHED_STAT_CRANK(unit_remove); } -static void null_unit_wake(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_wake( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -632,8 +633,8 @@ static void null_unit_wake(const struct scheduler *ops, cpumask_raise_softirq(cpumask_scratch_cpu(cpu), SCHEDULE_SOFTIRQ); } -static void null_unit_sleep(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_sleep( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); unsigned int cpu = sched_unit_master(unit); @@ -667,15 +668,15 @@ static void null_unit_sleep(const struct scheduler *ops, SCHED_STAT_CRANK(unit_sleep); } -static struct sched_resource * +static struct sched_resource *cf_check null_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { ASSERT(!is_idle_unit(unit)); return pick_res(null_priv(ops), unit); } -static void null_unit_migrate(const struct scheduler *ops, - struct sched_unit *unit, unsigned int new_cpu) +static void cf_check null_unit_migrate( + const struct scheduler *ops, struct sched_unit *unit, unsigned int new_cpu) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -801,8 +802,9 @@ static inline void null_unit_check(struct sched_unit *unit) * - the unit assigned to the pCPU, if there's one and it can run; * - the idle unit, otherwise. */ -static void null_schedule(const struct scheduler *ops, struct sched_unit *prev, - s_time_t now, bool tasklet_work_scheduled) +static void cf_check null_schedule( + const struct scheduler *ops, struct sched_unit *prev, s_time_t now, + bool tasklet_work_scheduled) { unsigned int bs; const unsigned int cur_cpu = smp_processor_id(); @@ -939,7 +941,7 @@ static inline void dump_unit(const struct null_private *prv, sched_unit_master(nvc->unit) : -1); } -static void null_dump_pcpu(const struct scheduler *ops, int cpu) +static void cf_check null_dump_pcpu(const struct scheduler *ops, int cpu) { struct null_private *prv = null_priv(ops); const struct null_pcpu *npc = get_sched_res(cpu)->sched_priv; @@ -968,7 +970,7 @@ static void null_dump_pcpu(const struct scheduler *ops, int cpu) pcpu_schedule_unlock_irqrestore(lock, flags, cpu); } -static void null_dump(const struct scheduler *ops) +static void cf_check null_dump(const struct scheduler *ops) { struct null_private *prv = null_priv(ops); struct list_head *iter; diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c index 5ea6f01f26..d6de25531b 100644 --- a/xen/common/sched/rt.c +++ b/xen/common/sched/rt.c @@ -269,13 +269,13 @@ unit_on_q(const struct rt_unit *svc) return !list_empty(&svc->q_elem); } -static struct rt_unit * +static struct rt_unit *cf_check q_elem(struct list_head *elem) { return list_entry(elem, struct rt_unit, q_elem); } -static struct rt_unit * +static struct rt_unit *cf_check replq_elem(struct list_head *elem) { return list_entry(elem, struct rt_unit, replq_elem); @@ -348,7 +348,7 @@ rt_dump_unit(const struct scheduler *ops, const struct rt_unit *svc) svc->flags, CPUMASK_PR(mask)); } -static void +static void cf_check rt_dump_pcpu(const struct scheduler *ops, int cpu) { struct rt_private *prv = rt_priv(ops); @@ -366,7 +366,7 @@ rt_dump_pcpu(const struct scheduler *ops, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void +static void cf_check rt_dump(const struct scheduler *ops) { struct list_head *runq, *depletedq, *replq, *iter; @@ -636,7 +636,7 @@ replq_reinsert(const struct scheduler *ops, struct rt_unit *svc) * Valid resource of an unit is intesection of unit's affinity * and available resources */ -static struct sched_resource * +static struct sched_resource *cf_check rt_res_pick_locked(const struct sched_unit *unit, unsigned int locked_cpu) { cpumask_t *cpus = cpumask_scratch_cpu(locked_cpu); @@ -659,7 +659,7 @@ rt_res_pick_locked(const struct sched_unit *unit, unsigned int locked_cpu) * Valid resource of an unit is intesection of unit's affinity * and available resources */ -static struct sched_resource * +static struct sched_resource *cf_check rt_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct sched_resource *res; @@ -672,7 +672,7 @@ rt_res_pick(const struct scheduler *ops, const struct sched_unit *unit) /* * Init/Free related code */ -static int +static int cf_check rt_init(struct scheduler *ops) { int rc = -ENOMEM; @@ -701,7 +701,7 @@ rt_init(struct scheduler *ops) return rc; } -static void +static void cf_check rt_deinit(struct scheduler *ops) { struct rt_private *prv = rt_priv(ops); @@ -714,7 +714,7 @@ rt_deinit(struct scheduler *ops) } /* Change the scheduler of cpu to us (RTDS). */ -static spinlock_t * +static spinlock_t *cf_check rt_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -750,7 +750,7 @@ rt_switch_sched(struct scheduler *new_ops, unsigned int cpu, return &prv->lock; } -static void +static void cf_check rt_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { unsigned long flags; @@ -782,7 +782,7 @@ rt_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check rt_alloc_domdata(const struct scheduler *ops, struct domain *dom) { unsigned long flags; @@ -804,7 +804,7 @@ rt_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check rt_free_domdata(const struct scheduler *ops, void *data) { struct rt_dom *sdom = data; @@ -822,7 +822,7 @@ rt_free_domdata(const struct scheduler *ops, void *data) } } -static void * +static void * cf_check rt_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct rt_unit *svc; @@ -850,7 +850,7 @@ rt_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) return svc; } -static void +static void cf_check rt_free_udata(const struct scheduler *ops, void *priv) { struct rt_unit *svc = priv; @@ -865,7 +865,7 @@ rt_free_udata(const struct scheduler *ops, void *priv) * It inserts units of moving domain to the scheduler's RunQ in * dest. cpupool. */ -static void +static void cf_check rt_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit *svc = rt_unit(unit); @@ -901,7 +901,7 @@ rt_unit_insert(const struct scheduler *ops, struct sched_unit *unit) /* * Remove rt_unit svc from the old scheduler in source cpupool. */ -static void +static void cf_check rt_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1042,7 +1042,7 @@ runq_pick(const struct scheduler *ops, const cpumask_t *mask, unsigned int cpu) * schedule function for rt scheduler. * The lock is already grabbed in schedule.c, no need to lock here */ -static void +static void cf_check rt_schedule(const struct scheduler *ops, struct sched_unit *currunit, s_time_t now, bool tasklet_work_scheduled) { @@ -1129,7 +1129,7 @@ rt_schedule(const struct scheduler *ops, struct sched_unit *currunit, * Remove UNIT from RunQ * The lock is already grabbed in schedule.c, no need to lock here */ -static void +static void cf_check rt_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1244,7 +1244,7 @@ runq_tickle(const struct scheduler *ops, const struct rt_unit *new) * The lock is already grabbed in schedule.c, no need to lock here * TODO: what if these two units belongs to the same domain? */ -static void +static void cf_check rt_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1314,7 +1314,7 @@ rt_unit_wake(const struct scheduler *ops, struct sched_unit *unit) * scurr has finished context switch, insert it back to the RunQ, * and then pick the highest priority unit from runq to run */ -static void +static void cf_check rt_context_saved(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit *svc = rt_unit(unit); @@ -1341,7 +1341,7 @@ out: /* * set/get each unit info of each domain */ -static int +static int cf_check rt_dom_cntl( const struct scheduler *ops, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:14:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:14:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277603.474212 (Exim 4.92) (envelope-from ) id 1nMuHT-0004f6-22; Wed, 23 Feb 2022 16:14:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277603.474212; Wed, 23 Feb 2022 16:14:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHS-0004ex-VP; Wed, 23 Feb 2022 16:14:18 +0000 Received: by outflank-mailman (input) for mailman id 277603; Wed, 23 Feb 2022 16:14:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHR-0004ek-Rd for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHR-000593-Qu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuHR-0003pl-Q7 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Nia6zV2NPRDx0y6VIBYXzILXjGjrM+S/rURbXtjdTtw=; b=qY+qO+St5Z7f+QzWwnTvcDkeDM Mc4lrjYPPh84GR2TK31GP7fhIEv3MgvYvhnGCqdxpvdcfNsu3lo4YW2ZQuTlK+lF9iPx+dGl1/tAG R5LMJRzqSRy4X7VI9XZ6CroR/dMJzS+I6vbwybk0IH514JxDEyAiavR9NRKqVlk5dyM0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/evtchn: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:17 +0000 commit fcbae94ea4f7aa62d1c0741577bdcc68caa224a1 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:35:51 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/evtchn: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/event_2l.c | 21 ++++++++++++--------- xen/common/event_channel.c | 3 ++- xen/common/event_fifo.c | 30 ++++++++++++++++-------------- 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/xen/common/event_2l.c b/xen/common/event_2l.c index 7424320e52..d40dd51ab5 100644 --- a/xen/common/event_2l.c +++ b/xen/common/event_2l.c @@ -16,7 +16,8 @@ #include -static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn) +static void cf_check evtchn_2l_set_pending( + struct vcpu *v, struct evtchn *evtchn) { struct domain *d = v->domain; unsigned int port = evtchn->port; @@ -41,12 +42,14 @@ static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn) evtchn_check_pollers(d, port); } -static void evtchn_2l_clear_pending(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_2l_clear_pending( + struct domain *d, struct evtchn *evtchn) { guest_clear_bit(d, evtchn->port, &shared_info(d, evtchn_pending)); } -static void evtchn_2l_unmask(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_2l_unmask( + struct domain *d, struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; unsigned int port = evtchn->port; @@ -64,8 +67,8 @@ static void evtchn_2l_unmask(struct domain *d, struct evtchn *evtchn) } } -static bool evtchn_2l_is_pending(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_2l_is_pending( + const struct domain *d, const struct evtchn *evtchn) { evtchn_port_t port = evtchn->port; unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); @@ -75,8 +78,8 @@ static bool evtchn_2l_is_pending(const struct domain *d, guest_test_bit(d, port, &shared_info(d, evtchn_pending))); } -static bool evtchn_2l_is_masked(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_2l_is_masked( + const struct domain *d, const struct evtchn *evtchn) { evtchn_port_t port = evtchn->port; unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); @@ -86,8 +89,8 @@ static bool evtchn_2l_is_masked(const struct domain *d, guest_test_bit(d, port, &shared_info(d, evtchn_mask))); } -static void evtchn_2l_print_state(struct domain *d, - const struct evtchn *evtchn) +static void cf_check evtchn_2l_print_state( + struct domain *d, const struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 2026bc30dc..183e78ac17 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -99,7 +99,8 @@ static xen_event_channel_notification_t __read_mostly xen_consumers[NR_XEN_CONSUMERS]; /* Default notification action: wake up from wait_on_xen_event_channel(). */ -static void default_xen_notification_fn(struct vcpu *v, unsigned int port) +static void cf_check default_xen_notification_fn( + struct vcpu *v, unsigned int port) { /* Consumer needs notification only if blocked. */ if ( test_and_clear_bit(_VPF_blocked_in_xen, &v->pause_flags) ) diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index 2fb01b82db..ed4d3beb10 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -78,7 +78,7 @@ static inline event_word_t *evtchn_fifo_word_from_port(const struct domain *d, return d->evtchn_fifo->event_array[p] + w; } -static void evtchn_fifo_init(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_init(struct domain *d, struct evtchn *evtchn) { event_word_t *word; @@ -158,7 +158,8 @@ static bool_t evtchn_fifo_set_link(struct domain *d, event_word_t *word, return 1; } -static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn) +static void cf_check evtchn_fifo_set_pending( + struct vcpu *v, struct evtchn *evtchn) { struct domain *d = v->domain; unsigned int port; @@ -317,7 +318,8 @@ static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn) evtchn_check_pollers(d, port); } -static void evtchn_fifo_clear_pending(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_clear_pending( + struct domain *d, struct evtchn *evtchn) { event_word_t *word; @@ -334,7 +336,7 @@ static void evtchn_fifo_clear_pending(struct domain *d, struct evtchn *evtchn) guest_clear_bit(d, EVTCHN_FIFO_PENDING, word); } -static void evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; event_word_t *word; @@ -350,32 +352,32 @@ static void evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) evtchn_fifo_set_pending(v, evtchn); } -static bool evtchn_fifo_is_pending(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_pending( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return word && guest_test_bit(d, EVTCHN_FIFO_PENDING, word); } -static bool_t evtchn_fifo_is_masked(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_masked( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return !word || guest_test_bit(d, EVTCHN_FIFO_MASKED, word); } -static bool_t evtchn_fifo_is_busy(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_busy( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return word && guest_test_bit(d, EVTCHN_FIFO_LINKED, word); } -static int evtchn_fifo_set_priority(struct domain *d, struct evtchn *evtchn, - unsigned int priority) +static int cf_check evtchn_fifo_set_priority( + struct domain *d, struct evtchn *evtchn, unsigned int priority) { if ( priority > EVTCHN_FIFO_PRIORITY_MIN ) return -EINVAL; @@ -390,8 +392,8 @@ static int evtchn_fifo_set_priority(struct domain *d, struct evtchn *evtchn, return 0; } -static void evtchn_fifo_print_state(struct domain *d, - const struct evtchn *evtchn) +static void cf_check evtchn_fifo_print_state( + struct domain *d, const struct evtchn *evtchn) { event_word_t *word; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:14:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:14:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277604.474216 (Exim 4.92) (envelope-from ) id 1nMuHd-0004i4-3Y; Wed, 23 Feb 2022 16:14:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277604.474216; Wed, 23 Feb 2022 16:14:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHd-0004hw-0d; Wed, 23 Feb 2022 16:14:29 +0000 Received: by outflank-mailman (input) for mailman id 277604; Wed, 23 Feb 2022 16:14:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHb-0004hh-Uu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHb-00059J-UE for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuHb-0003qD-TR for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RCQ7pOiRJtQXe1QjyjH8lLZgfZHWsw7sUeT4TXlfKTA=; b=sK9Xii+KarJx+m6SleO0ZQa+yP kLI/8s0np0P5lWIYV4/w1h0Mef3AVCBTePK6TTNwKx5UQGC5+POLJAXVh1Qn8Spg7ckZ+KV9Goy6p bFZeMeAxX7H7GwqUaycDMH82xrW7mcpGVFBksq31IXJhl9VR9Q4e1SxxvMxRcyHI9wTY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/hypfs: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:27 +0000 commit 0cccb0416e5480822a54bd74066f73c14238b168 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:42:42 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/hypfs: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Juergen Gross --- xen/common/hypfs.c | 57 +++++++++++++++++++++++----------------------- xen/common/sched/cpupool.c | 25 ++++++++++---------- xen/include/xen/hypfs.h | 49 +++++++++++++++++++-------------------- 3 files changed, 65 insertions(+), 66 deletions(-) diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 1526bcc528..0d22396f5d 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -113,12 +113,13 @@ static void hypfs_unlock(void) } } -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry) +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry) { return entry; } -void hypfs_node_exit(const struct hypfs_entry *entry) +void cf_check hypfs_node_exit(const struct hypfs_entry *entry) { } @@ -289,16 +290,14 @@ static int hypfs_get_path_user(char *buf, return 0; } -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { return ERR_PTR(-ENOTDIR); } -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { struct hypfs_entry *entry; @@ -360,7 +359,7 @@ static struct hypfs_entry *hypfs_get_entry(const char *path) return hypfs_get_entry_rel(&hypfs_root, path + 1); } -unsigned int hypfs_getsize(const struct hypfs_entry *entry) +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry) { return entry->size; } @@ -396,7 +395,7 @@ int hypfs_read_dyndir_id_entry(const struct hypfs_entry_dir *template, return 0; } -static const struct hypfs_entry *hypfs_dyndir_enter( +static const struct hypfs_entry *cf_check hypfs_dyndir_enter( const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; @@ -407,7 +406,7 @@ static const struct hypfs_entry *hypfs_dyndir_enter( return data->template->e.funcs->enter(&data->template->e); } -static struct hypfs_entry *hypfs_dyndir_findentry( +static struct hypfs_entry *cf_check hypfs_dyndir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { const struct hypfs_dyndir_id *data; @@ -418,8 +417,8 @@ static struct hypfs_entry *hypfs_dyndir_findentry( return data->template->e.funcs->findentry(data->template, name, name_len); } -static int hypfs_read_dyndir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check hypfs_read_dyndir( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; @@ -463,8 +462,8 @@ unsigned int hypfs_dynid_entry_size(const struct hypfs_entry *template, return DIRENTRY_SIZE(snprintf(NULL, 0, template->name, id)); } -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_dir *d; const struct hypfs_entry *e; @@ -510,8 +509,8 @@ int hypfs_read_dir(const struct hypfs_entry *entry, return 0; } -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_leaf( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_leaf *l; unsigned int size = entry->funcs->getsize(entry); @@ -555,9 +554,9 @@ static int hypfs_read(const struct hypfs_entry *entry, return ret; } -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_leaf( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { char *buf; int ret; @@ -596,9 +595,9 @@ int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_bool( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { bool buf; @@ -618,9 +617,9 @@ int hypfs_write_bool(struct hypfs_entry_leaf *leaf, return 0; } -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_custom( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { struct param_hypfs *p; char *buf; @@ -653,9 +652,9 @@ int hypfs_write_custom(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_deny( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { return -EACCES; } diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index b9d4babd0d..07f984a659 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1026,8 +1026,8 @@ static struct notifier_block cpu_nfb = { static HYPFS_DIR_INIT(cpupool_pooldir, "%u"); -static int cpupool_dir_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_dir_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { int ret = 0; struct cpupool *c; @@ -1050,7 +1050,8 @@ static int cpupool_dir_read(const struct hypfs_entry *entry, return ret; } -static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check cpupool_dir_getsize( + const struct hypfs_entry *entry) { const struct cpupool *c; unsigned int size = 0; @@ -1061,7 +1062,7 @@ static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) return size; } -static const struct hypfs_entry *cpupool_dir_enter( +static const struct hypfs_entry *cf_check cpupool_dir_enter( const struct hypfs_entry *entry) { struct hypfs_dyndir_id *data; @@ -1076,14 +1077,14 @@ static const struct hypfs_entry *cpupool_dir_enter( return entry; } -static void cpupool_dir_exit(const struct hypfs_entry *entry) +static void cf_check cpupool_dir_exit(const struct hypfs_entry *entry) { spin_unlock(&cpupool_lock); hypfs_free_dyndata(); } -static struct hypfs_entry *cpupool_dir_findentry( +static struct hypfs_entry *cf_check cpupool_dir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { unsigned long id; @@ -1102,8 +1103,8 @@ static struct hypfs_entry *cpupool_dir_findentry( return hypfs_gen_dyndir_id_entry(&cpupool_pooldir, id, cpupool); } -static int cpupool_gran_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_gran_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1121,7 +1122,7 @@ static int cpupool_gran_read(const struct hypfs_entry *entry, return copy_to_guest(uaddr, gran, strlen(gran) + 1) ? -EFAULT : 0; } -static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check hypfs_gran_getsize(const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1136,9 +1137,9 @@ static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) return strlen(gran) + 1; } -static int cpupool_gran_write(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +static int cf_check cpupool_gran_write( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { const struct hypfs_dyndir_id *data; struct cpupool *cpupool; diff --git a/xen/include/xen/hypfs.h b/xen/include/xen/hypfs.h index e9d4c2555b..1b65a9188c 100644 --- a/xen/include/xen/hypfs.h +++ b/xen/include/xen/hypfs.h @@ -168,31 +168,30 @@ void hypfs_add_dyndir(struct hypfs_entry_dir *parent, struct hypfs_entry_dir *template); int hypfs_add_leaf(struct hypfs_entry_dir *parent, struct hypfs_entry_leaf *leaf, bool nofault); -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry); -void hypfs_node_exit(const struct hypfs_entry *entry); -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -unsigned int hypfs_getsize(const struct hypfs_entry *entry); -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry); +void cf_check hypfs_node_exit(const struct hypfs_entry *entry); +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_read_leaf(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_write_deny(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_leaf(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_bool(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_custom(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry); +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); void *hypfs_alloc_dyndata(unsigned long size); #define hypfs_alloc_dyndata(type) ((type *)hypfs_alloc_dyndata(sizeof(type))) void *hypfs_get_dyndata(void); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:14:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:14:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277605.474220 (Exim 4.92) (envelope-from ) id 1nMuHn-0004lP-57; Wed, 23 Feb 2022 16:14:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277605.474220; Wed, 23 Feb 2022 16:14:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHn-0004lH-29; Wed, 23 Feb 2022 16:14:39 +0000 Received: by outflank-mailman (input) for mailman id 277605; Wed, 23 Feb 2022 16:14:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHm-0004l6-2X for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHm-00059V-1t for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuHm-0003qs-1D for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uAqWZiVhNsQwlMjCkaXt+b5cwUZ6ALPWsOOMzLw25fo=; b=sUErJxCT9RbmTorrTZJoyBUpaY 0MzZGbCkC9X75bt17k2XP6ITq00++nfBuVp59gHwpsrfDDiSlLD74JvazbGUZw+jZHgejCtxcyoTP iwgyp7+At9HlmRNZCoNwIDtZ2PITUIzvC0XUi1BnY5YAc1HOXXXjTriQrbCvnfhsRA5Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/tasklet: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:38 +0000 commit 69f14d2ad9f7b23cdf2aad3b907b06c7f94cffab Author: Andrew Cooper AuthorDate: Thu Oct 28 10:58:37 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/tasklet: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The function pointer cast in hvm_vcpu_initialise() is undefined behaviour. While it happens to function correctly, it is not compatible with control flow typechecking, so introduce a new hvm_assert_evtchn_irq_tasklet() to handle the parameter type conversion in a legal way. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 7 ++++++- xen/arch/x86/hvm/vlapic.c | 2 +- xen/arch/x86/include/asm/shadow.h | 2 +- xen/arch/x86/mm/shadow/common.c | 2 +- xen/common/domain.c | 2 +- xen/common/keyhandler.c | 6 +++--- xen/common/livepatch.c | 2 +- xen/common/stop_machine.c | 2 +- xen/common/trace.c | 2 +- xen/drivers/char/console.c | 2 +- xen/drivers/passthrough/amd/iommu_guest.c | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 4 ++-- xen/drivers/passthrough/vtd/iommu.c | 2 +- 13 files changed, 21 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 0a19353068..5ec10f3080 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1528,6 +1528,11 @@ static int __init cf_check hvm_register_CPU_save_and_restore(void) } __initcall(hvm_register_CPU_save_and_restore); +static void cf_check hvm_assert_evtchn_irq_tasklet(void *v) +{ + hvm_assert_evtchn_irq(v); +} + int hvm_vcpu_initialise(struct vcpu *v) { int rc; @@ -1552,7 +1557,7 @@ int hvm_vcpu_initialise(struct vcpu *v) goto fail3; softirq_tasklet_init(&v->arch.hvm.assert_evtchn_irq_tasklet, - (void (*)(void *))hvm_assert_evtchn_irq, v); + hvm_assert_evtchn_irq_tasklet, v); v->arch.hvm.inject_event.vector = HVM_EVENT_VECTOR_UNSET; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index b8c84458ff..fe375912be 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -312,7 +312,7 @@ static void vlapic_init_sipi_one(struct vcpu *target, uint32_t icr) vcpu_unpause(target); } -static void vlapic_init_sipi_action(void *data) +static void cf_check vlapic_init_sipi_action(void *data) { struct vcpu *origin = data; uint32_t icr = vcpu_vlapic(origin)->init_sipi.icr; diff --git a/xen/arch/x86/include/asm/shadow.h b/xen/arch/x86/include/asm/shadow.h index e25f9604d8..7ef76cc063 100644 --- a/xen/arch/x86/include/asm/shadow.h +++ b/xen/arch/x86/include/asm/shadow.h @@ -233,7 +233,7 @@ static inline bool pv_l1tf_check_l4e(struct domain *d, l4_pgentry_t l4e) return pv_l1tf_check_pte(d, 4, l4e.l4); } -void pv_l1tf_tasklet(void *data); +void cf_check pv_l1tf_tasklet(void *data); static inline void pv_l1tf_domain_init(struct domain *d) { diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index b8730a9441..fb370af90b 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -3242,7 +3242,7 @@ void shadow_audit_tables(struct vcpu *v) #ifdef CONFIG_PV -void pv_l1tf_tasklet(void *data) +void cf_check pv_l1tf_tasklet(void *data) { struct domain *d = data; diff --git a/xen/common/domain.c b/xen/common/domain.c index c5716cd72f..f3d06df76c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1820,7 +1820,7 @@ struct migrate_info { static DEFINE_PER_CPU(struct migrate_info *, continue_info); -static void continue_hypercall_tasklet_handler(void *data) +static void cf_check continue_hypercall_tasklet_handler(void *data) { struct migrate_info *info = data; struct vcpu *v = info->vcpu; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 2c916d528a..b568484ca6 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -73,7 +73,7 @@ static struct keyhandler { #undef KEYHANDLER }; -static void keypress_action(void *unused) +static void cf_check keypress_action(void *unused) { handle_keypress(keypress_key, NULL); } @@ -206,7 +206,7 @@ static void dump_registers(unsigned char key, struct cpu_user_regs *regs) static DECLARE_TASKLET(dump_hwdom_tasklet, NULL, NULL); -static void dump_hwdom_action(void *data) +static void cf_check dump_hwdom_action(void *data) { struct vcpu *v = data; @@ -437,7 +437,7 @@ static void read_clocks(unsigned char key) maxdif_cycles, sumdif_cycles/count, count, dif_cycles); } -static void run_all_nonirq_keyhandlers(void *unused) +static void cf_check run_all_nonirq_keyhandlers(void *unused) { /* Fire all the non-IRQ-context diagnostic keyhandlers */ struct keyhandler *h; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 701efd87a1..4e1c29ab78 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -1591,7 +1591,7 @@ static int schedule_work(struct payload *data, uint32_t cmd, uint32_t timeout) return 0; } -static void tasklet_fn(void *unused) +static void cf_check tasklet_fn(void *unused) { this_cpu(work_to_do) = 1; } diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index a122bd4afe..3adbe380de 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -141,7 +141,7 @@ int stop_machine_run(int (*fn)(void *), void *data, unsigned int cpu) return ret; } -static void stopmachine_action(void *data) +static void cf_check stopmachine_action(void *data) { unsigned int cpu = (unsigned long)data; enum stopmachine_state state = STOPMACHINE_START; diff --git a/xen/common/trace.c b/xen/common/trace.c index b5358508f8..a7c092fcbb 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -663,7 +663,7 @@ static inline void insert_lost_records(struct t_buf *buf) * Notification is performed in qtasklet to avoid deadlocks with contexts * which __trace_var() may be called from (e.g., scheduler critical regions). */ -static void trace_notify_dom0(void *unused) +static void cf_check trace_notify_dom0(void *unused) { send_global_virq(VIRQ_TBUF); } diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 4694be83db..d74b65f6bf 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -574,7 +574,7 @@ static void serial_rx(char c, struct cpu_user_regs *regs) __serial_rx(c, regs); } -static void notify_dom0_con_ring(void *unused) +static void cf_check notify_dom0_con_ring(void *unused) { send_global_virq(VIRQ_CON_RING); } diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c index 85828490ff..361ff864d8 100644 --- a/xen/drivers/passthrough/amd/iommu_guest.c +++ b/xen/drivers/passthrough/amd/iommu_guest.c @@ -456,7 +456,7 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd) return 0; } -static void guest_iommu_process_command(void *data) +static void cf_check guest_iommu_process_command(void *data) { unsigned long opcode, tail, head, cmd_mfn; cmd_entry_t *cmd; diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index f1ed755582..34a9e49f1c 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -26,7 +26,7 @@ static int __initdata nr_amd_iommus; static bool __initdata pci_init; -static void do_amd_iommu_irq(void *data); +static void cf_check do_amd_iommu_irq(void *data); static DECLARE_SOFTIRQ_TASKLET(amd_iommu_irq_tasklet, do_amd_iommu_irq, NULL); unsigned int __read_mostly amd_iommu_acpi_info; @@ -692,7 +692,7 @@ static void iommu_check_ppr_log(struct amd_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } -static void do_amd_iommu_irq(void *unused) +static void cf_check do_amd_iommu_irq(void *unused) { struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6ed32922c4..42181e12be 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1049,7 +1049,7 @@ clear_overflow: } } -static void do_iommu_page_fault(void *unused) +static void cf_check do_iommu_page_fault(void *unused) { struct acpi_drhd_unit *drhd; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:14:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:14:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277606.474224 (Exim 4.92) (envelope-from ) id 1nMuHx-0004oq-87; Wed, 23 Feb 2022 16:14:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277606.474224; Wed, 23 Feb 2022 16:14:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHx-0004oi-53; Wed, 23 Feb 2022 16:14:49 +0000 Received: by outflank-mailman (input) for mailman id 277606; Wed, 23 Feb 2022 16:14:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHw-0004oZ-7Y for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuHw-00059f-6u for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuHw-0003rR-68 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Grn2b3VHH4ruYrO+HwKbvJQtuwW/ywGXG0+zfh6iLRE=; b=uCFzrn64lHq0t/LD09B+c0AQIO WUiXWkbnNh9lg9kCgWfdOCxJja6UwcDrhgZFieO4IeKL41dANsK3o1C97+mg1LegaGebuPlbJEtn0 AX/6yrJMIzqKlqIE45cr4koW7eoplIDTThbG8w9k9wiasZSLHlbb7ODhRcgtlGG5QaWA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/keyhandler: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:48 +0000 commit ef0434ae38030d0a002805c72f5c2819c20d9dcc Author: Andrew Cooper AuthorDate: Thu Oct 28 11:18:45 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/keyhandler: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Tweak {IRQ_,}KEYHANDLER() to use a named initialiser instead of requiring a pointer cast to compile in the IRQ case. Reposition iommu_dump_page_tables() to avoid a forward declaration. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/hvm/irq.c | 2 +- xen/arch/x86/hvm/svm/vmcb.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/io_apic.c | 2 +- xen/arch/x86/irq.c | 2 +- xen/arch/x86/mm/p2m-ept.c | 2 +- xen/arch/x86/mm/shadow/common.c | 4 +-- xen/arch/x86/msi.c | 2 +- xen/arch/x86/nmi.c | 4 +-- xen/arch/x86/numa.c | 2 +- xen/arch/x86/time.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/kexec.c | 2 +- xen/common/keyhandler.c | 35 ++++++++++++--------- xen/common/livepatch.c | 2 +- xen/common/page_alloc.c | 4 +-- xen/common/perfc.c | 4 +-- xen/common/sched/cpupool.c | 2 +- xen/common/spinlock.c | 4 +-- xen/common/timer.c | 2 +- xen/drivers/char/console.c | 8 ++--- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_intr.c | 2 +- xen/drivers/passthrough/iommu.c | 52 +++++++++++++++----------------- xen/drivers/passthrough/pci.c | 2 +- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/utils.c | 2 +- xen/include/xen/perfc.h | 4 +-- xen/include/xen/sched.h | 2 +- xen/include/xen/spinlock.h | 4 +-- 33 files changed, 86 insertions(+), 83 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 22c8bb0c2d..0142671bb8 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -377,7 +377,7 @@ static void print_acpi_power(uint32_t cpu, struct acpi_processor_power *power) print_hw_residencies(cpu); } -static void dump_cx(unsigned char key) +static void cf_check dump_cx(unsigned char key) { unsigned int cpu; diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 6045c9149b..a7f8991a7b 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -635,7 +635,7 @@ static void irq_dump(struct domain *d) hvm_irq->callback_via_asserted ? "" : " not"); } -static void dump_irq_info(unsigned char key) +static void cf_check dump_irq_info(unsigned char key) { struct domain *d; diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index efa085032b..9583096577 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -226,7 +226,7 @@ void svm_destroy_vmcb(struct vcpu *v) svm->vmcb = NULL; } -static void vmcb_dump(unsigned char ch) +static void cf_check vmcb_dump(unsigned char ch) { struct domain *d; struct vcpu *v; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 2b6bafe9d5..d2cafd8ca1 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2117,7 +2117,7 @@ void vmcs_dump_vcpu(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmcs_dump(unsigned char ch) +static void cf_check vmcs_dump(unsigned char ch) { struct domain *d; struct vcpu *v; diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 4135a9c060..4c5eaef862 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1268,7 +1268,7 @@ static void __init print_IO_APIC(void) __print_IO_APIC(1); } -static void _print_IO_APIC_keyhandler(unsigned char key) +static void cf_check _print_IO_APIC_keyhandler(unsigned char key) { __print_IO_APIC(0); } diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index d9bd355113..f43b926ed2 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2424,7 +2424,7 @@ void free_domain_pirqs(struct domain *d) pcidevs_unlock(); } -static void dump_irqs(unsigned char key) +static void cf_check dump_irqs(unsigned char key) { int i, irq, pirq; struct irq_desc *desc; diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index b7ee441d45..a8a6ad6295 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -1433,7 +1433,7 @@ static const char *memory_type_to_str(unsigned int x) return memory_types[x][0] ? memory_types[x] : "?"; } -static void ept_dump_p2m_table(unsigned char key) +static void cf_check ept_dump_p2m_table(unsigned char key) { struct domain *d; ept_entry_t *table, *ept_entry; diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index fb370af90b..83dedc8870 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -98,7 +98,7 @@ void shadow_vcpu_init(struct vcpu *v) #if SHADOW_AUDIT int shadow_audit_enable = 0; -static void shadow_audit_key(unsigned char key) +static void cf_check shadow_audit_key(unsigned char key) { shadow_audit_enable = !shadow_audit_enable; printk("%s shadow_audit_enable=%d\n", @@ -1046,7 +1046,7 @@ void shadow_blow_tables_per_domain(struct domain *d) /* Blow all shadows of all shadowed domains: this can be used to cause the * guest's pagetables to be re-shadowed if we suspect that the shadows * have somehow got out of sync */ -static void shadow_blow_all_tables(unsigned char c) +static void cf_check shadow_blow_all_tables(unsigned char c) { struct domain *d; printk("'%c' pressed -> blowing all shadow tables\n", c); diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index d1497254b1..77a4fbf13f 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1411,7 +1411,7 @@ void __init early_msi_init(void) return; } -static void dump_msi(unsigned char key) +static void cf_check dump_msi(unsigned char key) { unsigned int irq; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 0a1c9b8e9a..302eaf2ff3 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -577,13 +577,13 @@ void self_nmi(void) local_irq_restore(flags); } -static void do_nmi_trigger(unsigned char key) +static void cf_check do_nmi_trigger(unsigned char key) { printk("Triggering NMI on APIC ID %x\n", get_apic_id()); self_nmi(); } -static void do_nmi_stats(unsigned char key) +static void cf_check do_nmi_stats(unsigned char key) { const struct vcpu *v; unsigned int cpu; diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 5de9db4e99..680b7d9002 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -369,7 +369,7 @@ unsigned int __init arch_get_dma_bitsize(void) + PAGE_SHIFT, 32); } -static void dump_numa(unsigned char key) +static void cf_check dump_numa(unsigned char key) { s_time_t now = NOW(); unsigned int i, j, n; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 32111358a7..10efe13c84 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2539,7 +2539,7 @@ int tsc_set_info(struct domain *d, } /* vtsc may incur measurable performance degradation, diagnose with this */ -static void dump_softtsc(unsigned char key) +static void cf_check dump_softtsc(unsigned char key) { struct domain *d; int domcnt = 0; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index 160d00b796..a272e5e437 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -233,7 +233,7 @@ void debugtrace_printk(const char *fmt, ...) spin_unlock_irqrestore(&debugtrace_lock, flags); } -static void debugtrace_key(unsigned char key) +static void cf_check debugtrace_key(unsigned char key) { debugtrace_toggle(); } diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 183e78ac17..ffb042a241 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1629,7 +1629,7 @@ static void domain_dump_evtchn_info(struct domain *d) spin_unlock(&d->event_lock); } -static void dump_evtchn_info(unsigned char key) +static void cf_check dump_evtchn_info(unsigned char key) { struct domain *d; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1078e3e16c..1e0762b064 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4275,7 +4275,7 @@ static void gnttab_usage_print(struct domain *rd) printk("no active grant table entries\n"); } -static void gnttab_usage_print_all(unsigned char key) +static void cf_check gnttab_usage_print_all(unsigned char key) { struct domain *d; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index b222a5fd78..a2ffb6530c 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -408,7 +408,7 @@ static long cf_check kexec_reboot(void *_image) return 0; } -static void do_crashdump_trigger(unsigned char key) +static void cf_check do_crashdump_trigger(unsigned char key) { printk("'%c' pressed -> triggering crashdump\n", key); kexec_crash(CRASHREASON_DEBUGKEY); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index b568484ca6..5dc650a37c 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -26,10 +26,11 @@ static unsigned char keypress_key; static bool_t alt_key_handling; -static keyhandler_fn_t show_handlers, dump_hwdom_registers, - dump_domains, read_clocks; -static irq_keyhandler_fn_t do_toggle_alt_key, dump_registers, - reboot_machine, run_all_keyhandlers, do_debug_key; +static keyhandler_fn_t cf_check show_handlers, cf_check dump_hwdom_registers, + cf_check dump_domains, cf_check read_clocks; +static irq_keyhandler_fn_t cf_check do_toggle_alt_key, cf_check dump_registers, + cf_check reboot_machine, cf_check run_all_keyhandlers, + cf_check do_debug_key; static struct keyhandler { union { @@ -43,10 +44,10 @@ static struct keyhandler { } key_table[128] __read_mostly = { #define KEYHANDLER(k, f, desc, diag) \ - [k] = { { (f) }, desc, 0, diag } + [k] = { { .fn = (f) }, desc, 0, diag } #define IRQ_KEYHANDLER(k, f, desc, diag) \ - [k] = { { (keyhandler_fn_t *)(f) }, desc, 1, diag } + [k] = { { .irq_fn = (f) }, desc, 1, diag } IRQ_KEYHANDLER('A', do_toggle_alt_key, "toggle alternative key handling", 0), IRQ_KEYHANDLER('d', dump_registers, "dump registers", 1), @@ -124,7 +125,7 @@ void register_irq_keyhandler(unsigned char key, irq_keyhandler_fn_t fn, key_table[key].diagnostic = diagnostic; } -static void show_handlers(unsigned char key) +static void cf_check show_handlers(unsigned char key) { unsigned int i; @@ -170,7 +171,8 @@ void dump_execstate(struct cpu_user_regs *regs) watchdog_enable(); } -static void dump_registers(unsigned char key, struct cpu_user_regs *regs) +static void cf_check dump_registers( + unsigned char key, struct cpu_user_regs *regs) { unsigned int cpu; @@ -224,7 +226,7 @@ static void cf_check dump_hwdom_action(void *data) } } -static void dump_hwdom_registers(unsigned char key) +static void cf_check dump_hwdom_registers(unsigned char key) { struct vcpu *v; @@ -246,13 +248,14 @@ static void dump_hwdom_registers(unsigned char key) } } -static void reboot_machine(unsigned char key, struct cpu_user_regs *regs) +static void cf_check reboot_machine( + unsigned char key, struct cpu_user_regs *regs) { printk("'%c' pressed -> rebooting machine\n", key); machine_restart(0); } -static void dump_domains(unsigned char key) +static void cf_check dump_domains(unsigned char key) { struct domain *d; const struct sched_unit *unit; @@ -372,7 +375,7 @@ static void cf_check read_clocks_slave(void *unused) local_irq_enable(); } -static void read_clocks(unsigned char key) +static void cf_check read_clocks(unsigned char key) { unsigned int cpu = smp_processor_id(), min_stime_cpu, max_stime_cpu; unsigned int min_cycles_cpu, max_cycles_cpu; @@ -461,7 +464,8 @@ static void cf_check run_all_nonirq_keyhandlers(void *unused) static DECLARE_TASKLET(run_all_keyhandlers_tasklet, run_all_nonirq_keyhandlers, NULL); -static void run_all_keyhandlers(unsigned char key, struct cpu_user_regs *regs) +static void cf_check run_all_keyhandlers( + unsigned char key, struct cpu_user_regs *regs) { struct keyhandler *h; unsigned int k; @@ -494,7 +498,7 @@ static void do_debugger_trap_fatal(struct cpu_user_regs *regs) barrier(); } -static void do_debug_key(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_debug_key(unsigned char key, struct cpu_user_regs *regs) { printk("'%c' pressed -> trapping into debugger\n", key); if ( regs ) @@ -503,7 +507,8 @@ static void do_debug_key(unsigned char key, struct cpu_user_regs *regs) run_in_exception_handler(do_debugger_trap_fatal); } -static void do_toggle_alt_key(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_toggle_alt_key( + unsigned char key, struct cpu_user_regs *regs) { alt_key_handling = !alt_key_handling; printk("'%c' pressed -> using %s key handling\n", key, diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 4e1c29ab78..e8714920dc 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2068,7 +2068,7 @@ static const char *state2str(unsigned int state) return names[state]; } -static void livepatch_printall(unsigned char key) +static void cf_check livepatch_printall(unsigned char key) { struct payload *data; const void *binary_id = NULL; diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 827617502e..3caf5c954b 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2522,7 +2522,7 @@ unsigned long avail_node_heap_pages(unsigned int nodeid) } -static void pagealloc_info(unsigned char key) +static void cf_check pagealloc_info(unsigned char key) { unsigned int zone = MEMZONE_XEN; unsigned long n, total = 0; @@ -2572,7 +2572,7 @@ void scrub_one_page(struct page_info *pg) #endif } -static void dump_heap(unsigned char key) +static void cf_check dump_heap(unsigned char key) { s_time_t now = NOW(); int i, j; diff --git a/xen/common/perfc.c b/xen/common/perfc.c index 3abe35892a..7400667bf0 100644 --- a/xen/common/perfc.c +++ b/xen/common/perfc.c @@ -28,7 +28,7 @@ static const struct { DEFINE_PER_CPU(perfc_t[NUM_PERFCOUNTERS], perfcounters); -void perfc_printall(unsigned char key) +void cf_check perfc_printall(unsigned char key) { unsigned int i, j; s_time_t now = NOW(); @@ -115,7 +115,7 @@ void perfc_printall(unsigned char key) } } -void perfc_reset(unsigned char key) +void cf_check perfc_reset(unsigned char key) { unsigned int i, j; s_time_t now = NOW(); diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index 07f984a659..a6da497050 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -956,7 +956,7 @@ const cpumask_t *cpupool_valid_cpus(const struct cpupool *pool) return pool->cpu_valid; } -void dump_runq(unsigned char key) +void cf_check dump_runq(unsigned char key) { s_time_t now = NOW(); struct cpupool *c; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5ce7e33638..25bfbf3c47 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -393,7 +393,7 @@ static void spinlock_profile_print_elem(struct lock_profile *data, data->lock_cnt, data->time_hold, data->block_cnt, data->time_block); } -void spinlock_profile_printall(unsigned char key) +void cf_check spinlock_profile_printall(unsigned char key) { s_time_t now = NOW(); s_time_t diff; @@ -413,7 +413,7 @@ static void spinlock_profile_reset_elem(struct lock_profile *data, data->time_block = 0; } -void spinlock_profile_reset(unsigned char key) +void cf_check spinlock_profile_reset(unsigned char key) { s_time_t now = NOW(); diff --git a/xen/common/timer.c b/xen/common/timer.c index 700f191a70..9b5016d5ed 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -546,7 +546,7 @@ static void dump_timer(struct timer *t, s_time_t now) (t->expires - now) / 1000, t, t->function, t->data); } -static void dump_timerq(unsigned char key) +static void cf_check dump_timerq(unsigned char key) { struct timer *t; struct timers *ts; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index d74b65f6bf..380765ab02 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -280,7 +280,7 @@ static int *__read_mostly upper_thresh_adj = &xenlog_upper_thresh; static int *__read_mostly lower_thresh_adj = &xenlog_lower_thresh; static const char *__read_mostly thresh_adj = "standard"; -static void do_toggle_guest(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_toggle_guest(unsigned char key, struct cpu_user_regs *regs) { if ( upper_thresh_adj == &xenlog_upper_thresh ) { @@ -307,13 +307,13 @@ static void do_adj_thresh(unsigned char key) loglvl_str(*upper_thresh_adj)); } -static void do_inc_thresh(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_inc_thresh(unsigned char key, struct cpu_user_regs *regs) { ++*lower_thresh_adj; do_adj_thresh(key); } -static void do_dec_thresh(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_dec_thresh(unsigned char key, struct cpu_user_regs *regs) { if ( *lower_thresh_adj ) --*lower_thresh_adj; @@ -424,7 +424,7 @@ void console_serial_puts(const char *s, size_t nr) pv_console_puts(s, nr); } -static void dump_console_ring_key(unsigned char key) +static void cf_check dump_console_ring_key(unsigned char key) { uint32_t idx, len, sofar, c; unsigned int order; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 04517c1a02..99be9aafcc 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -297,7 +297,7 @@ unsigned int amd_iommu_read_ioapic_from_ire( int amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg); int amd_setup_hpet_msi(struct msi_desc *msi_desc); -void amd_iommu_dump_intremap_tables(unsigned char key); +void cf_check amd_iommu_dump_intremap_tables(unsigned char key); extern struct ioapic_sbdf { u16 bdf, seg; diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index b166a04666..e7804413c7 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -844,7 +844,7 @@ static int dump_intremap_mapping(const struct amd_iommu *iommu, return 0; } -void amd_iommu_dump_intremap_tables(unsigned char key) +void cf_check amd_iommu_dump_intremap_tables(unsigned char key) { if ( !shared_intremap_table ) { diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 6ee267d2bf..e220fea72c 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -22,8 +22,6 @@ #include #include -static void iommu_dump_page_tables(unsigned char key); - unsigned int __read_mostly iommu_dev_iotlb_timeout = 1000; integer_param("iommu_dev_iotlb_timeout", iommu_dev_iotlb_timeout); @@ -224,6 +222,31 @@ int iommu_domain_init(struct domain *d, unsigned int opts) return 0; } +static void cf_check iommu_dump_page_tables(unsigned char key) +{ + struct domain *d; + + ASSERT(iommu_enabled); + + rcu_read_lock(&domlist_read_lock); + + for_each_domain(d) + { + if ( is_hardware_domain(d) || !is_iommu_enabled(d) ) + continue; + + if ( iommu_use_hap_pt(d) ) + { + printk("%pd sharing page tables\n", d); + continue; + } + + iommu_vcall(dom_iommu(d)->platform_ops, dump_page_tables, d); + } + + rcu_read_unlock(&domlist_read_lock); +} + void __hwdom_init iommu_hwdom_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -584,31 +607,6 @@ bool_t iommu_has_feature(struct domain *d, enum iommu_feature feature) return is_iommu_enabled(d) && test_bit(feature, dom_iommu(d)->features); } -static void iommu_dump_page_tables(unsigned char key) -{ - struct domain *d; - - ASSERT(iommu_enabled); - - rcu_read_lock(&domlist_read_lock); - - for_each_domain(d) - { - if ( is_hardware_domain(d) || !is_iommu_enabled(d) ) - continue; - - if ( iommu_use_hap_pt(d) ) - { - printk("%pd sharing page tables\n", d); - continue; - } - - iommu_vcall(dom_iommu(d)->platform_ops, dump_page_tables, d); - } - - rcu_read_unlock(&domlist_read_lock); -} - /* * Local variables: * mode: C diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 099312365d..18af4e5088 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1351,7 +1351,7 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) return 0; } -static void dump_pci_devices(unsigned char ch) +static void cf_check dump_pci_devices(unsigned char ch) { printk("==== PCI devices ====\n"); pcidevs_lock(); diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 52b82f7132..ccf8df7be4 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -31,7 +31,7 @@ extern const struct iommu_init_ops intel_iommu_init_ops; void print_iommu_regs(struct acpi_drhd_unit *drhd); void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn); -keyhandler_fn_t vtd_dump_iommu_info; +keyhandler_fn_t cf_check vtd_dump_iommu_info; bool intel_iommu_supports_eim(void); int intel_iommu_enable_eim(void); diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 56dfdff9bd..47922dc8e8 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -154,7 +154,7 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) } while ( --level ); } -void vtd_dump_iommu_info(unsigned char key) +void cf_check vtd_dump_iommu_info(unsigned char key) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; diff --git a/xen/include/xen/perfc.h b/xen/include/xen/perfc.h index 6846e7119f..bb010b0aae 100644 --- a/xen/include/xen/perfc.h +++ b/xen/include/xen/perfc.h @@ -96,8 +96,8 @@ DECLARE_PER_CPU(perfc_t[NUM_PERFCOUNTERS], perfcounters); struct xen_sysctl_perfc_op; int perfc_control(struct xen_sysctl_perfc_op *); -extern void perfc_printall(unsigned char key); -extern void perfc_reset(unsigned char key); +extern void cf_check perfc_printall(unsigned char key); +extern void cf_check perfc_reset(unsigned char key); #else /* CONFIG_PERF_COUNTERS */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 24a9a87f83..10ea969c7a 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -1145,7 +1145,7 @@ int cpupool_move_domain(struct domain *d, struct cpupool *c); int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op); unsigned int cpupool_get_id(const struct domain *d); const cpumask_t *cpupool_valid_cpus(const struct cpupool *pool); -extern void dump_runq(unsigned char key); +extern void cf_check dump_runq(unsigned char key); void arch_do_physinfo(struct xen_sysctl_physinfo *pi); diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 9fa4e600c1..961891bea4 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -129,8 +129,8 @@ void _lock_profile_deregister_struct(int32_t, struct lock_profile_qhead *); _lock_profile_deregister_struct(type, &((ptr)->profile_head)) extern int spinlock_profile_control(struct xen_sysctl_lockprof_op *pc); -extern void spinlock_profile_printall(unsigned char key); -extern void spinlock_profile_reset(unsigned char key); +extern void cf_check spinlock_profile_printall(unsigned char key); +extern void cf_check spinlock_profile_reset(unsigned char key); #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277607.474228 (Exim 4.92) (envelope-from ) id 1nMuI8-0004re-9e; Wed, 23 Feb 2022 16:15:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277607.474228; Wed, 23 Feb 2022 16:15:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuI8-0004rW-6d; Wed, 23 Feb 2022 16:15:00 +0000 Received: by outflank-mailman (input) for mailman id 277607; Wed, 23 Feb 2022 16:14:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuI6-0004rC-Ak for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuI6-0005AA-A5 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuI6-0003rz-9Q for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:14:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y7HJstV2pdrY0xl3n6jHaV/RFScI6u9jnUld++S+/zs=; b=JoBjKU2BbPdyzMYXoMvRA/fLMX ArlxWITl6L0NqYsdqVDrwE2BSG6gR7G5ojDkfLaCa9ZkkFScZ8z6X//8+9THHHJ4JhecIqDfFDDM3 vm77ewOqaJQ3SpX4qbCsY3ub/4zwjCSt8T8cMo0bdcIe74HYlsQDk0RZGHGKtp6xqMUo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/vpci: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:14:58 +0000 commit 4ed7d5525f7675b364dcde5c248d841d44559d36 Author: Andrew Cooper AuthorDate: Fri Oct 29 11:57:06 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/vpci: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/vpci/header.c | 18 +++++++++--------- xen/drivers/vpci/msi.c | 42 +++++++++++++++++++++--------------------- xen/drivers/vpci/msix.c | 20 ++++++++++---------- xen/drivers/vpci/vpci.c | 16 ++++++++-------- xen/include/xen/vpci.h | 8 ++++---- 5 files changed, 52 insertions(+), 52 deletions(-) diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c index 40ff79c33f..a1c928a0d2 100644 --- a/xen/drivers/vpci/header.c +++ b/xen/drivers/vpci/header.c @@ -33,8 +33,8 @@ struct map_data { bool map; }; -static int map_range(unsigned long s, unsigned long e, void *data, - unsigned long *c) +static int cf_check map_range( + unsigned long s, unsigned long e, void *data, unsigned long *c) { const struct map_data *map = data; int rc; @@ -332,8 +332,8 @@ static int modify_bars(const struct pci_dev *pdev, uint16_t cmd, bool rom_only) return 0; } -static void cmd_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t cmd, void *data) +static void cf_check cmd_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t cmd, void *data) { uint16_t current_cmd = pci_conf_read16(pdev->sbdf, reg); @@ -353,8 +353,8 @@ static void cmd_write(const struct pci_dev *pdev, unsigned int reg, pci_conf_write16(pdev->sbdf, reg, cmd); } -static void bar_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check bar_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_bar *bar = data; bool hi = false; @@ -397,8 +397,8 @@ static void bar_write(const struct pci_dev *pdev, unsigned int reg, pci_conf_write32(pdev->sbdf, reg, val); } -static void rom_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check rom_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_header *header = &pdev->vpci->header; struct vpci_bar *rom = data; @@ -445,7 +445,7 @@ static void rom_write(const struct pci_dev *pdev, unsigned int reg, rom->addr = val & PCI_ROM_ADDRESS_MASK; } -static int init_bars(struct pci_dev *pdev) +static int cf_check init_bars(struct pci_dev *pdev) { uint16_t cmd; uint64_t addr, size; diff --git a/xen/drivers/vpci/msi.c b/xen/drivers/vpci/msi.c index 5757a7aed2..8f2b59e61a 100644 --- a/xen/drivers/vpci/msi.c +++ b/xen/drivers/vpci/msi.c @@ -22,8 +22,8 @@ #include -static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check control_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; @@ -34,8 +34,8 @@ static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, (msi->address64 ? PCI_MSI_FLAGS_64BIT : 0); } -static void control_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check control_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; unsigned int vectors = min_t(uint8_t, @@ -89,16 +89,16 @@ static void update_msi(const struct pci_dev *pdev, struct vpci_msi *msi) } /* Handlers for the address field (32bit or low part of a 64bit address). */ -static uint32_t address_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check address_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->address; } -static void address_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check address_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -110,16 +110,16 @@ static void address_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the high part of a 64bit address field. */ -static uint32_t address_hi_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check address_hi_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->address >> 32; } -static void address_hi_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check address_hi_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -131,16 +131,16 @@ static void address_hi_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the data field. */ -static uint32_t data_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check data_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->data; } -static void data_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check data_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -150,16 +150,16 @@ static void data_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the MSI mask bits. */ -static uint32_t mask_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check mask_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->mask; } -static void mask_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check mask_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; uint32_t dmask = msi->mask ^ val; @@ -182,7 +182,7 @@ static void mask_write(const struct pci_dev *pdev, unsigned int reg, msi->mask = val; } -static int init_msi(struct pci_dev *pdev) +static int cf_check init_msi(struct pci_dev *pdev) { uint8_t slot = PCI_SLOT(pdev->devfn), func = PCI_FUNC(pdev->devfn); unsigned int pos = pci_find_cap_offset(pdev->seg, pdev->bus, slot, func, diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..2ab4079412 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -27,8 +27,8 @@ ((addr) >= vmsix_table_addr(vpci, nr) && \ (addr) < vmsix_table_addr(vpci, nr) + vmsix_table_size(vpci, nr)) -static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check control_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msix *msix = data; @@ -65,8 +65,8 @@ static void update_entry(struct vpci_msix_entry *entry, entry->updated = false; } -static void control_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check control_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msix *msix = data; bool new_masked = val & PCI_MSIX_FLAGS_MASKALL; @@ -156,7 +156,7 @@ static struct vpci_msix *msix_find(const struct domain *d, unsigned long addr) return NULL; } -static int msix_accept(struct vcpu *v, unsigned long addr) +static int cf_check msix_accept(struct vcpu *v, unsigned long addr) { return !!msix_find(v->domain, addr); } @@ -182,8 +182,8 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } -static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, - unsigned long *data) +static int cf_check msix_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { const struct domain *d = v->domain; struct vpci_msix *msix = msix_find(d, addr); @@ -259,8 +259,8 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, return X86EMUL_OKAY; } -static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, - unsigned long data) +static int cf_check msix_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) { const struct domain *d = v->domain; struct vpci_msix *msix = msix_find(d, addr); @@ -428,7 +428,7 @@ int vpci_make_msix_hole(const struct pci_dev *pdev) return 0; } -static int init_msix(struct pci_dev *pdev) +static int cf_check init_msix(struct pci_dev *pdev) { struct domain *d = pdev->domain; uint8_t slot = PCI_SLOT(pdev->devfn), func = PCI_FUNC(pdev->devfn); diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index fb0947179b..f3b32d66cb 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -106,25 +106,25 @@ static int vpci_register_cmp(const struct vpci_register *r1, } /* Dummy hooks, writes are ignored, reads return 1's */ -static uint32_t vpci_ignored_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check vpci_ignored_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { return ~(uint32_t)0; } -static void vpci_ignored_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check vpci_ignored_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { } -uint32_t vpci_hw_read16(const struct pci_dev *pdev, unsigned int reg, - void *data) +uint32_t cf_check vpci_hw_read16( + const struct pci_dev *pdev, unsigned int reg, void *data) { return pci_conf_read16(pdev->sbdf, reg); } -uint32_t vpci_hw_read32(const struct pci_dev *pdev, unsigned int reg, - void *data) +uint32_t cf_check vpci_hw_read32( + const struct pci_dev *pdev, unsigned int reg, void *data) { return pci_conf_read32(pdev->sbdf, reg); } diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index e8ac1eb395..bcad1516ae 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -46,10 +46,10 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, uint32_t data); /* Passthrough handlers. */ -uint32_t vpci_hw_read16(const struct pci_dev *pdev, unsigned int reg, - void *data); -uint32_t vpci_hw_read32(const struct pci_dev *pdev, unsigned int reg, - void *data); +uint32_t cf_check vpci_hw_read16( + const struct pci_dev *pdev, unsigned int reg, void *data); +uint32_t cf_check vpci_hw_read32( + const struct pci_dev *pdev, unsigned int reg, void *data); /* * Check for pending vPCI operations on this vcpu. Returns true if the vcpu -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277608.474232 (Exim 4.92) (envelope-from ) id 1nMuII-0004wV-Co; Wed, 23 Feb 2022 16:15:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277608.474232; Wed, 23 Feb 2022 16:15:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuII-0004wN-9b; Wed, 23 Feb 2022 16:15:10 +0000 Received: by outflank-mailman (input) for mailman id 277608; Wed, 23 Feb 2022 16:15:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIG-0004w5-Dl for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIG-0005At-D4 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuIG-0003t6-CT for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8mV5+GNSJbvkzQmLuE4xCbzC+3nHtAq0eYfv595mMoc=; b=iX6WRD26VwO5Cj2ibz3t6JRI0b 1FIPmoPveO5qAxzlKkTOF6Bf++HPaK6DNNOZxxdZW/thz0FcOjdVNUxTd6Mk7NbfysPs0zlCTnSyG qbzX82U80YO3/9eumgXDQZ5OsFfvHs1mav7EefAx1MyDqixfYD4mV226DiSngMmlrGuc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/decompress: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:15:08 +0000 commit b22f4b696d3e7b811ed976add0b92f72b590dec1 Author: Andrew Cooper AuthorDate: Fri Oct 29 20:57:23 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/decompress: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/bunzip2.c | 2 +- xen/common/decompress.c | 2 +- xen/common/unlzma.c | 2 +- xen/common/zstd/zstd_common.c | 4 ++-- xen/common/zstd/zstd_internal.h | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c index 2087cfbbed..782b589a8b 100644 --- a/xen/common/bunzip2.c +++ b/xen/common/bunzip2.c @@ -607,7 +607,7 @@ decode_next_byte: goto decode_next_byte; } -static int __init nofill(void *buf, unsigned int len) +static int __init cf_check nofill(void *buf, unsigned int len) { return -1; } diff --git a/xen/common/decompress.c b/xen/common/decompress.c index 79e60f4802..989336983f 100644 --- a/xen/common/decompress.c +++ b/xen/common/decompress.c @@ -3,7 +3,7 @@ #include #include -static void __init error(const char *msg) +static void __init cf_check error(const char *msg) { printk("%s\n", msg); } diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c index d0ef78eef0..6cd99023ad 100644 --- a/xen/common/unlzma.c +++ b/xen/common/unlzma.c @@ -76,7 +76,7 @@ struct rc { #define RC_MODEL_TOTAL_BITS 11 -static int __init nofill(void *buffer, unsigned int len) +static int __init cf_check nofill(void *buffer, unsigned int len) { return -1; } diff --git a/xen/common/zstd/zstd_common.c b/xen/common/zstd/zstd_common.c index 9a85e938cd..5c44e5db76 100644 --- a/xen/common/zstd/zstd_common.c +++ b/xen/common/zstd/zstd_common.c @@ -54,12 +54,12 @@ void *__init ZSTD_stackAllocAll(void *opaque, size_t *size) return stack_push(stack, *size); } -void *__init ZSTD_stackAlloc(void *opaque, size_t size) +void *__init cf_check ZSTD_stackAlloc(void *opaque, size_t size) { ZSTD_stack *stack = (ZSTD_stack *)opaque; return stack_push(stack, size); } -void __init ZSTD_stackFree(void *opaque, void *address) +void __init cf_check ZSTD_stackFree(void *opaque, void *address) { (void)opaque; (void)address; diff --git a/xen/common/zstd/zstd_internal.h b/xen/common/zstd/zstd_internal.h index b7dd14f6ce..94f8c58622 100644 --- a/xen/common/zstd/zstd_internal.h +++ b/xen/common/zstd/zstd_internal.h @@ -351,8 +351,8 @@ typedef struct { ZSTD_customMem ZSTD_initStack(void *workspace, size_t workspaceSize); void *ZSTD_stackAllocAll(void *opaque, size_t *size); -void *ZSTD_stackAlloc(void *opaque, size_t size); -void ZSTD_stackFree(void *opaque, void *address); +void *cf_check ZSTD_stackAlloc(void *opaque, size_t size); +void cf_check ZSTD_stackFree(void *opaque, void *address); /*====== common function ======*/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277609.474236 (Exim 4.92) (envelope-from ) id 1nMuIS-0004z8-EW; Wed, 23 Feb 2022 16:15:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277609.474236; Wed, 23 Feb 2022 16:15:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIS-0004z1-BB; Wed, 23 Feb 2022 16:15:20 +0000 Received: by outflank-mailman (input) for mailman id 277609; Wed, 23 Feb 2022 16:15:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIQ-0004yn-HB for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIQ-0005Cv-GS for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuIQ-0003tb-Fq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YsX/xavejffEsl7WT5+QVxV2L5vIXYIfh1meyd7Vj2c=; b=PsUMmT5bH37cXye0u9qgWXt8vO sJJU71raRMmQf61HotwEFphd1RpvGo7PXQTgotmloqfGxrpcFPiHjv6pc+wTmdDRj2ZasAGIpQC8i 7uoPbsbLdZZhXQUVJq126hdBIpwaPVE8H29fNCxrPrc6+I4BBon5HZBYBflv8xHQlpDQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/iommu: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:15:18 +0000 commit 991a06d71a73cae097a55e60f38c2ae38ef36e10 Author: Andrew Cooper AuthorDate: Fri Oct 29 18:30:29 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/iommu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. AMD's parse_ppr_log_entry() has no external callers, so becomes static. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/compat/memory.c | 4 +- xen/drivers/passthrough/amd/iommu.h | 41 ++++++++-------- xen/drivers/passthrough/amd/iommu_init.c | 22 ++++----- xen/drivers/passthrough/amd/iommu_intr.c | 18 +++---- xen/drivers/passthrough/amd/iommu_map.c | 22 +++++---- xen/drivers/passthrough/amd/pci_amd_iommu.c | 32 ++++++------- xen/drivers/passthrough/pci.c | 7 +-- xen/drivers/passthrough/vtd/dmar.c | 3 +- xen/drivers/passthrough/vtd/extern.h | 36 +++++++------- xen/drivers/passthrough/vtd/intremap.c | 14 +++--- xen/drivers/passthrough/vtd/iommu.c | 73 +++++++++++++++-------------- xen/drivers/passthrough/vtd/qinval.c | 28 +++++------ 12 files changed, 152 insertions(+), 148 deletions(-) diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index ec8ba54bb6..077ded4a75 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -23,8 +23,8 @@ struct get_reserved_device_memory { unsigned int used_entries; }; -static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, - u32 id, void *ctxt) +static int cf_check get_reserved_device_memory( + xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 99be9aafcc..03811fedea 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -236,25 +236,26 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int cf_check iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int cf_check amd_iommu_quarantine_init(struct domain *d); /* mapping functions */ -int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, - mfn_t mfn, unsigned int flags, - unsigned int *flush_flags); -int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags); +int __must_check cf_check amd_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags); +int __must_check cf_check amd_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, const struct ivrs_unity_map *map, unsigned int flag); int amd_iommu_reserve_domain_unity_unmap(struct domain *d, const struct ivrs_unity_map *map); -int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); -int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags); -int __must_check amd_iommu_flush_iotlb_all(struct domain *d); +int cf_check amd_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt); +int __must_check cf_check amd_iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags); +int __must_check cf_check amd_iommu_flush_iotlb_all(struct domain *d); /* device table functions */ int get_dma_requestor_id(uint16_t seg, uint16_t bdf); @@ -282,21 +283,21 @@ void amd_iommu_flush_all_caches(struct amd_iommu *iommu); struct amd_iommu *find_iommu_for_device(int seg, int bdf); /* interrupt remapping */ -bool iov_supports_xt(void); +bool cf_check iov_supports_xt(void); int amd_iommu_setup_ioapic_remapping(void); void *amd_iommu_alloc_intremap_table( const struct amd_iommu *, unsigned long **, unsigned int nr); -int amd_iommu_free_intremap_table( +int cf_check amd_iommu_free_intremap_table( const struct amd_iommu *, struct ivrs_mappings *, uint16_t); unsigned int amd_iommu_intremap_table_order( const void *irt, const struct amd_iommu *iommu); -void amd_iommu_ioapic_update_ire( +void cf_check amd_iommu_ioapic_update_ire( unsigned int apic, unsigned int reg, unsigned int value); -unsigned int amd_iommu_read_ioapic_from_ire( +unsigned int cf_check amd_iommu_read_ioapic_from_ire( unsigned int apic, unsigned int reg); -int amd_iommu_msi_msg_update_ire( +int cf_check amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg); -int amd_setup_hpet_msi(struct msi_desc *msi_desc); +int cf_check amd_setup_hpet_msi(struct msi_desc *msi_desc); void cf_check amd_iommu_dump_intremap_tables(unsigned char key); extern struct ioapic_sbdf { @@ -327,9 +328,9 @@ extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; /* power management support */ -void amd_iommu_resume(void); -int __must_check amd_iommu_suspend(void); -void amd_iommu_crash_shutdown(void); +void cf_check amd_iommu_resume(void); +int __must_check cf_check amd_iommu_suspend(void); +void cf_check amd_iommu_crash_shutdown(void); /* guest iommu support */ #ifdef CONFIG_HVM diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 34a9e49f1c..06b4d2b1fe 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -258,8 +258,8 @@ static void register_iommu_exclusion_range(struct amd_iommu *iommu) writel(entry, iommu->mmio_base+IOMMU_EXCLUSION_BASE_LOW_OFFSET); } -static void set_iommu_event_log_control(struct amd_iommu *iommu, - bool enable) +static void cf_check set_iommu_event_log_control( + struct amd_iommu *iommu, bool enable) { /* Reset head and tail pointer manually before enablement */ if ( enable ) @@ -275,8 +275,8 @@ static void set_iommu_event_log_control(struct amd_iommu *iommu, writeq(iommu->ctrl.raw, iommu->mmio_base + IOMMU_CONTROL_MMIO_OFFSET); } -static void set_iommu_ppr_log_control(struct amd_iommu *iommu, - bool enable) +static void cf_check set_iommu_ppr_log_control( + struct amd_iommu *iommu, bool enable) { /* Reset head and tail pointer manually before enablement */ if ( enable ) @@ -527,7 +527,7 @@ static hw_irq_controller iommu_x2apic_type = { .set_affinity = set_x2apic_affinity, }; -static void parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) +static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) { u32 code; static const char *const event_str[] = { @@ -628,7 +628,7 @@ static void iommu_check_event_log(struct amd_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } -void parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) +static void cf_check parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) { u16 device_id; @@ -1243,7 +1243,7 @@ static int __init alloc_ivrs_mappings(u16 seg) return 0; } -static int __init amd_iommu_setup_device_table( +static int __init cf_check amd_iommu_setup_device_table( u16 seg, struct ivrs_mappings *ivrs_mappings) { struct amd_iommu_dte *dt = IVRS_MAPPINGS_DEVTAB(ivrs_mappings); @@ -1543,7 +1543,7 @@ static void invalidate_all_domain_pages(void) amd_iommu_flush_all_pages(d); } -static int _invalidate_all_devices( +static int cf_check _invalidate_all_devices( u16 seg, struct ivrs_mappings *ivrs_mappings) { unsigned int bdf; @@ -1569,14 +1569,14 @@ static void invalidate_all_devices(void) iterate_ivrs_mappings(_invalidate_all_devices); } -int amd_iommu_suspend(void) +int cf_check amd_iommu_suspend(void) { amd_iommu_crash_shutdown(); return 0; } -void amd_iommu_crash_shutdown(void) +void cf_check amd_iommu_crash_shutdown(void) { struct amd_iommu *iommu; @@ -1584,7 +1584,7 @@ void amd_iommu_crash_shutdown(void) disable_iommu(iommu); } -void amd_iommu_resume(void) +void cf_check amd_iommu_resume(void) { struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index e7804413c7..cebf9ceca7 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -349,7 +349,7 @@ static int update_intremap_entry_from_ioapic( return 0; } -void amd_iommu_ioapic_update_ire( +void cf_check amd_iommu_ioapic_update_ire( unsigned int apic, unsigned int reg, unsigned int value) { struct IO_APIC_route_entry old_rte = { 0 }; @@ -455,7 +455,7 @@ void amd_iommu_ioapic_update_ire( } } -unsigned int amd_iommu_read_ioapic_from_ire( +unsigned int cf_check amd_iommu_read_ioapic_from_ire( unsigned int apic, unsigned int reg) { unsigned int idx; @@ -608,7 +608,7 @@ static struct amd_iommu *_find_iommu_for_device(int seg, int bdf) return ERR_PTR(-EINVAL); } -int amd_iommu_msi_msg_update_ire( +int cf_check amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg) { struct pci_dev *pdev = msi_desc->dev; @@ -653,7 +653,7 @@ int amd_iommu_msi_msg_update_ire( return rc; } -int amd_iommu_free_intremap_table( +int cf_check amd_iommu_free_intremap_table( const struct amd_iommu *iommu, struct ivrs_mappings *ivrs_mapping, uint16_t bdf) { @@ -727,7 +727,7 @@ void *amd_iommu_alloc_intremap_table( return tb; } -bool __init iov_supports_xt(void) +bool __init cf_check iov_supports_xt(void) { unsigned int apic; @@ -756,7 +756,7 @@ bool __init iov_supports_xt(void) return true; } -int __init amd_setup_hpet_msi(struct msi_desc *msi_desc) +int __init cf_check amd_setup_hpet_msi(struct msi_desc *msi_desc) { const struct amd_iommu *iommu; spinlock_t *lock; @@ -826,9 +826,9 @@ static void dump_intremap_table(const struct amd_iommu *iommu, } } -static int dump_intremap_mapping(const struct amd_iommu *iommu, - struct ivrs_mappings *ivrs_mapping, - uint16_t unused) +static int cf_check dump_intremap_mapping( + const struct amd_iommu *iommu, struct ivrs_mappings *ivrs_mapping, + uint16_t unused) { unsigned long flags; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index b0330157ea..bf5df5fe5d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -276,8 +276,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, return 0; } -int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, - unsigned int flags, unsigned int *flush_flags) +int cf_check amd_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); int rc; @@ -326,8 +327,8 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, return 0; } -int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags) +int cf_check amd_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags) { unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); @@ -370,9 +371,9 @@ static unsigned long flush_count(unsigned long dfn, unsigned long page_count, return end - start; } -int amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags) +int cf_check amd_iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags) { unsigned long dfn_l = dfn_x(dfn); @@ -410,7 +411,7 @@ int amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, return 0; } -int amd_iommu_flush_iotlb_all(struct domain *d) +int cf_check amd_iommu_flush_iotlb_all(struct domain *d) { amd_iommu_flush_all_pages(d); @@ -462,7 +463,8 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) +int cf_check amd_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt) { unsigned int seg = 0 /* XXX */, bdf; const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); @@ -537,7 +539,7 @@ int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) return 0; } -int __init amd_iommu_quarantine_init(struct domain *d) +int __init cf_check amd_iommu_quarantine_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); unsigned long end_gfn = diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 9642bba43a..e57f555d00 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -197,7 +197,7 @@ int __init acpi_ivrs_init(void) return 0; } -static int __init iov_detect(void) +static int __init cf_check iov_detect(void) { if ( !iommu_enable && !iommu_intremap ) return 0; @@ -217,7 +217,7 @@ static int __init iov_detect(void) return 0; } -static int iov_enable_xt(void) +static int cf_check iov_enable_xt(void) { int rc; @@ -253,7 +253,7 @@ int amd_iommu_alloc_root(struct domain *d) unsigned int __read_mostly amd_iommu_max_paging_mode = 6; int __read_mostly amd_iommu_min_paging_mode = 1; -static int amd_iommu_domain_init(struct domain *d) +static int cf_check amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -275,9 +275,9 @@ static int amd_iommu_domain_init(struct domain *d) return 0; } -static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev); +static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev); -static void __hwdom_init amd_iommu_hwdom_init(struct domain *d) +static void __hwdom_init cf_check amd_iommu_hwdom_init(struct domain *d) { const struct amd_iommu *iommu; @@ -350,8 +350,9 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, spin_unlock_irqrestore(&iommu->lock, flags); } -static int reassign_device(struct domain *source, struct domain *target, - u8 devfn, struct pci_dev *pdev) +static int cf_check reassign_device( + struct domain *source, struct domain *target, u8 devfn, + struct pci_dev *pdev) { struct amd_iommu *iommu; int bdf, rc; @@ -404,9 +405,8 @@ static int reassign_device(struct domain *source, struct domain *target, return 0; } -static int amd_iommu_assign_device(struct domain *d, u8 devfn, - struct pci_dev *pdev, - u32 flag) +static int cf_check amd_iommu_assign_device( + struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); @@ -435,7 +435,7 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, return rc; } -static void amd_iommu_clear_root_pgtable(struct domain *d) +static void cf_check amd_iommu_clear_root_pgtable(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -444,13 +444,13 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } -static void amd_iommu_domain_destroy(struct domain *d) +static void cf_check amd_iommu_domain_destroy(struct domain *d) { iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) +static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; @@ -525,7 +525,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } -static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) +static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; @@ -562,7 +562,7 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) return 0; } -static int amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) +static int cf_check amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) { int bdf = PCI_BDF2(bus, devfn); @@ -616,7 +616,7 @@ static void amd_dump_page_table_level(struct page_info *pg, int level, unmap_domain_page(table_vaddr); } -static void amd_dump_page_tables(struct domain *d) +static void cf_check amd_dump_page_tables(struct domain *d) { const struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 18af4e5088..22cb3872c2 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1098,7 +1098,7 @@ void pci_check_disable_device(u16 seg, u8 bus, u8 devfn) * scan pci devices to add all existed PCI devices to alldevs_list, * and setup pci hierarchy in array bus2bridge. */ -static int __init _scan_pci_devices(struct pci_seg *pseg, void *arg) +static int __init cf_check _scan_pci_devices(struct pci_seg *pseg, void *arg) { struct pci_dev *pdev; int bus, dev, func; @@ -1176,7 +1176,8 @@ static void __hwdom_init setup_one_hwdom_device(const struct setup_hwdom *ctxt, ctxt->d->domain_id, err); } -static int __hwdom_init _setup_hwdom_pci_devices(struct pci_seg *pseg, void *arg) +static int __hwdom_init cf_check _setup_hwdom_pci_devices( + struct pci_seg *pseg, void *arg) { struct setup_hwdom *ctxt = arg; int bus, devfn; @@ -1333,7 +1334,7 @@ bool_t pcie_aer_get_firmware_first(const struct pci_dev *pdev) } #endif -static int _dump_pci_devices(struct pci_seg *pseg, void *arg) +static int cf_check _dump_pci_devices(struct pci_seg *pseg, void *arg) { struct pci_dev *pdev; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index b8e91f5be1..63f8642e12 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -1046,7 +1046,8 @@ bool_t __init platform_supports_x2apic(void) return cpu_has_x2apic && ((dmar_flags & mask) == ACPI_DMAR_INTR_REMAP); } -int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) +int cf_check intel_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt) { struct acpi_rmrr_unit *rmrr, *rmrr_cur = NULL; unsigned int i; diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index ccf8df7be4..e6535548e1 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -33,9 +33,9 @@ void print_iommu_regs(struct acpi_drhd_unit *drhd); void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn); keyhandler_fn_t cf_check vtd_dump_iommu_info; -bool intel_iommu_supports_eim(void); -int intel_iommu_enable_eim(void); -void intel_iommu_disable_eim(void); +bool cf_check intel_iommu_supports_eim(void); +int cf_check intel_iommu_enable_eim(void); +void cf_check intel_iommu_disable_eim(void); int enable_qinval(struct vtd_iommu *iommu); void disable_qinval(struct vtd_iommu *iommu); @@ -51,15 +51,13 @@ int iommu_flush_iec_global(struct vtd_iommu *iommu); int iommu_flush_iec_index(struct vtd_iommu *iommu, u8 im, u16 iidx); void clear_fault_bits(struct vtd_iommu *iommu); -int __must_check vtd_flush_context_reg(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, - uint8_t function_mask, uint64_t type, - bool flush_non_present_entry); -int __must_check vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, - uint64_t addr, unsigned int size_order, - uint64_t type, - bool flush_non_present_entry, - bool flush_dev_iotlb); +int __must_check cf_check vtd_flush_context_reg( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry); +int __must_check cf_check vtd_flush_iotlb_reg( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb); struct vtd_iommu *ioapic_to_iommu(unsigned int apic_id); struct vtd_iommu *hpet_to_iommu(unsigned int hpet_id); @@ -86,17 +84,19 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn, const struct pci_dev *); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); -int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); +int cf_check intel_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt); -unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); -void io_apic_write_remap_rte(unsigned int apic, - unsigned int reg, unsigned int value); +unsigned int cf_check io_apic_read_remap_rte( + unsigned int apic, unsigned int reg); +void cf_check io_apic_write_remap_rte( + unsigned int apic, unsigned int reg, unsigned int value); struct msi_desc; struct msi_msg; -int msi_msg_write_remap_rte(struct msi_desc *, struct msi_msg *); +int cf_check msi_msg_write_remap_rte(struct msi_desc *, struct msi_msg *); -int intel_setup_hpet_msi(struct msi_desc *); +int cf_check intel_setup_hpet_msi(struct msi_desc *); int is_igd_vt_enabled_quirk(void); bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index 01152f2006..e6ba89591b 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -142,7 +142,7 @@ static void set_hpet_source_id(unsigned int id, struct iremap_entry *ire) set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_13_IGNORE_3, hpetid_to_bdf(id)); } -bool __init intel_iommu_supports_eim(void) +bool __init cf_check intel_iommu_supports_eim(void) { struct acpi_drhd_unit *drhd; unsigned int apic; @@ -414,7 +414,7 @@ static int ioapic_rte_to_remap_entry(struct vtd_iommu *iommu, return 0; } -unsigned int io_apic_read_remap_rte( +unsigned int cf_check io_apic_read_remap_rte( unsigned int apic, unsigned int reg) { unsigned int ioapic_pin = (reg - 0x10) / 2; @@ -438,7 +438,7 @@ unsigned int io_apic_read_remap_rte( return (*(((u32 *)&old_rte) + 0)); } -void io_apic_write_remap_rte( +void cf_check io_apic_write_remap_rte( unsigned int apic, unsigned int reg, unsigned int value) { unsigned int ioapic_pin = (reg - 0x10) / 2; @@ -639,7 +639,7 @@ static int msi_msg_to_remap_entry( return 0; } -int msi_msg_write_remap_rte( +int cf_check msi_msg_write_remap_rte( struct msi_desc *msi_desc, struct msi_msg *msg) { struct pci_dev *pdev = msi_desc->dev; @@ -651,7 +651,7 @@ int msi_msg_write_remap_rte( : -EINVAL; } -int __init intel_setup_hpet_msi(struct msi_desc *msi_desc) +int __init cf_check intel_setup_hpet_msi(struct msi_desc *msi_desc) { struct vtd_iommu *iommu = hpet_to_iommu(msi_desc->hpet_id); unsigned long flags; @@ -802,7 +802,7 @@ out: * This function is used to enable Interrupt remapping when * enable x2apic */ -int intel_iommu_enable_eim(void) +int cf_check intel_iommu_enable_eim(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -856,7 +856,7 @@ int intel_iommu_enable_eim(void) * This function is used to disable Interrupt remapping when * suspend local apic */ -void intel_iommu_disable_eim(void) +void cf_check intel_iommu_disable_eim(void) { struct acpi_drhd_unit *drhd; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 42181e12be..1a1cf14785 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -59,7 +59,7 @@ static unsigned int __read_mostly nr_iommus; static struct iommu_ops vtd_ops; static struct tasklet vtd_fault_tasklet; -static int setup_hwdom_device(u8 devfn, struct pci_dev *); +static int cf_check setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); static bool domid_mapping(const struct vtd_iommu *iommu) @@ -426,9 +426,9 @@ static void iommu_flush_write_buffer(struct vtd_iommu *iommu) } /* return value determine if we need a write buffer flush */ -int vtd_flush_context_reg(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, uint8_t function_mask, - uint64_t type, bool flush_non_present_entry) +int cf_check vtd_flush_context_reg( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry) { unsigned long flags; @@ -493,9 +493,10 @@ static int __must_check iommu_flush_context_device(struct vtd_iommu *iommu, } /* return value determine if we need a write buffer flush */ -int vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, uint64_t addr, - unsigned int size_order, uint64_t type, - bool flush_non_present_entry, bool flush_dev_iotlb) +int cf_check vtd_flush_iotlb_reg( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb) { int tlb_offset = ecap_iotlb_offset(iommu->ecap); uint64_t val = type | DMA_TLB_IVT; @@ -704,10 +705,9 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, return ret; } -static int __must_check iommu_flush_iotlb_pages(struct domain *d, - dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags) +static int __must_check cf_check iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags) { ASSERT(page_count && !dfn_eq(dfn, INVALID_DFN)); ASSERT(flush_flags); @@ -716,7 +716,7 @@ static int __must_check iommu_flush_iotlb_pages(struct domain *d, page_count); } -static int __must_check iommu_flush_iotlb_all(struct domain *d) +static int __must_check cf_check iommu_flush_iotlb_all(struct domain *d) { return iommu_flush_iotlb(d, INVALID_DFN, 0, 0); } @@ -1345,7 +1345,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) agaw = 64; \ agaw; }) -static int intel_iommu_domain_init(struct domain *d) +static int cf_check intel_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -1359,7 +1359,7 @@ static int intel_iommu_domain_init(struct domain *d) return 0; } -static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) +static void __hwdom_init cf_check intel_iommu_hwdom_init(struct domain *d) { struct acpi_drhd_unit *drhd; @@ -1808,7 +1808,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return ret; } -static void iommu_clear_root_pgtable(struct domain *d) +static void cf_check iommu_clear_root_pgtable(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -1817,7 +1817,7 @@ static void iommu_clear_root_pgtable(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } -static void iommu_domain_teardown(struct domain *d) +static void cf_check iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); const struct acpi_drhd_unit *drhd; @@ -1835,9 +1835,9 @@ static void iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } -static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, - mfn_t mfn, unsigned int flags, - unsigned int *flush_flags) +static int __must_check cf_check intel_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, *pte, old, new = {}; @@ -1906,8 +1906,8 @@ static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, return rc; } -static int __must_check intel_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags) +static int __must_check cf_check intel_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags) { /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) @@ -1922,8 +1922,8 @@ static int __must_check intel_iommu_unmap_page(struct domain *d, dfn_t dfn, return 0; } -static int intel_iommu_lookup_page(struct domain *d, dfn_t dfn, mfn_t *mfn, - unsigned int *flags) +static int cf_check intel_iommu_lookup_page( + struct domain *d, dfn_t dfn, mfn_t *mfn, unsigned int *flags) { struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, val; @@ -1975,7 +1975,7 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) +static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; @@ -2018,7 +2018,7 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) return 0; } -static int intel_iommu_enable_device(struct pci_dev *pdev) +static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) { struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); int ret = drhd ? ats_device(pdev, drhd) : -ENODEV; @@ -2033,7 +2033,7 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) return ret >= 0 ? 0 : ret; } -static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) +static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; @@ -2060,7 +2060,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) return domain_context_unmap(pdev->domain, devfn, pdev); } -static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) +static int __hwdom_init cf_check setup_hwdom_device( + u8 devfn, struct pci_dev *pdev) { return domain_context_mapping(pdev->domain, devfn, pdev); } @@ -2266,7 +2267,7 @@ static struct iommu_state { uint32_t fectl; } *__read_mostly iommu_state; -static int __init vtd_setup(void) +static int __init cf_check vtd_setup(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2401,7 +2402,7 @@ static int __init vtd_setup(void) return ret; } -static int reassign_device_ownership( +static int cf_check reassign_device_ownership( struct domain *source, struct domain *target, u8 devfn, struct pci_dev *pdev) @@ -2479,7 +2480,7 @@ static int reassign_device_ownership( return ret; } -static int intel_iommu_assign_device( +static int cf_check intel_iommu_assign_device( struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct domain *s = pdev->domain; @@ -2561,7 +2562,7 @@ static int intel_iommu_assign_device( return ret; } -static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) +static int cf_check intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) { u8 secbus; @@ -2571,7 +2572,7 @@ static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) return PCI_BDF2(bus, devfn); } -static int __must_check vtd_suspend(void) +static int __must_check cf_check vtd_suspend(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2614,7 +2615,7 @@ static int __must_check vtd_suspend(void) return 0; } -static void vtd_crash_shutdown(void) +static void cf_check vtd_crash_shutdown(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2635,7 +2636,7 @@ static void vtd_crash_shutdown(void) } } -static void vtd_resume(void) +static void cf_check vtd_resume(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2713,7 +2714,7 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, unmap_vtd_domain_page(pt_vaddr); } -static void vtd_dump_page_tables(struct domain *d) +static void cf_check vtd_dump_page_tables(struct domain *d) { const struct domain_iommu *hd = dom_iommu(d); @@ -2723,7 +2724,7 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int __init cf_check intel_iommu_quarantine_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); struct page_info *pg; diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index 9f291f47e5..beeb65f0de 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -322,9 +322,9 @@ int iommu_flush_iec_index(struct vtd_iommu *iommu, u8 im, u16 iidx) return queue_invalidate_iec_sync(iommu, IEC_INDEX_INVL, im, iidx); } -static int __must_check flush_context_qi(struct vtd_iommu *iommu, u16 did, - u16 sid, u8 fm, u64 type, - bool flush_non_present_entry) +static int __must_check cf_check flush_context_qi( + struct vtd_iommu *iommu, u16 did, u16 sid, u8 fm, u64 type, + bool flush_non_present_entry) { ASSERT(iommu->qinval_maddr); @@ -346,11 +346,9 @@ static int __must_check flush_context_qi(struct vtd_iommu *iommu, u16 did, type >> DMA_CCMD_INVL_GRANU_OFFSET); } -static int __must_check flush_iotlb_qi(struct vtd_iommu *iommu, u16 did, - u64 addr, - unsigned int size_order, u64 type, - bool flush_non_present_entry, - bool flush_dev_iotlb) +static int __must_check cf_check flush_iotlb_qi( + struct vtd_iommu *iommu, u16 did, u64 addr, unsigned int size_order, + u64 type, bool flush_non_present_entry, bool flush_dev_iotlb) { u8 dr = 0, dw = 0; int ret = 0, rc; @@ -461,18 +459,18 @@ int enable_qinval(struct vtd_iommu *iommu) return 0; } -static int vtd_flush_context_noop(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, uint8_t function_mask, - uint64_t type, bool flush_non_present_entry) +static int cf_check vtd_flush_context_noop( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry) { WARN(); return -EIO; } -static int vtd_flush_iotlb_noop(struct vtd_iommu *iommu, uint16_t did, - uint64_t addr, unsigned int size_order, - uint64_t type, bool flush_non_present_entry, - bool flush_dev_iotlb) +static int cf_check vtd_flush_iotlb_noop( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb) { WARN(); return -EIO; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277610.474240 (Exim 4.92) (envelope-from ) id 1nMuIc-00052d-HV; Wed, 23 Feb 2022 16:15:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277610.474240; Wed, 23 Feb 2022 16:15:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIc-00052V-EV; Wed, 23 Feb 2022 16:15:30 +0000 Received: by outflank-mailman (input) for mailman id 277610; Wed, 23 Feb 2022 16:15:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIa-00052B-KD for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIa-0005DA-JX for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuIa-0003uF-Ij for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e5FA6EKeYGmZ+i7Z7lna6fsKZtGhs4/mVC4HotbUHUE=; b=bQ73YIxHHn0hD1LK9sGNCbUgvi c8otH8d9LxukIcSp5OQ7X45dtWguictJ058Uqu5yNuJeWJ7Aly6Ssucat2+Lnc3boEALoH62nMHYJ B4RkhEa2gUbURSgeL3moeTLPF20U3XrzL0CjGyZMizUoJ4jXERcw5dbfaLy4tZ+HcGog=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/video: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:15:28 +0000 commit 17a69ac9d1e59fda240f996a27440d324bf020f8 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:41:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/video: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/video/lfb.c | 4 ++-- xen/drivers/video/lfb.h | 4 ++-- xen/drivers/video/vesa.c | 4 ++-- xen/drivers/video/vga.c | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/drivers/video/lfb.c b/xen/drivers/video/lfb.c index 9254b5e902..a6fb837974 100644 --- a/xen/drivers/video/lfb.c +++ b/xen/drivers/video/lfb.c @@ -53,7 +53,7 @@ static void lfb_show_line( } /* Fast mode which redraws all modified parts of a 2D text buffer. */ -void lfb_redraw_puts(const char *s, size_t nr) +void cf_check lfb_redraw_puts(const char *s, size_t nr) { unsigned int i, min_redraw_y = lfb.ypos; @@ -98,7 +98,7 @@ void lfb_redraw_puts(const char *s, size_t nr) } /* Slower line-based scroll mode which interacts better with dom0. */ -void lfb_scroll_puts(const char *s, size_t nr) +void cf_check lfb_scroll_puts(const char *s, size_t nr) { unsigned int i; diff --git a/xen/drivers/video/lfb.h b/xen/drivers/video/lfb.h index e743ccdd6b..42161402d6 100644 --- a/xen/drivers/video/lfb.h +++ b/xen/drivers/video/lfb.h @@ -35,8 +35,8 @@ struct lfb_prop { unsigned int text_rows; }; -void lfb_redraw_puts(const char *s, size_t nr); -void lfb_scroll_puts(const char *s, size_t nr); +void cf_check lfb_redraw_puts(const char *s, size_t nr); +void cf_check lfb_scroll_puts(const char *s, size_t nr); void lfb_carriage_return(void); void lfb_free(void); diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index c8f81a5cc5..c41f6b8d40 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -17,7 +17,7 @@ #define vlfb_info vga_console_info.u.vesa_lfb -static void lfb_flush(void); +static void cf_check lfb_flush(void); static unsigned char *__read_mostly lfb; static const struct font_desc *__initdata font; @@ -140,7 +140,7 @@ void __init vesa_init(void) video_puts = lfb_redraw_puts; } -static void lfb_flush(void) +static void cf_check lfb_flush(void) { __asm__ __volatile__ ("sfence" : : : "memory"); } diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index 5e58f83c97..e624ebff4f 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -19,8 +19,8 @@ static int vgacon_keep; static unsigned int xpos, ypos; static unsigned char *video; -static void vga_text_puts(const char *s, size_t nr); -static void vga_noop_puts(const char *s, size_t nr) {} +static void cf_check vga_text_puts(const char *s, size_t nr); +static void cf_check vga_noop_puts(const char *s, size_t nr) {} void (*video_puts)(const char *, size_t nr) = vga_noop_puts; /* @@ -179,7 +179,7 @@ void __init video_endboot(void) } } -static void vga_text_puts(const char *s, size_t nr) +static void cf_check vga_text_puts(const char *s, size_t nr) { for ( ; nr > 0; nr--, s++ ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277611.474244 (Exim 4.92) (envelope-from ) id 1nMuIm-00055d-J1; Wed, 23 Feb 2022 16:15:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277611.474244; Wed, 23 Feb 2022 16:15:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIm-00055V-G1; Wed, 23 Feb 2022 16:15:40 +0000 Received: by outflank-mailman (input) for mailman id 277611; Wed, 23 Feb 2022 16:15:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIk-00055I-NK for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIk-0005DK-Md for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuIk-0003uk-Lw for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CTvNzcHFRicAPkUPzWgojQE287FeBXu3Sm9ZJk7Lfok=; b=MS8U9DD84aFa0WxL8+oEBneRH9 zR3XNftPtFIXyhYwbRmmHVAzKhVVXv4u1UaRca0sChb7twmequ2EFbnl7JWaD3i/Xv5Icw6+Iueix w1AxvftjQ8BblWUcdZP/fTLbEp8suHqzMkUVr9ff2ENfyUSZX6VdkNpWXB04jUbnKiag=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/console: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:15:38 +0000 commit 780c89eefa22514b1a91b959bf7828504c6aed31 Author: Andrew Cooper AuthorDate: Thu Oct 28 14:06:28 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/console: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/char/console.c | 4 ++-- xen/drivers/char/ehci-dbgp.c | 24 +++++++++++++----------- xen/drivers/char/ns16550.c | 26 +++++++++++++------------- 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 380765ab02..d9d6556c22 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -552,7 +552,7 @@ static void __serial_rx(char c, struct cpu_user_regs *regs) #endif } -static void serial_rx(char c, struct cpu_user_regs *regs) +static void cf_check serial_rx(char c, struct cpu_user_regs *regs) { static int switch_code_count = 0; @@ -1286,7 +1286,7 @@ void panic(const char *fmt, ...) * ************************************************************** */ -static void suspend_steal_fn(const char *str, size_t nr) { } +static void cf_check suspend_steal_fn(const char *str, size_t nr) { } static int suspend_steal_id; int console_suspend(void) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index a6b57fdf2d..e205c0da6a 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1000,13 +1000,15 @@ err: typedef void (*set_debug_port_t)(struct ehci_dbgp *, unsigned int); -static void default_set_debug_port(struct ehci_dbgp *dbgp, unsigned int port) +static void cf_check default_set_debug_port( + struct ehci_dbgp *dbgp, unsigned int port) { } static set_debug_port_t __read_mostly set_debug_port = default_set_debug_port; -static void nvidia_set_debug_port(struct ehci_dbgp *dbgp, unsigned int port) +static void cf_check nvidia_set_debug_port( + struct ehci_dbgp *dbgp, unsigned int port) { uint32_t dword = pci_conf_read32(PCI_SBDF(0, dbgp->bus, dbgp->slot, dbgp->func), 0x74); @@ -1167,7 +1169,7 @@ static inline void _ehci_dbgp_flush(struct ehci_dbgp *dbgp) dbgp->out.chunk = 0; } -static void ehci_dbgp_flush(struct serial_port *port) +static void cf_check ehci_dbgp_flush(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; s_time_t goal; @@ -1196,7 +1198,7 @@ static void ehci_dbgp_flush(struct serial_port *port) set_timer(&dbgp->timer, goal); } -static void ehci_dbgp_putc(struct serial_port *port, char c) +static void cf_check ehci_dbgp_putc(struct serial_port *port, char c) { struct ehci_dbgp *dbgp = port->uart; @@ -1209,7 +1211,7 @@ static void ehci_dbgp_putc(struct serial_port *port, char c) ehci_dbgp_flush(port); } -static int ehci_dbgp_tx_ready(struct serial_port *port) +static int cf_check ehci_dbgp_tx_ready(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1228,7 +1230,7 @@ static int ehci_dbgp_tx_ready(struct serial_port *port) (dbgp->state == dbgp_idle) * DBGP_MAX_PACKET; } -static int ehci_dbgp_getc(struct serial_port *port, char *pc) +static int cf_check ehci_dbgp_getc(struct serial_port *port, char *pc) { struct ehci_dbgp *dbgp = port->uart; @@ -1309,7 +1311,7 @@ static bool_t ehci_dbgp_setup_preirq(struct ehci_dbgp *dbgp) return 0; } -static void __init ehci_dbgp_init_preirq(struct serial_port *port) +static void __init cf_check ehci_dbgp_init_preirq(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; u32 debug_port, offset; @@ -1358,7 +1360,7 @@ static void ehci_dbgp_setup_postirq(struct ehci_dbgp *dbgp) set_timer(&dbgp->timer, NOW() + MILLISECS(1)); } -static void __init ehci_dbgp_init_postirq(struct serial_port *port) +static void __init cf_check ehci_dbgp_init_postirq(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1409,12 +1411,12 @@ static int ehci_dbgp_check_release(struct ehci_dbgp *dbgp) return 0; } -static void __init ehci_dbgp_endboot(struct serial_port *port) +static void __init cf_check ehci_dbgp_endboot(struct serial_port *port) { ehci_dbgp_check_release(port->uart); } -static void ehci_dbgp_suspend(struct serial_port *port) +static void cf_check ehci_dbgp_suspend(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1431,7 +1433,7 @@ static void ehci_dbgp_suspend(struct serial_port *port) dbgp->state = dbgp_unsafe; } -static void ehci_dbgp_resume(struct serial_port *port) +static void cf_check ehci_dbgp_resume(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 990cad39fe..8df1ee4d5c 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -174,7 +174,7 @@ static void handle_dw_usr_busy_quirk(struct ns16550 *uart) } } -static void ns16550_interrupt( +static void cf_check ns16550_interrupt( int irq, void *dev_id, struct cpu_user_regs *regs) { struct serial_port *port = dev_id; @@ -239,7 +239,7 @@ static void cf_check ns16550_poll(void *data) #endif } -static int ns16550_tx_ready(struct serial_port *port) +static int cf_check ns16550_tx_ready(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -250,13 +250,13 @@ static int ns16550_tx_ready(struct serial_port *port) uart->lsr_mask ) == uart->lsr_mask ) ? uart->fifo_size : 0; } -static void ns16550_putc(struct serial_port *port, char c) +static void cf_check ns16550_putc(struct serial_port *port, char c) { struct ns16550 *uart = port->uart; ns_write_reg(uart, UART_THR, c); } -static int ns16550_getc(struct serial_port *port, char *pc) +static int cf_check ns16550_getc(struct serial_port *port, char *pc) { struct ns16550 *uart = port->uart; @@ -344,7 +344,7 @@ static void ns16550_setup_preirq(struct ns16550 *uart) UART_FCR_ENABLE | UART_FCR_CLRX | UART_FCR_CLTX | UART_FCR_TRG14); } -static void __init ns16550_init_preirq(struct serial_port *port) +static void __init cf_check ns16550_init_preirq(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -373,7 +373,7 @@ static void __init ns16550_init_preirq(struct serial_port *port) uart->fifo_size = 16; } -static void __init ns16550_init_irq(struct serial_port *port) +static void __init cf_check ns16550_init_irq(struct serial_port *port) { #ifdef NS16550_PCI struct ns16550 *uart = port->uart; @@ -399,7 +399,7 @@ static void ns16550_setup_postirq(struct ns16550 *uart) set_timer(&uart->timer, NOW() + MILLISECS(uart->timeout_ms)); } -static void __init ns16550_init_postirq(struct serial_port *port) +static void __init cf_check ns16550_init_postirq(struct serial_port *port) { struct ns16550 *uart = port->uart; int rc, bits; @@ -491,7 +491,7 @@ static void __init ns16550_init_postirq(struct serial_port *port) ns16550_setup_postirq(uart); } -static void ns16550_suspend(struct serial_port *port) +static void cf_check ns16550_suspend(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -543,7 +543,7 @@ static void cf_check ns16550_delayed_resume(void *data) _ns16550_resume(port); } -static void ns16550_resume(struct serial_port *port) +static void cf_check ns16550_resume(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -569,7 +569,7 @@ static void ns16550_resume(struct serial_port *port) _ns16550_resume(port); } -static void __init ns16550_endboot(struct serial_port *port) +static void __init cf_check ns16550_endboot(struct serial_port *port) { #ifdef CONFIG_HAS_IOPORTS struct ns16550 *uart = port->uart; @@ -583,13 +583,13 @@ static void __init ns16550_endboot(struct serial_port *port) #endif } -static int __init ns16550_irq(struct serial_port *port) +static int __init cf_check ns16550_irq(struct serial_port *port) { struct ns16550 *uart = port->uart; return ((uart->irq > 0) ? uart->irq : -1); } -static void ns16550_start_tx(struct serial_port *port) +static void cf_check ns16550_start_tx(struct serial_port *port) { struct ns16550 *uart = port->uart; u8 ier = ns_read_reg(uart, UART_IER); @@ -599,7 +599,7 @@ static void ns16550_start_tx(struct serial_port *port) ns_write_reg(uart, UART_IER, ier | UART_IER_ETHREI); } -static void ns16550_stop_tx(struct serial_port *port) +static void cf_check ns16550_stop_tx(struct serial_port *port) { struct ns16550 *uart = port->uart; u8 ier = ns_read_reg(uart, UART_IER); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277613.474248 (Exim 4.92) (envelope-from ) id 1nMuIw-00058e-Kx; Wed, 23 Feb 2022 16:15:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277613.474248; Wed, 23 Feb 2022 16:15:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIw-00058W-He; Wed, 23 Feb 2022 16:15:50 +0000 Received: by outflank-mailman (input) for mailman id 277613; Wed, 23 Feb 2022 16:15:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIu-00058A-RH for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuIu-0005DO-QY for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuIu-0003vH-Pu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/bjqoFvo0JiO+AFmegxhvsDpxqfKyFRzsP15FRqNxAs=; b=DchUO0tZugAgGf9JNHfhbgyhcC K0+mWgBa0SONlc9rh42+vnu5p4tZcaM0yduSSlRay2zNwa/hTrY8WB+PQ9AUklQWLEFRwo6Y/IseW yaqZaKQOC+hq+E0/ge9NWqnzuQpuBMI55khPkeUz1wsRYFYDD8/pq9VRCqStAeON+2e0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/misc: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:15:48 +0000 commit 66342fb5de2ffa7f26d5cabb4f7524bdb72be8b7 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:02:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/misc: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 6 ++++-- xen/arch/x86/setup.c | 4 ++-- xen/common/coverage/gcov.c | 8 ++++---- xen/common/coverage/llvm.c | 7 ++++--- xen/common/domain.c | 2 +- xen/common/gdbstub.c | 5 ++--- xen/common/livepatch.c | 7 +++---- xen/common/memory.c | 4 ++-- xen/common/page_alloc.c | 2 +- xen/common/radix-tree.c | 4 ++-- xen/common/rangeset.c | 2 +- xen/common/spinlock.c | 6 +++--- xen/common/vm_event.c | 6 +++--- xen/common/xmalloc_tlsf.c | 4 ++-- xen/drivers/passthrough/amd/iommu_init.c | 2 +- xen/include/xen/domain.h | 2 +- 16 files changed, 36 insertions(+), 35 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index a1b8737096..0665095d23 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -835,7 +835,8 @@ struct mmio_emul_range_ctxt { unsigned long mfn; }; -static int print_mmio_emul_range(unsigned long s, unsigned long e, void *arg) +static int cf_check print_mmio_emul_range( + unsigned long s, unsigned long e, void *arg) { const struct mmio_emul_range_ctxt *ctxt = arg; @@ -4606,7 +4607,8 @@ static int _handle_iomem_range(unsigned long s, unsigned long e, return 0; } -static int handle_iomem_range(unsigned long s, unsigned long e, void *p) +static int cf_check handle_iomem_range( + unsigned long s, unsigned long e, void *p) { int err = 0; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 3a4ec1fcfd..a9a371336b 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2021,8 +2021,8 @@ int __hwdom_init xen_in_range(unsigned long mfn) return 0; } -static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e, - void *ctx) +static int __hwdom_init cf_check io_bitmap_cb( + unsigned long s, unsigned long e, void *ctx) { struct domain *d = ctx; unsigned int i; diff --git a/xen/common/coverage/gcov.c b/xen/common/coverage/gcov.c index 3cc98728bf..327bf8d646 100644 --- a/xen/common/coverage/gcov.c +++ b/xen/common/coverage/gcov.c @@ -120,7 +120,7 @@ static int gcov_info_dump_payload(const struct gcov_info *info, } -static uint32_t gcov_get_size(void) +static uint32_t cf_check gcov_get_size(void) { uint32_t total_size = sizeof(uint32_t); /* Magic number XCOV */ struct gcov_info *info = NULL; @@ -140,7 +140,7 @@ static uint32_t gcov_get_size(void) return total_size; } -static void gcov_reset_all_counters(void) +static void cf_check gcov_reset_all_counters(void) { struct gcov_info *info = NULL; @@ -172,8 +172,8 @@ static int gcov_dump_one_record(const struct gcov_info *info, return gcov_info_dump_payload(info, buffer, off); } -static int gcov_dump_all(XEN_GUEST_HANDLE_PARAM(char) buffer, - uint32_t *buffer_size) +static int cf_check gcov_dump_all( + XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buffer_size) { uint32_t off; uint32_t magic = XEN_GCOV_FORMAT_MAGIC; diff --git a/xen/common/coverage/llvm.c b/xen/common/coverage/llvm.c index 766c07fd5d..50d7a3c5d3 100644 --- a/xen/common/coverage/llvm.c +++ b/xen/common/coverage/llvm.c @@ -94,18 +94,19 @@ extern uint64_t __stop___llvm_prf_cnts[]; #define START_COUNTERS ((void *)__start___llvm_prf_cnts) #define END_COUNTERS ((void *)__stop___llvm_prf_cnts) -static void reset_counters(void) +static void cf_check reset_counters(void) { memset(START_COUNTERS, 0, END_COUNTERS - START_COUNTERS); } -static uint32_t get_size(void) +static uint32_t cf_check get_size(void) { return ROUNDUP(sizeof(struct llvm_profile_header) + END_DATA - START_DATA + END_COUNTERS - START_COUNTERS + END_NAMES - START_NAMES, 8); } -static int dump(XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buf_size) +static int cf_check dump( + XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buf_size) { struct llvm_profile_header header = { .magic = LLVM_PROFILE_MAGIC, diff --git a/xen/common/domain.c b/xen/common/domain.c index f3d06df76c..351029f8b2 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1803,7 +1803,7 @@ static void cf_check _free_pirq_struct(struct rcu_head *head) xfree(container_of(head, struct pirq, rcu_head)); } -void free_pirq_struct(void *ptr) +void cf_check free_pirq_struct(void *ptr) { struct pirq *pirq = ptr; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 079c3ca961..d6872721dc 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -69,7 +69,7 @@ static void gdb_smp_resume(void); static char __initdata opt_gdb[30]; string_param("gdb", opt_gdb); -static void gdbstub_console_puts(const char *str, size_t nr); +static void cf_check gdbstub_console_puts(const char *str, size_t nr); /* value <-> char (de)serialzers */ static char @@ -546,8 +546,7 @@ __gdb_ctx = { }; static struct gdb_context *gdb_ctx = &__gdb_ctx; -static void -gdbstub_console_puts(const char *str, size_t nr) +static void cf_check gdbstub_console_puts(const char *str, size_t nr) { const char *p; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index e8714920dc..ec301a9f12 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -157,10 +157,9 @@ unsigned long livepatch_symbols_lookup_by_name(const char *symname) return 0; } -static const char *livepatch_symbols_lookup(unsigned long addr, - unsigned long *symbolsize, - unsigned long *offset, - char *namebuf) +static const char *cf_check livepatch_symbols_lookup( + unsigned long addr, unsigned long *symbolsize, unsigned long *offset, + char *namebuf) { const struct payload *data; unsigned int i, best; diff --git a/xen/common/memory.c b/xen/common/memory.c index ede45c4af9..69b0cd1e50 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1051,8 +1051,8 @@ struct get_reserved_device_memory { unsigned int used_entries; }; -static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, - u32 id, void *ctxt) +static int cf_check get_reserved_device_memory( + xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 3caf5c954b..4635718237 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1238,7 +1238,7 @@ struct scrub_wait_state { bool drop; }; -static void scrub_continue(void *data) +static void cf_check scrub_continue(void *data) { struct scrub_wait_state *st = data; diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 33b47748ae..adc3034222 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -52,7 +52,7 @@ struct rcu_node { struct rcu_head rcu_head; }; -static struct radix_tree_node *rcu_node_alloc(void *arg) +static struct radix_tree_node *cf_check rcu_node_alloc(void *arg) { struct rcu_node *rcu_node = xmalloc(struct rcu_node); return rcu_node ? &rcu_node->node : NULL; @@ -65,7 +65,7 @@ static void cf_check _rcu_node_free(struct rcu_head *head) xfree(rcu_node); } -static void rcu_node_free(struct radix_tree_node *node, void *arg) +static void cf_check rcu_node_free(struct radix_tree_node *node, void *arg) { struct rcu_node *rcu_node = container_of(node, struct rcu_node, node); call_rcu(&rcu_node->rcu_head, _rcu_node_free); diff --git a/xen/common/rangeset.c b/xen/common/rangeset.c index 885b6b15c2..a6ef264046 100644 --- a/xen/common/rangeset.c +++ b/xen/common/rangeset.c @@ -384,7 +384,7 @@ int rangeset_consume_ranges(struct rangeset *r, return rc; } -static int merge(unsigned long s, unsigned long e, void *data) +static int cf_check merge(unsigned long s, unsigned long e, void *data) { struct rangeset *r = data; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 25bfbf3c47..62c83aaa6a 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -375,7 +375,7 @@ static void spinlock_profile_iterate(lock_profile_subfunc *sub, void *par) spin_unlock(&lock_profile_lock); } -static void spinlock_profile_print_elem(struct lock_profile *data, +static void cf_check spinlock_profile_print_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { struct spinlock *lock = data->lock; @@ -404,7 +404,7 @@ void cf_check spinlock_profile_printall(unsigned char key) spinlock_profile_iterate(spinlock_profile_print_elem, NULL); } -static void spinlock_profile_reset_elem(struct lock_profile *data, +static void cf_check spinlock_profile_reset_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { data->lock_cnt = 0; @@ -428,7 +428,7 @@ typedef struct { int rc; } spinlock_profile_ucopy_t; -static void spinlock_profile_ucopy_elem(struct lock_profile *data, +static void cf_check spinlock_profile_ucopy_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { spinlock_profile_ucopy_t *p = par; diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 70ab3ba406..84cf52636b 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -523,21 +523,21 @@ int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved, #ifdef CONFIG_MEM_PAGING /* Registered with Xen-bound event channel for incoming notifications. */ -static void mem_paging_notification(struct vcpu *v, unsigned int port) +static void cf_check mem_paging_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_paging); } #endif /* Registered with Xen-bound event channel for incoming notifications. */ -static void monitor_notification(struct vcpu *v, unsigned int port) +static void cf_check monitor_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_monitor); } #ifdef CONFIG_MEM_SHARING /* Registered with Xen-bound event channel for incoming notifications. */ -static void mem_sharing_notification(struct vcpu *v, unsigned int port) +static void cf_check mem_sharing_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_share); } diff --git a/xen/common/xmalloc_tlsf.c b/xen/common/xmalloc_tlsf.c index e3f6886e6b..d2ad909502 100644 --- a/xen/common/xmalloc_tlsf.c +++ b/xen/common/xmalloc_tlsf.c @@ -512,13 +512,13 @@ int xmem_pool_maxalloc(struct xmem_pool *pool) static struct xmem_pool *xenpool; -static void *xmalloc_pool_get(unsigned long size) +static void *cf_check xmalloc_pool_get(unsigned long size) { ASSERT(size == PAGE_SIZE); return alloc_xenheap_page(); } -static void xmalloc_pool_put(void *p) +static void cf_check xmalloc_pool_put(void *p) { free_xenheap_page(p); } diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 06b4d2b1fe..cebcd68a6c 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1073,7 +1073,7 @@ static void * __init allocate_ppr_log(struct amd_iommu *iommu) #define IVRS_MAPPINGS_DEVTAB(m) (m)[ivrs_bdf_entries].intremap_table /* Gets passed to radix_tree_destroy(), so its param needs to be void *. */ -static void __init free_ivrs_mapping_callback(void *ptr) +static void __init cf_check free_ivrs_mapping_callback(void *ptr) { const struct ivrs_mappings *ivrs_mappings = ptr; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 24eb4cc7d3..1c3c88a14d 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -52,7 +52,7 @@ void free_vcpu_struct(struct vcpu *v); #ifndef alloc_pirq_struct struct pirq *alloc_pirq_struct(struct domain *); #endif -void free_pirq_struct(void *); +void cf_check free_pirq_struct(void *); /* * Initialise/destroy arch-specific details of a VCPU. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:15:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:15:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277614.474253 (Exim 4.92) (envelope-from ) id 1nMuJ5-0005Bc-Oy; Wed, 23 Feb 2022 16:15:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277614.474253; Wed, 23 Feb 2022 16:15:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJ5-0005BU-Lc; Wed, 23 Feb 2022 16:15:59 +0000 Received: by outflank-mailman (input) for mailman id 277614; Wed, 23 Feb 2022 16:15:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJ4-0005BL-V9 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJ4-0005Do-UU for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJ4-0003w0-Th for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:15:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PtCyKYd94bsLJZMaYzcZEJZxhpGZ7Qq/VudLs2UZpSU=; b=PiqeJZAW9e7ifOJ9+HViHayy3w uUpG90eKLtx2jNFDjl4OODncdycTA9h7b+YS8ke02eCYCsYdhtbGhyyBymlAEF8MKTLy/d1j1tZke uAysL+CpzmPYt2trixyxre7dAQzSlKQ1jOqIrANULB2baeeIg7aKfTebMDh5xjhykRbQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: CFI hardening for request_irq() Message-Id: Date: Wed, 23 Feb 2022 16:15:58 +0000 commit e88a591461a8a590a391378a6b24221d6ce09f95 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:08:31 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: CFI hardening for request_irq() ... and friends; alloc_direct_apic_vector() and set_direct_apic_vector(). Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/apic.c | 8 ++++---- xen/arch/x86/cpu/mcheck/mce_intel.c | 4 ++-- xen/arch/x86/guest/xen/xen.c | 2 +- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/arch/x86/include/asm/irq.h | 16 ++++++++-------- xen/arch/x86/irq.c | 2 +- xen/arch/x86/smp.c | 6 +++--- xen/arch/x86/time.c | 3 ++- xen/drivers/passthrough/amd/iommu_init.c | 4 ++-- xen/drivers/passthrough/vtd/iommu.c | 4 ++-- 11 files changed, 29 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 68e4d870c7..5a7a58dc98 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1361,7 +1361,7 @@ int reprogram_timer(s_time_t timeout) return apic_tmict || !timeout; } -void apic_timer_interrupt(struct cpu_user_regs * regs) +void cf_check apic_timer_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(apic_timer); @@ -1380,7 +1380,7 @@ void smp_send_state_dump(unsigned int cpu) /* * Spurious interrupts should _never_ happen with our APIC/SMP architecture. */ -void spurious_interrupt(struct cpu_user_regs *regs) +void cf_check spurious_interrupt(struct cpu_user_regs *regs) { /* * Check if this is a vectored interrupt (most likely, as this is probably @@ -1411,7 +1411,7 @@ void spurious_interrupt(struct cpu_user_regs *regs) * This interrupt should never happen with our APIC/SMP architecture */ -void error_interrupt(struct cpu_user_regs *regs) +void cf_check error_interrupt(struct cpu_user_regs *regs) { static const char *const esr_fields[] = { "Send CS error", @@ -1444,7 +1444,7 @@ void error_interrupt(struct cpu_user_regs *regs) * This interrupt handles performance counters interrupt */ -void pmu_apic_interrupt(struct cpu_user_regs *regs) +void cf_check pmu_apic_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); vpmu_do_interrupt(regs); diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index a691e10bdc..7aaa56fd02 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -55,7 +55,7 @@ bool __read_mostly lmce_support; #define MCE_RING 0x1 static DEFINE_PER_CPU(int, last_state); -static void intel_thermal_interrupt(struct cpu_user_regs *regs) +static void cf_check intel_thermal_interrupt(struct cpu_user_regs *regs) { uint64_t msr_content; unsigned int cpu = smp_processor_id(); @@ -639,7 +639,7 @@ static void cpu_mcheck_disable(void) clear_cmci(); } -static void cmci_interrupt(struct cpu_user_regs *regs) +static void cf_check cmci_interrupt(struct cpu_user_regs *regs) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index b2aa3a009b..17807cdea6 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -170,7 +170,7 @@ static void __init init_memmap(void) } } -static void xen_evtchn_upcall(struct cpu_user_regs *regs) +static void cf_check xen_evtchn_upcall(struct cpu_user_regs *regs) { struct vcpu_info *vcpu_info = this_cpu(vcpu_info); unsigned long pending; diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 7a810e4e71..5d4f891566 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -237,8 +237,8 @@ again: } } -static void hpet_interrupt_handler(int irq, void *data, - struct cpu_user_regs *regs) +static void cf_check hpet_interrupt_handler( + int irq, void *data, struct cpu_user_regs *regs) { struct hpet_event_channel *ch = data; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 36c8a12cfe..dade08f602 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2533,7 +2533,7 @@ static struct hvm_function_table __initdata vmx_function_table = { }; /* Handle VT-d posted-interrupt when VCPU is blocked. */ -static void pi_wakeup_interrupt(struct cpu_user_regs *regs) +static void cf_check pi_wakeup_interrupt(struct cpu_user_regs *regs) { struct vmx_vcpu *vmx, *tmp; spinlock_t *lock = &per_cpu(vmx_pi_blocking, smp_processor_id()).lock; @@ -2565,7 +2565,7 @@ static void pi_wakeup_interrupt(struct cpu_user_regs *regs) } /* Handle VT-d posted-interrupt when VCPU is running. */ -static void pi_notification_interrupt(struct cpu_user_regs *regs) +static void cf_check pi_notification_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); this_cpu(irq_count)++; diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 7c825e9d9c..b3f49abc55 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -93,14 +93,14 @@ static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) #define platform_legacy_irq(irq) ((irq) < 16) -void event_check_interrupt(struct cpu_user_regs *regs); -void invalidate_interrupt(struct cpu_user_regs *regs); -void call_function_interrupt(struct cpu_user_regs *regs); -void apic_timer_interrupt(struct cpu_user_regs *regs); -void error_interrupt(struct cpu_user_regs *regs); -void pmu_apic_interrupt(struct cpu_user_regs *regs); -void spurious_interrupt(struct cpu_user_regs *regs); -void irq_move_cleanup_interrupt(struct cpu_user_regs *regs); +void cf_check event_check_interrupt(struct cpu_user_regs *regs); +void cf_check invalidate_interrupt(struct cpu_user_regs *regs); +void cf_check call_function_interrupt(struct cpu_user_regs *regs); +void cf_check apic_timer_interrupt(struct cpu_user_regs *regs); +void cf_check error_interrupt(struct cpu_user_regs *regs); +void cf_check pmu_apic_interrupt(struct cpu_user_regs *regs); +void cf_check spurious_interrupt(struct cpu_user_regs *regs); +void cf_check irq_move_cleanup_interrupt(struct cpu_user_regs *regs); uint8_t alloc_hipriority_vector(void); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index f43b926ed2..61e09a356f 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -744,7 +744,7 @@ void move_native_irq(struct irq_desc *desc) desc->handler->enable(desc); } -void irq_move_cleanup_interrupt(struct cpu_user_regs *regs) +void cf_check irq_move_cleanup_interrupt(struct cpu_user_regs *regs) { unsigned vector, me; diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index b9a696f619..33748e629a 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -246,7 +246,7 @@ static cpumask_t flush_cpumask; static const void *flush_va; static unsigned int flush_flags; -void invalidate_interrupt(struct cpu_user_regs *regs) +void cf_check invalidate_interrupt(struct cpu_user_regs *regs) { unsigned int flags = flush_flags; ack_APIC_irq(); @@ -385,14 +385,14 @@ void smp_send_nmi_allbutself(void) send_IPI_mask(&cpu_online_map, APIC_DM_NMI); } -void event_check_interrupt(struct cpu_user_regs *regs) +void cf_check event_check_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(ipis); this_cpu(irq_count)++; } -void call_function_interrupt(struct cpu_user_regs *regs) +void cf_check call_function_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(ipis); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 10efe13c84..a296704fb1 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -196,7 +196,8 @@ static void smp_send_timer_broadcast_ipi(void) } } -static void timer_interrupt(int irq, void *dev_id, struct cpu_user_regs *regs) +static void cf_check timer_interrupt( + int irq, void *dev_id, struct cpu_user_regs *regs) { ASSERT(local_irq_is_enabled()); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index cebcd68a6c..d2ad282e93 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -715,8 +715,8 @@ static void cf_check do_amd_iommu_irq(void *unused) } } -static void iommu_interrupt_handler(int irq, void *dev_id, - struct cpu_user_regs *regs) +static void cf_check iommu_interrupt_handler( + int irq, void *dev_id, struct cpu_user_regs *regs) { unsigned long flags; struct amd_iommu *iommu = dev_id; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1a1cf14785..f2a5a4b4e4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1069,8 +1069,8 @@ static void cf_check do_iommu_page_fault(void *unused) __do_iommu_page_fault(drhd->iommu); } -static void iommu_page_fault(int irq, void *dev_id, - struct cpu_user_regs *regs) +static void cf_check iommu_page_fault( + int irq, void *dev_id, struct cpu_user_regs *regs) { /* * Just flag the tasklet as runnable. This is fine, according to VT-d -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:16:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:16:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277615.474256 (Exim 4.92) (envelope-from ) id 1nMuJF-0005Ej-QN; Wed, 23 Feb 2022 16:16:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277615.474256; Wed, 23 Feb 2022 16:16:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJF-0005Eb-NJ; Wed, 23 Feb 2022 16:16:09 +0000 Received: by outflank-mailman (input) for mailman id 277615; Wed, 23 Feb 2022 16:16:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJF-0005EU-50 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJF-0005E8-2O for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJF-0003xB-1W for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gJlhr/cbIM+MEYd4osNxm0KDnn/Fr8D/hcxH0z2r1Gg=; b=tLSMhKYfAhMW6eWA8RmMGI2e0+ o1zBm5ijfQ5Gts+oWD8a8zdW9yx0W+UQUYVNxK9m8g31pT1Il5X5LzSDAH1T09nfjKYvjLdmxDeo0 2tesDPTrAWdTBiMVwuMobwn1vzPwBXuFt5VqOuoxxzWae/S4GQxg/Yq7bht0QF+T0eVU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: CFI hardening for hvm_funcs Message-Id: Date: Wed, 23 Feb 2022 16:16:09 +0000 commit b158e72abe30821bcef8867387f350d290804edc Author: Andrew Cooper AuthorDate: Fri Oct 29 20:15:24 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: CFI hardening for hvm_funcs Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. In svm.c, make a few rearrangements. svm_update_guest_cr() has no external callers so can become static, but needs moving along with svm_fpu_enter() to avoid a forward declaration. Move svm_fpu_leave() too, to match. Also move svm_update_guest_efer() to drop its forward declaration. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/svm/nestedsvm.c | 22 +- xen/arch/x86/hvm/svm/svm.c | 390 ++++++++++++++------------- xen/arch/x86/hvm/vmx/intr.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 8 +- xen/arch/x86/hvm/vmx/vmx.c | 143 +++++----- xen/arch/x86/hvm/vmx/vvmx.c | 16 +- xen/arch/x86/include/asm/hvm/svm/nestedsvm.h | 18 +- xen/arch/x86/include/asm/hvm/svm/svm.h | 1 - xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 8 +- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 2 +- xen/arch/x86/include/asm/hvm/vmx/vvmx.h | 18 +- 11 files changed, 320 insertions(+), 308 deletions(-) diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c index abc178d8d4..9f5f35f16a 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -80,7 +80,7 @@ int nestedsvm_vmcb_map(struct vcpu *v, uint64_t vmcbaddr) } /* Interface methods */ -int nsvm_vcpu_initialise(struct vcpu *v) +int cf_check nsvm_vcpu_initialise(struct vcpu *v) { void *msrpm; struct nestedvcpu *nv = &vcpu_nestedhvm(v); @@ -110,7 +110,7 @@ int nsvm_vcpu_initialise(struct vcpu *v) return -ENOMEM; } -void nsvm_vcpu_destroy(struct vcpu *v) +void cf_check nsvm_vcpu_destroy(struct vcpu *v) { struct nestedvcpu *nv = &vcpu_nestedhvm(v); struct nestedsvm *svm = &vcpu_nestedsvm(v); @@ -150,7 +150,7 @@ void nsvm_vcpu_destroy(struct vcpu *v) svm->ns_iomap = NULL; } -int nsvm_vcpu_reset(struct vcpu *v) +int cf_check nsvm_vcpu_reset(struct vcpu *v) { struct nestedsvm *svm = &vcpu_nestedsvm(v); @@ -855,8 +855,8 @@ nsvm_vcpu_vmexit_inject(struct vcpu *v, struct cpu_user_regs *regs, return 0; } -int -nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *trap) +int cf_check nsvm_vcpu_vmexit_event( + struct vcpu *v, const struct x86_event *trap) { ASSERT(vcpu_nestedhvm(v).nv_vvmcx != NULL); @@ -865,7 +865,7 @@ nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *trap) return NESTEDHVM_VMEXIT_DONE; } -uint64_t nsvm_vcpu_hostcr3(struct vcpu *v) +uint64_t cf_check nsvm_vcpu_hostcr3(struct vcpu *v) { return vcpu_nestedsvm(v).ns_vmcb_hostcr3; } @@ -1030,8 +1030,7 @@ nsvm_vmcb_guest_intercepts_exitcode(struct vcpu *v, return 1; } -bool_t -nsvm_vmcb_guest_intercepts_event( +bool cf_check nsvm_vmcb_guest_intercepts_event( struct vcpu *v, unsigned int vector, int errcode) { return nsvm_vmcb_guest_intercepts_exitcode(v, @@ -1206,8 +1205,7 @@ nsvm_vmcb_prepare4vmexit(struct vcpu *v, struct cpu_user_regs *regs) return 0; } -bool_t -nsvm_vmcb_hap_enabled(struct vcpu *v) +bool cf_check nsvm_vmcb_hap_enabled(struct vcpu *v) { return vcpu_nestedsvm(v).ns_hap_enabled; } @@ -1216,7 +1214,7 @@ nsvm_vmcb_hap_enabled(struct vcpu *v) * walk is successful, the translated value is returned in * L1_gpa. The result value tells what to do next. */ -int nsvm_hap_walk_L1_p2m( +int cf_check nsvm_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec) { @@ -1241,7 +1239,7 @@ int nsvm_hap_walk_L1_p2m( return NESTEDHVM_PAGEFAULT_DONE; } -enum hvm_intblk nsvm_intr_blocked(struct vcpu *v) +enum hvm_intblk cf_check nsvm_intr_blocked(struct vcpu *v) { struct nestedsvm *svm = &vcpu_nestedsvm(v); struct nestedvcpu *nv = &vcpu_nestedhvm(v); diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index c4ce3f75ab..de6166241b 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -67,8 +67,6 @@ void noreturn svm_asm_do_resume(void); u32 svm_feature_flags; -static void svm_update_guest_efer(struct vcpu *); - static struct hvm_function_table svm_function_table; /* @@ -122,11 +120,166 @@ void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len) hvm_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } -static void svm_cpu_down(void) +static void cf_check svm_cpu_down(void) { write_efer(read_efer() & ~EFER_SVME); } +static void svm_fpu_enter(struct vcpu *v) +{ + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; + + vcpu_restore_fpu_lazy(v); + vmcb_set_exception_intercepts( + n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) & ~(1U << TRAP_no_device)); +} + +static void cf_check svm_fpu_leave(struct vcpu *v) +{ + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; + + ASSERT(!v->fpu_dirtied); + ASSERT(read_cr0() & X86_CR0_TS); + + /* + * If the guest does not have TS enabled then we must cause and handle an + * exception on first use of the FPU. If the guest *does* have TS enabled + * then this is not necessary: no FPU activity can occur until the guest + * clears CR0.TS, and we will initialise the FPU when that happens. + */ + if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) + { + vmcb_set_exception_intercepts( + n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) | (1U << TRAP_no_device)); + vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) | X86_CR0_TS); + } +} + +static void cf_check svm_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags) +{ + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; + uint64_t value; + + switch ( cr ) + { + case 0: + { + unsigned long hw_cr0_mask = 0; + + if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) + { + if ( v != current ) + { + if ( !v->arch.fully_eager_fpu ) + hw_cr0_mask |= X86_CR0_TS; + } + else if ( vmcb_get_cr0(vmcb) & X86_CR0_TS ) + svm_fpu_enter(v); + } + + if ( paging_mode_hap(v->domain) ) + { + uint32_t intercepts = vmcb_get_cr_intercepts(vmcb); + + /* Trap CR3 updates if CR3 memory events are enabled. */ + if ( v->domain->arch.monitor.write_ctrlreg_enabled & + monitor_ctrlreg_bitmask(VM_EVENT_X86_CR3) ) + vmcb_set_cr_intercepts(vmcb, intercepts | CR_INTERCEPT_CR3_WRITE); + } + + value = v->arch.hvm.guest_cr[0] | hw_cr0_mask; + if ( !paging_mode_hap(v->domain) ) + value |= X86_CR0_PG | X86_CR0_WP; + vmcb_set_cr0(vmcb, value); + break; + } + case 2: + vmcb_set_cr2(vmcb, v->arch.hvm.guest_cr[2]); + break; + case 3: + vmcb_set_cr3(vmcb, v->arch.hvm.hw_cr[3]); + if ( !nestedhvm_enabled(v->domain) ) + { + if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) + hvm_asid_flush_vcpu(v); + } + else if ( nestedhvm_vmswitch_in_progress(v) ) + ; /* CR3 switches during VMRUN/VMEXIT do not flush the TLB. */ + else if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) + hvm_asid_flush_vcpu_asid( + nestedhvm_vcpu_in_guestmode(v) + ? &vcpu_nestedhvm(v).nv_n2asid : &v->arch.hvm.n1asid); + break; + case 4: + value = HVM_CR4_HOST_MASK; + if ( paging_mode_hap(v->domain) ) + value &= ~X86_CR4_PAE; + value |= v->arch.hvm.guest_cr[4]; + + if ( !hvm_paging_enabled(v) ) + { + /* + * When the guest thinks paging is disabled, Xen may need to hide + * the effects of shadow paging, as hardware runs with the host + * paging settings, rather than the guests settings. + * + * Without CR0.PG, all memory accesses are user mode, so + * _PAGE_USER must be set in the shadow pagetables for guest + * userspace to function. This in turn trips up guest supervisor + * mode if SMEP/SMAP are left active in context. They wouldn't + * have any effect if paging was actually disabled, so hide them + * behind the back of the guest. + */ + value &= ~(X86_CR4_SMEP | X86_CR4_SMAP); + } + + vmcb_set_cr4(vmcb, value); + break; + default: + BUG(); + } +} + +static void cf_check svm_update_guest_efer(struct vcpu *v) +{ + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; + unsigned long guest_efer = v->arch.hvm.guest_efer, + xen_efer = read_efer(); + + if ( paging_mode_shadow(v->domain) ) + { + /* EFER.NX is a Xen-owned bit and is not under guest control. */ + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; + + /* + * CR0.PG is a Xen-owned bit, and remains set even when the guest has + * logically disabled paging. + * + * LMA was calculated using the guest CR0.PG setting, but LME needs + * clearing to avoid interacting with Xen's CR0.PG setting. As writes + * to CR0 are intercepted, it is safe to leave LME clear at this + * point, and fix up both LME and LMA when CR0.PG is set. + */ + if ( !(guest_efer & EFER_LMA) ) + guest_efer &= ~EFER_LME; + } + + /* SVME must remain set in non-root mode. */ + guest_efer |= EFER_SVME; + + vmcb_set_efer(vmcb, guest_efer); + + ASSERT(nestedhvm_enabled(v->domain) || + !(v->arch.hvm.guest_efer & EFER_SVME)); + + if ( nestedhvm_enabled(v->domain) ) + svm_nested_features_on_efer_update(v); +} + unsigned long * svm_msrbit(unsigned long *msr_bitmap, uint32_t msr) { @@ -165,7 +318,7 @@ void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags) __clear_bit(msr * 2 + 1, msr_bit); } -static void svm_enable_msr_interception(struct domain *d, uint32_t msr) +static void cf_check svm_enable_msr_interception(struct domain *d, uint32_t msr) { struct vcpu *v; @@ -377,13 +530,13 @@ static void svm_load_cpu_state(struct vcpu *v, struct hvm_hw_cpu *data) svm_update_guest_efer(v); } -static void svm_save_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static void cf_check svm_save_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { svm_save_cpu_state(v, ctxt); svm_vmcb_save(v, ctxt); } -static int svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static int cf_check svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { svm_load_cpu_state(v, ctxt); if ( svm_vmcb_restore(v, ctxt) ) @@ -396,39 +549,7 @@ static int svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) return 0; } -static void svm_fpu_enter(struct vcpu *v) -{ - struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; - - vcpu_restore_fpu_lazy(v); - vmcb_set_exception_intercepts( - n1vmcb, - vmcb_get_exception_intercepts(n1vmcb) & ~(1U << TRAP_no_device)); -} - -static void svm_fpu_leave(struct vcpu *v) -{ - struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; - - ASSERT(!v->fpu_dirtied); - ASSERT(read_cr0() & X86_CR0_TS); - - /* - * If the guest does not have TS enabled then we must cause and handle an - * exception on first use of the FPU. If the guest *does* have TS enabled - * then this is not necessary: no FPU activity can occur until the guest - * clears CR0.TS, and we will initialise the FPU when that happens. - */ - if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) - { - vmcb_set_exception_intercepts( - n1vmcb, - vmcb_get_exception_intercepts(n1vmcb) | (1U << TRAP_no_device)); - vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) | X86_CR0_TS); - } -} - -static unsigned int svm_get_interrupt_shadow(struct vcpu *v) +static unsigned cf_check int svm_get_interrupt_shadow(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; unsigned int intr_shadow = 0; @@ -442,7 +563,8 @@ static unsigned int svm_get_interrupt_shadow(struct vcpu *v) return intr_shadow; } -static void svm_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) +static void cf_check svm_set_interrupt_shadow( + struct vcpu *v, unsigned int intr_shadow) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -456,7 +578,7 @@ static void svm_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) vmcb_set_general1_intercepts(vmcb, general1_intercepts); } -static int svm_guest_x86_mode(struct vcpu *v) +static int cf_check svm_guest_x86_mode(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -469,129 +591,7 @@ static int svm_guest_x86_mode(struct vcpu *v) return likely(vmcb->cs.db) ? 4 : 2; } -void svm_update_guest_cr(struct vcpu *v, unsigned int cr, unsigned int flags) -{ - struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; - uint64_t value; - - switch ( cr ) - { - case 0: - { - unsigned long hw_cr0_mask = 0; - - if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) - { - if ( v != current ) - { - if ( !v->arch.fully_eager_fpu ) - hw_cr0_mask |= X86_CR0_TS; - } - else if ( vmcb_get_cr0(vmcb) & X86_CR0_TS ) - svm_fpu_enter(v); - } - - if ( paging_mode_hap(v->domain) ) - { - uint32_t intercepts = vmcb_get_cr_intercepts(vmcb); - - /* Trap CR3 updates if CR3 memory events are enabled. */ - if ( v->domain->arch.monitor.write_ctrlreg_enabled & - monitor_ctrlreg_bitmask(VM_EVENT_X86_CR3) ) - vmcb_set_cr_intercepts(vmcb, intercepts | CR_INTERCEPT_CR3_WRITE); - } - - value = v->arch.hvm.guest_cr[0] | hw_cr0_mask; - if ( !paging_mode_hap(v->domain) ) - value |= X86_CR0_PG | X86_CR0_WP; - vmcb_set_cr0(vmcb, value); - break; - } - case 2: - vmcb_set_cr2(vmcb, v->arch.hvm.guest_cr[2]); - break; - case 3: - vmcb_set_cr3(vmcb, v->arch.hvm.hw_cr[3]); - if ( !nestedhvm_enabled(v->domain) ) - { - if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu(v); - } - else if ( nestedhvm_vmswitch_in_progress(v) ) - ; /* CR3 switches during VMRUN/VMEXIT do not flush the TLB. */ - else if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu_asid( - nestedhvm_vcpu_in_guestmode(v) - ? &vcpu_nestedhvm(v).nv_n2asid : &v->arch.hvm.n1asid); - break; - case 4: - value = HVM_CR4_HOST_MASK; - if ( paging_mode_hap(v->domain) ) - value &= ~X86_CR4_PAE; - value |= v->arch.hvm.guest_cr[4]; - - if ( !hvm_paging_enabled(v) ) - { - /* - * When the guest thinks paging is disabled, Xen may need to hide - * the effects of shadow paging, as hardware runs with the host - * paging settings, rather than the guests settings. - * - * Without CR0.PG, all memory accesses are user mode, so - * _PAGE_USER must be set in the shadow pagetables for guest - * userspace to function. This in turn trips up guest supervisor - * mode if SMEP/SMAP are left active in context. They wouldn't - * have any effect if paging was actually disabled, so hide them - * behind the back of the guest. - */ - value &= ~(X86_CR4_SMEP | X86_CR4_SMAP); - } - - vmcb_set_cr4(vmcb, value); - break; - default: - BUG(); - } -} - -static void svm_update_guest_efer(struct vcpu *v) -{ - struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; - unsigned long guest_efer = v->arch.hvm.guest_efer, - xen_efer = read_efer(); - - if ( paging_mode_shadow(v->domain) ) - { - /* EFER.NX is a Xen-owned bit and is not under guest control. */ - guest_efer &= ~EFER_NXE; - guest_efer |= xen_efer & EFER_NXE; - - /* - * CR0.PG is a Xen-owned bit, and remains set even when the guest has - * logically disabled paging. - * - * LMA was calculated using the guest CR0.PG setting, but LME needs - * clearing to avoid interacting with Xen's CR0.PG setting. As writes - * to CR0 are intercepted, it is safe to leave LME clear at this - * point, and fix up both LME and LMA when CR0.PG is set. - */ - if ( !(guest_efer & EFER_LMA) ) - guest_efer &= ~EFER_LME; - } - - /* SVME must remain set in non-root mode. */ - guest_efer |= EFER_SVME; - - vmcb_set_efer(vmcb, guest_efer); - - ASSERT(nestedhvm_enabled(v->domain) || - !(v->arch.hvm.guest_efer & EFER_SVME)); - - if ( nestedhvm_enabled(v->domain) ) - svm_nested_features_on_efer_update(v); -} - -static void svm_cpuid_policy_changed(struct vcpu *v) +static void cf_check svm_cpuid_policy_changed(struct vcpu *v) { struct svm_vcpu *svm = &v->arch.hvm.svm; struct vmcb_struct *vmcb = svm->vmcb; @@ -636,13 +636,13 @@ void svm_sync_vmcb(struct vcpu *v, enum vmcb_sync_state new_state) } } -static unsigned int svm_get_cpl(struct vcpu *v) +static unsigned int cf_check svm_get_cpl(struct vcpu *v) { return vmcb_get_cpl(v->arch.hvm.svm.vmcb); } -static void svm_get_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check svm_get_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -686,8 +686,8 @@ static void svm_get_segment_register(struct vcpu *v, enum x86_segment seg, } } -static void svm_set_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check svm_set_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -756,12 +756,12 @@ static void svm_set_segment_register(struct vcpu *v, enum x86_segment seg, } } -static unsigned long svm_get_shadow_gs_base(struct vcpu *v) +static unsigned long cf_check svm_get_shadow_gs_base(struct vcpu *v) { return v->arch.hvm.svm.vmcb->kerngsbase; } -static int svm_set_guest_pat(struct vcpu *v, u64 gpat) +static int cf_check svm_set_guest_pat(struct vcpu *v, u64 gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -772,7 +772,7 @@ static int svm_set_guest_pat(struct vcpu *v, u64 gpat) return 1; } -static int svm_get_guest_pat(struct vcpu *v, u64 *gpat) +static int cf_check svm_get_guest_pat(struct vcpu *v, u64 *gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -820,7 +820,7 @@ static uint64_t svm_get_tsc_offset(uint64_t host_tsc, uint64_t guest_tsc, return guest_tsc - scale_tsc(host_tsc, ratio); } -static void svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) +static void cf_check svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct vmcb_struct *n1vmcb, *n2vmcb; @@ -856,7 +856,7 @@ static void svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) vmcb_set_tsc_offset(vmcb, offset + n2_tsc_offset); } -static void svm_set_rdtsc_exiting(struct vcpu *v, bool_t enable) +static void cf_check svm_set_rdtsc_exiting(struct vcpu *v, bool enable) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -875,7 +875,8 @@ static void svm_set_rdtsc_exiting(struct vcpu *v, bool_t enable) vmcb_set_general2_intercepts(vmcb, general2_intercepts); } -static void svm_set_descriptor_access_exiting(struct vcpu *v, bool enable) +static void cf_check svm_set_descriptor_access_exiting( + struct vcpu *v, bool enable) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -892,7 +893,7 @@ static void svm_set_descriptor_access_exiting(struct vcpu *v, bool enable) vmcb_set_general1_intercepts(vmcb, general1_intercepts); } -static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) +static unsigned int cf_check svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; unsigned int len = v->arch.hvm.svm.cached_insn_len; @@ -907,7 +908,7 @@ static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) return len; } -static void svm_init_hypercall_page(void *p) +static void cf_check svm_init_hypercall_page(void *p) { unsigned int i; @@ -1148,7 +1149,7 @@ static int acpi_c1e_quirk(int dir, unsigned int port, unsigned int bytes, return X86EMUL_OKAY; } -static int svm_domain_initialise(struct domain *d) +static int cf_check svm_domain_initialise(struct domain *d) { static const struct arch_csw csw = { .from = svm_ctxt_switch_from, @@ -1166,7 +1167,7 @@ static int svm_domain_initialise(struct domain *d) return 0; } -static int svm_vcpu_initialise(struct vcpu *v) +static int cf_check svm_vcpu_initialise(struct vcpu *v) { int rc; @@ -1183,7 +1184,7 @@ static int svm_vcpu_initialise(struct vcpu *v) return 0; } -static void svm_vcpu_destroy(struct vcpu *v) +static void cf_check svm_vcpu_destroy(struct vcpu *v) { svm_destroy_vmcb(v); passive_domain_destroy(v); @@ -1304,7 +1305,7 @@ static void svm_emul_swint_injection(struct x86_event *event) event->error_code = ec; } -static void svm_inject_event(const struct x86_event *event) +static void cf_check svm_inject_event(const struct x86_event *event) { struct vcpu *curr = current; struct vmcb_struct *vmcb = curr->arch.hvm.svm.vmcb; @@ -1434,12 +1435,12 @@ static void svm_inject_event(const struct x86_event *event) HVMTRACE_2D(INJ_EXC, _event.vector, _event.error_code); } -static bool svm_event_pending(const struct vcpu *v) +static bool cf_check svm_event_pending(const struct vcpu *v) { return v->arch.hvm.svm.vmcb->event_inj.v; } -static void svm_cpu_dead(unsigned int cpu) +static void cf_check svm_cpu_dead(unsigned int cpu) { paddr_t *this_hsa = &per_cpu(hsa, cpu); paddr_t *this_vmcb = &per_cpu(host_vmcb, cpu); @@ -1465,7 +1466,7 @@ static void svm_cpu_dead(unsigned int cpu) } } -static int svm_cpu_up_prepare(unsigned int cpu) +static int cf_check svm_cpu_up_prepare(unsigned int cpu) { paddr_t *this_hsa = &per_cpu(hsa, cpu); paddr_t *this_vmcb = &per_cpu(host_vmcb, cpu); @@ -1620,7 +1621,7 @@ static int _svm_cpu_up(bool bsp) return 0; } -static int svm_cpu_up(void) +static int cf_check svm_cpu_up(void) { return _svm_cpu_up(false); } @@ -1749,7 +1750,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, domain_crash(v->domain); } -static void svm_fpu_dirty_intercept(void) +static void cf_check svm_fpu_dirty_intercept(void) { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -1795,7 +1796,8 @@ static void svm_dr_access(struct vcpu *v, struct cpu_user_regs *regs) __restore_debug_registers(vmcb, v); } -static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) +static int cf_check svm_msr_read_intercept( + unsigned int msr, uint64_t *msr_content) { struct vcpu *v = current; const struct domain *d = v->domain; @@ -1990,7 +1992,8 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) return X86EMUL_EXCEPTION; } -static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) +static int cf_check svm_msr_write_intercept( + unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; struct domain *d = v->domain; @@ -2409,7 +2412,7 @@ static void svm_vmexit_mce_intercept( } } -static void svm_wbinvd_intercept(void) +static void cf_check svm_wbinvd_intercept(void) { if ( cache_flush_permitted(current->domain) ) flush_all(FLUSH_CACHE); @@ -2454,12 +2457,13 @@ static bool is_invlpg(const struct x86_emulate_state *state, (ext & 7) == 7; } -static void svm_invlpg(struct vcpu *v, unsigned long linear) +static void cf_check svm_invlpg(struct vcpu *v, unsigned long linear) { svm_asid_g_invlpg(v, linear); } -static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) +static bool cf_check svm_get_pending_event( + struct vcpu *v, struct x86_event *info) { const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -2473,7 +2477,7 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) return true; } -static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) +static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) { const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; @@ -2491,7 +2495,7 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) } } -static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) +static void cf_check svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c index 80bfbb4787..13bbe8430d 100644 --- a/xen/arch/x86/hvm/vmx/intr.c +++ b/xen/arch/x86/hvm/vmx/intr.c @@ -147,7 +147,7 @@ static void vmx_enable_intr_window(struct vcpu *v, struct hvm_intack intack) * used but may have negative impact on interrupt performance. */ -enum hvm_intblk nvmx_intr_blocked(struct vcpu *v) +enum hvm_intblk cf_check nvmx_intr_blocked(struct vcpu *v) { int r = hvm_intblk_none; struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index d2cafd8ca1..60b506ac3f 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -655,7 +655,7 @@ void vmx_vmcs_reload(struct vcpu *v) vmx_load_vmcs(v); } -int vmx_cpu_up_prepare(unsigned int cpu) +int cf_check vmx_cpu_up_prepare(unsigned int cpu) { /* * If nvmx_cpu_up_prepare() failed, do not return failure and just fallback @@ -676,7 +676,7 @@ int vmx_cpu_up_prepare(unsigned int cpu) return -ENOMEM; } -void vmx_cpu_dead(unsigned int cpu) +void cf_check vmx_cpu_dead(unsigned int cpu) { vmx_free_vmcs(per_cpu(vmxon_region, cpu)); per_cpu(vmxon_region, cpu) = 0; @@ -774,12 +774,12 @@ static int _vmx_cpu_up(bool bsp) return 0; } -int vmx_cpu_up() +int cf_check vmx_cpu_up() { return _vmx_cpu_up(false); } -void vmx_cpu_down(void) +void cf_check vmx_cpu_down(void) { struct list_head *active_vmcs_list = &this_cpu(active_vmcs_list); unsigned long flags; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index dade08f602..2c4804f9b8 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -68,14 +68,16 @@ static void vmx_ctxt_switch_to(struct vcpu *v); static int alloc_vlapic_mapping(void); static void vmx_install_vlapic_mapping(struct vcpu *v); -static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, - unsigned int flags); -static void vmx_update_guest_efer(struct vcpu *v); -static void vmx_wbinvd_intercept(void); -static void vmx_fpu_dirty_intercept(void); -static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content); -static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content); -static void vmx_invlpg(struct vcpu *v, unsigned long linear); +static void cf_check vmx_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags); +static void cf_check vmx_update_guest_efer(struct vcpu *v); +static void cf_check vmx_wbinvd_intercept(void); +static void cf_check vmx_fpu_dirty_intercept(void); +static int cf_check vmx_msr_read_intercept( + unsigned int msr, uint64_t *msr_content); +static int cf_check vmx_msr_write_intercept( + unsigned int msr, uint64_t msr_content); +static void cf_check vmx_invlpg(struct vcpu *v, unsigned long linear); static mfn_t __read_mostly apic_access_mfn = INVALID_MFN_INITIALIZER; @@ -103,7 +105,7 @@ void vmx_pi_per_cpu_init(unsigned int cpu) spin_lock_init(&per_cpu(vmx_pi_blocking, cpu).lock); } -static void vmx_vcpu_block(struct vcpu *v) +static void cf_check vmx_vcpu_block(struct vcpu *v) { unsigned long flags; unsigned int dest; @@ -395,7 +397,7 @@ void vmx_pi_hooks_deassign(struct domain *d) domain_unpause(d); } -static int vmx_domain_initialise(struct domain *d) +static int cf_check vmx_domain_initialise(struct domain *d) { static const struct arch_csw csw = { .from = vmx_ctxt_switch_from, @@ -414,7 +416,7 @@ static int vmx_domain_initialise(struct domain *d) return 0; } -static void domain_creation_finished(struct domain *d) +static void cf_check domain_creation_finished(struct domain *d) { gfn_t gfn = gaddr_to_gfn(APIC_DEFAULT_PHYS_BASE); bool ipat; @@ -444,7 +446,7 @@ static void vmx_init_ipt(struct vcpu *v) v->arch.msrs->rtit.output_limit = size - 1; } -static int vmx_vcpu_initialise(struct vcpu *v) +static int cf_check vmx_vcpu_initialise(struct vcpu *v) { int rc; @@ -491,7 +493,7 @@ static int vmx_vcpu_initialise(struct vcpu *v) return 0; } -static void vmx_vcpu_destroy(struct vcpu *v) +static void cf_check vmx_vcpu_destroy(struct vcpu *v) { /* * There are cases that domain still remains in log-dirty mode when it is @@ -589,7 +591,7 @@ void vmx_update_exception_bitmap(struct vcpu *v) __vmwrite(EXCEPTION_BITMAP, bitmap); } -static void vmx_cpuid_policy_changed(struct vcpu *v) +static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) { const struct cpuid_policy *cp = v->domain->arch.cpuid; int rc = 0; @@ -647,7 +649,7 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) } } -int vmx_guest_x86_mode(struct vcpu *v) +int cf_check vmx_guest_x86_mode(struct vcpu *v) { unsigned long cs_ar_bytes; @@ -844,7 +846,7 @@ static void vmx_load_cpu_state(struct vcpu *v, struct hvm_hw_cpu *data) } -static void vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static void cf_check vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { if ( v == current ) vmx_save_guest_msrs(v); @@ -853,7 +855,7 @@ static void vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) vmx_vmcs_save(v, ctxt); } -static int vmx_load_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static int cf_check vmx_load_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { /* Not currently safe to use in current context. */ ASSERT(v != current); @@ -879,7 +881,7 @@ static void vmx_fpu_enter(struct vcpu *v) __vmwrite(HOST_CR0, v->arch.hvm.vmx.host_cr0); } -static void vmx_fpu_leave(struct vcpu *v) +static void cf_check vmx_fpu_leave(struct vcpu *v) { ASSERT(!v->fpu_dirtied); ASSERT(read_cr0() & X86_CR0_TS); @@ -956,7 +958,7 @@ unsigned int vmx_get_cpl(void) return (attr >> 5) & 3; } -static unsigned int _vmx_get_cpl(struct vcpu *v) +static unsigned int cf_check _vmx_get_cpl(struct vcpu *v) { unsigned int cpl; @@ -982,8 +984,8 @@ static unsigned int _vmx_get_cpl(struct vcpu *v) #define vm86_ds_attr 0xf3 #define vm86_tr_attr 0x8b -static void vmx_get_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check vmx_get_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { unsigned long attr = 0, sel = 0, limit; unsigned int tmp_seg; @@ -1084,8 +1086,8 @@ static void vmx_get_segment_register(struct vcpu *v, enum x86_segment seg, } } -static void vmx_set_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check vmx_set_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { uint32_t attr, sel, limit; uint64_t base; @@ -1174,12 +1176,12 @@ static void vmx_set_segment_register(struct vcpu *v, enum x86_segment seg, vmx_vmcs_exit(v); } -static unsigned long vmx_get_shadow_gs_base(struct vcpu *v) +static unsigned long cf_check vmx_get_shadow_gs_base(struct vcpu *v) { return v->arch.hvm.vmx.shadow_gs; } -static int vmx_set_guest_pat(struct vcpu *v, u64 gpat) +static int cf_check vmx_set_guest_pat(struct vcpu *v, u64 gpat) { if ( !paging_mode_hap(v->domain) || unlikely(v->arch.hvm.cache_mode == NO_FILL_CACHE_MODE) ) @@ -1191,7 +1193,7 @@ static int vmx_set_guest_pat(struct vcpu *v, u64 gpat) return 1; } -static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat) +static int cf_check vmx_get_guest_pat(struct vcpu *v, u64 *gpat) { if ( !paging_mode_hap(v->domain) || unlikely(v->arch.hvm.cache_mode == NO_FILL_CACHE_MODE) ) @@ -1203,7 +1205,7 @@ static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat) return 1; } -static void vmx_handle_cd(struct vcpu *v, unsigned long value) +static void cf_check vmx_handle_cd(struct vcpu *v, unsigned long value) { if ( !paging_mode_hap(v->domain) ) { @@ -1253,7 +1255,7 @@ static void vmx_handle_cd(struct vcpu *v, unsigned long value) } } -static void vmx_setup_tsc_scaling(struct vcpu *v) +static void cf_check vmx_setup_tsc_scaling(struct vcpu *v) { if ( v->domain->arch.vtsc ) return; @@ -1263,7 +1265,7 @@ static void vmx_setup_tsc_scaling(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) +static void cf_check vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) { vmx_vmcs_enter(v); @@ -1274,7 +1276,7 @@ static void vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) vmx_vmcs_exit(v); } -static void vmx_set_rdtsc_exiting(struct vcpu *v, bool_t enable) +static void cf_check vmx_set_rdtsc_exiting(struct vcpu *v, bool enable) { vmx_vmcs_enter(v); v->arch.hvm.vmx.exec_control &= ~CPU_BASED_RDTSC_EXITING; @@ -1284,7 +1286,8 @@ static void vmx_set_rdtsc_exiting(struct vcpu *v, bool_t enable) vmx_vmcs_exit(v); } -static void vmx_set_descriptor_access_exiting(struct vcpu *v, bool enable) +static void cf_check vmx_set_descriptor_access_exiting( + struct vcpu *v, bool enable) { if ( enable ) v->arch.hvm.vmx.secondary_exec_control |= @@ -1298,7 +1301,7 @@ static void vmx_set_descriptor_access_exiting(struct vcpu *v, bool enable) vmx_vmcs_exit(v); } -static void vmx_init_hypercall_page(void *p) +static void cf_check vmx_init_hypercall_page(void *p) { unsigned int i; @@ -1321,7 +1324,7 @@ static void vmx_init_hypercall_page(void *p) } } -static unsigned int vmx_get_interrupt_shadow(struct vcpu *v) +static unsigned int cf_check vmx_get_interrupt_shadow(struct vcpu *v) { unsigned long intr_shadow; @@ -1330,7 +1333,8 @@ static unsigned int vmx_get_interrupt_shadow(struct vcpu *v) return intr_shadow; } -static void vmx_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) +static void cf_check vmx_set_interrupt_shadow( + struct vcpu *v, unsigned int intr_shadow) { __vmwrite(GUEST_INTERRUPTIBILITY_INFO, intr_shadow); } @@ -1381,7 +1385,7 @@ static void vmx_load_pdptrs(struct vcpu *v) return; } -static void vmx_update_host_cr3(struct vcpu *v) +static void cf_check vmx_update_host_cr3(struct vcpu *v) { vmx_vmcs_enter(v); __vmwrite(HOST_CR3, v->arch.cr3); @@ -1400,8 +1404,8 @@ void vmx_update_debug_state(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, - unsigned int flags) +static void cf_check vmx_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags) { vmx_vmcs_enter(v); @@ -1603,7 +1607,7 @@ static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, vmx_vmcs_exit(v); } -static void vmx_update_guest_efer(struct vcpu *v) +static void cf_check vmx_update_guest_efer(struct vcpu *v) { unsigned long entry_ctls, guest_efer = v->arch.hvm.guest_efer, xen_efer = read_efer(); @@ -1705,7 +1709,8 @@ void nvmx_enqueue_n2_exceptions(struct vcpu *v, nvmx->intr.intr_info, nvmx->intr.error_code); } -static int nvmx_vmexit_event(struct vcpu *v, const struct x86_event *event) +static int cf_check nvmx_vmexit_event( + struct vcpu *v, const struct x86_event *event) { nvmx_enqueue_n2_exceptions(v, event->vector, event->error_code, hvm_intsrc_none); @@ -1791,7 +1796,7 @@ void vmx_inject_nmi(void) * - #DB is X86_EVENTTYPE_HW_EXCEPTION, except when generated by * opcode 0xf1 (which is X86_EVENTTYPE_PRI_SW_EXCEPTION) */ -static void vmx_inject_event(const struct x86_event *event) +static void cf_check vmx_inject_event(const struct x86_event *event) { unsigned long intr_info; struct vcpu *curr = current; @@ -1872,7 +1877,7 @@ static void vmx_inject_event(const struct x86_event *event) HVMTRACE_2D(INJ_EXC, _event.vector, _event.error_code); } -static bool vmx_event_pending(const struct vcpu *v) +static bool cf_check vmx_event_pending(const struct vcpu *v) { unsigned long intr_info; @@ -1882,7 +1887,7 @@ static bool vmx_event_pending(const struct vcpu *v) return intr_info & INTR_INFO_VALID_MASK; } -static void vmx_set_info_guest(struct vcpu *v) +static void cf_check vmx_set_info_guest(struct vcpu *v) { unsigned long intr_shadow; @@ -1910,7 +1915,8 @@ static void vmx_set_info_guest(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_update_eoi_exit_bitmap(struct vcpu *v, uint8_t vector, bool set) +static void cf_check vmx_update_eoi_exit_bitmap( + struct vcpu *v, uint8_t vector, bool set) { if ( set ) vmx_set_eoi_exit_bitmap(v, vector); @@ -1938,7 +1944,7 @@ static u8 set_svi(int isr) return old; } -static void vmx_process_isr(int isr, struct vcpu *v) +static void cf_check vmx_process_isr(int isr, struct vcpu *v) { unsigned int i; const struct vlapic *vlapic = vcpu_vlapic(v); @@ -2026,7 +2032,7 @@ static void __vmx_deliver_posted_interrupt(struct vcpu *v) } } -static void vmx_deliver_posted_intr(struct vcpu *v, u8 vector) +static void cf_check vmx_deliver_posted_intr(struct vcpu *v, u8 vector) { struct pi_desc old, new, prev; @@ -2073,7 +2079,7 @@ static void vmx_deliver_posted_intr(struct vcpu *v, u8 vector) __vmx_deliver_posted_interrupt(v); } -static void vmx_sync_pir_to_irr(struct vcpu *v) +static void cf_check vmx_sync_pir_to_irr(struct vcpu *v) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int group, i; @@ -2089,12 +2095,12 @@ static void vmx_sync_pir_to_irr(struct vcpu *v) vlapic_set_vector(i, &vlapic->regs->data[APIC_IRR]); } -static bool vmx_test_pir(const struct vcpu *v, uint8_t vec) +static bool cf_check vmx_test_pir(const struct vcpu *v, uint8_t vec) { return pi_test_pir(vec, &v->arch.hvm.vmx.pi_desc); } -static void vmx_handle_eoi(uint8_t vector, int isr) +static void cf_check vmx_handle_eoi(uint8_t vector, int isr) { uint8_t old_svi = set_svi(isr); static bool warned; @@ -2103,7 +2109,7 @@ static void vmx_handle_eoi(uint8_t vector, int isr) printk(XENLOG_WARNING "EOI for %02x but SVI=%02x\n", vector, old_svi); } -static void vmx_enable_msr_interception(struct domain *d, uint32_t msr) +static void cf_check vmx_enable_msr_interception(struct domain *d, uint32_t msr) { struct vcpu *v; @@ -2111,7 +2117,7 @@ static void vmx_enable_msr_interception(struct domain *d, uint32_t msr) vmx_set_msr_intercept(v, msr, VMX_MSR_W); } -static void vmx_vcpu_update_eptp(struct vcpu *v) +static void cf_check vmx_vcpu_update_eptp(struct vcpu *v) { struct domain *d = v->domain; struct p2m_domain *p2m = NULL; @@ -2136,7 +2142,7 @@ static void vmx_vcpu_update_eptp(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_vcpu_update_vmfunc_ve(struct vcpu *v) +static void cf_check vmx_vcpu_update_vmfunc_ve(struct vcpu *v) { struct domain *d = v->domain; u32 mask = SECONDARY_EXEC_ENABLE_VM_FUNCTIONS; @@ -2180,7 +2186,7 @@ static void vmx_vcpu_update_vmfunc_ve(struct vcpu *v) vmx_vmcs_exit(v); } -static int vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) +static int cf_check vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) { int rc = X86EMUL_EXCEPTION; struct vcpu *curr = current; @@ -2193,7 +2199,7 @@ static int vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) return rc; } -static bool_t vmx_vcpu_emulate_ve(struct vcpu *v) +static bool cf_check vmx_vcpu_emulate_ve(struct vcpu *v) { const struct page_info *pg = vcpu_altp2m(v).veinfo_pg; ve_info_t *veinfo; @@ -2230,7 +2236,8 @@ static bool_t vmx_vcpu_emulate_ve(struct vcpu *v) return rc; } -static bool vmx_get_pending_event(struct vcpu *v, struct x86_event *info) +static bool cf_check vmx_get_pending_event( + struct vcpu *v, struct x86_event *info) { unsigned long intr_info, error_code; @@ -2267,7 +2274,8 @@ static bool vmx_get_pending_event(struct vcpu *v, struct x86_event *info) (RTIT_STATUS_FILTER_EN | RTIT_STATUS_CONTEXT_EN | RTIT_STATUS_TRIGGER_EN | \ RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED) -static int vmtrace_get_option(struct vcpu *v, uint64_t key, uint64_t *output) +static int cf_check vmtrace_get_option( + struct vcpu *v, uint64_t key, uint64_t *output) { const struct vcpu_msrs *msrs = v->arch.msrs; @@ -2288,7 +2296,8 @@ static int vmtrace_get_option(struct vcpu *v, uint64_t key, uint64_t *output) return 0; } -static int vmtrace_set_option(struct vcpu *v, uint64_t key, uint64_t value) +static int cf_check vmtrace_set_option( + struct vcpu *v, uint64_t key, uint64_t value) { struct vcpu_msrs *msrs = v->arch.msrs; bool new_en, old_en = msrs->rtit.ctl & RTIT_CTL_TRACE_EN; @@ -2342,7 +2351,7 @@ static int vmtrace_set_option(struct vcpu *v, uint64_t key, uint64_t value) return 0; } -static int vmtrace_control(struct vcpu *v, bool enable, bool reset) +static int cf_check vmtrace_control(struct vcpu *v, bool enable, bool reset) { struct vcpu_msrs *msrs = v->arch.msrs; uint64_t new_ctl; @@ -2374,13 +2383,13 @@ static int vmtrace_control(struct vcpu *v, bool enable, bool reset) return 0; } -static int vmtrace_output_position(struct vcpu *v, uint64_t *pos) +static int cf_check vmtrace_output_position(struct vcpu *v, uint64_t *pos) { *pos = v->arch.msrs->rtit.output_offset; return v->arch.hvm.vmx.ipt_active; } -static int vmtrace_reset(struct vcpu *v) +static int cf_check vmtrace_reset(struct vcpu *v) { if ( !v->arch.hvm.vmx.ipt_active ) return -EINVAL; @@ -2390,7 +2399,7 @@ static int vmtrace_reset(struct vcpu *v) return 0; } -static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) +static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) { struct domain *d = v->domain; uint64_t val = 0; @@ -2429,7 +2438,7 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) return val; } -static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) +static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { struct domain *d = v->domain; int rc; @@ -2823,7 +2832,7 @@ void update_guest_eip(void) hvm_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } -static void vmx_fpu_dirty_intercept(void) +static void cf_check vmx_fpu_dirty_intercept(void) { struct vcpu *curr = current; @@ -2858,7 +2867,7 @@ static void vmx_invlpg_intercept(unsigned long linear) paging_invlpg(current, linear); } -static void vmx_invlpg(struct vcpu *v, unsigned long linear) +static void cf_check vmx_invlpg(struct vcpu *v, unsigned long linear) { if ( cpu_has_vmx_vpid ) vpid_sync_vcpu_gva(v, linear); @@ -3184,7 +3193,8 @@ static int is_last_branch_msr(u32 ecx) return 0; } -static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) +static int cf_check vmx_msr_read_intercept( + unsigned int msr, uint64_t *msr_content) { struct vcpu *curr = current; uint64_t tmp; @@ -3387,7 +3397,8 @@ void vmx_vlapic_msr_changed(struct vcpu *v) vmx_vmcs_exit(v); } -static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) +static int cf_check vmx_msr_write_intercept( + unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; const struct cpuid_policy *cp = v->domain->arch.cpuid; @@ -3587,7 +3598,7 @@ static void vmx_do_extint(struct cpu_user_regs *regs) do_IRQ(regs); } -static void vmx_wbinvd_intercept(void) +static void cf_check vmx_wbinvd_intercept(void) { if ( !cache_flush_permitted(current->domain) || iommu_snoop ) return; diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index 7419ee9dd0..5f54451475 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -62,7 +62,7 @@ void nvmx_cpu_dead(unsigned int cpu) XFREE(per_cpu(vvmcs_buf, cpu)); } -int nvmx_vcpu_initialise(struct vcpu *v) +int cf_check nvmx_vcpu_initialise(struct vcpu *v) { struct domain *d = v->domain; struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -150,7 +150,7 @@ int nvmx_vcpu_initialise(struct vcpu *v) return 0; } -void nvmx_vcpu_destroy(struct vcpu *v) +void cf_check nvmx_vcpu_destroy(struct vcpu *v) { struct nestedvmx *nvmx = &vcpu_2_nvmx(v); struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); @@ -199,7 +199,7 @@ static void vcpu_relinquish_resources(struct vcpu *v) FREE_XENHEAP_PAGE(nvmx->msr_merged); } -void nvmx_domain_relinquish_resources(struct domain *d) +void cf_check nvmx_domain_relinquish_resources(struct domain *d) { struct vcpu *v; @@ -210,17 +210,17 @@ void nvmx_domain_relinquish_resources(struct domain *d) } } -int nvmx_vcpu_reset(struct vcpu *v) +int cf_check nvmx_vcpu_reset(struct vcpu *v) { return 0; } -uint64_t nvmx_vcpu_eptp_base(struct vcpu *v) +uint64_t cf_check nvmx_vcpu_eptp_base(struct vcpu *v) { return get_vvmcs(v, EPT_POINTER) & PAGE_MASK; } -bool_t nvmx_ept_enabled(struct vcpu *v) +bool cf_check nvmx_ept_enabled(struct vcpu *v) { struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -514,7 +514,7 @@ static void vmfail(struct cpu_user_regs *regs, enum vmx_insn_errno errno) vmfail_invalid(regs); } -bool_t nvmx_intercepts_exception( +bool cf_check nvmx_intercepts_exception( struct vcpu *v, unsigned int vector, int error_code) { u32 exception_bitmap, pfec_match=0, pfec_mask=0; @@ -2346,7 +2346,7 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content) * walk is successful, the translated value is returned in * L1_gpa. The result value tells what to do next. */ -int nvmx_hap_walk_L1_p2m( +int cf_check nvmx_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec) { diff --git a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h index c3ef235414..656d7d1a9a 100644 --- a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h +++ b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h @@ -107,22 +107,22 @@ nestedsvm_check_intercepts(struct vcpu *v, struct cpu_user_regs *regs, void svm_nested_features_on_efer_update(struct vcpu *v); /* Interface methods */ -void nsvm_vcpu_destroy(struct vcpu *v); -int nsvm_vcpu_initialise(struct vcpu *v); -int nsvm_vcpu_reset(struct vcpu *v); +void cf_check nsvm_vcpu_destroy(struct vcpu *v); +int cf_check nsvm_vcpu_initialise(struct vcpu *v); +int cf_check nsvm_vcpu_reset(struct vcpu *v); int nsvm_vcpu_vmrun(struct vcpu *v, struct cpu_user_regs *regs); -int nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *event); -uint64_t nsvm_vcpu_hostcr3(struct vcpu *v); -bool_t nsvm_vmcb_guest_intercepts_event( +int cf_check nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *event); +uint64_t cf_check nsvm_vcpu_hostcr3(struct vcpu *v); +bool cf_check nsvm_vmcb_guest_intercepts_event( struct vcpu *v, unsigned int vector, int errcode); -bool_t nsvm_vmcb_hap_enabled(struct vcpu *v); -enum hvm_intblk nsvm_intr_blocked(struct vcpu *v); +bool cf_check nsvm_vmcb_hap_enabled(struct vcpu *v); +enum hvm_intblk cf_check nsvm_intr_blocked(struct vcpu *v); /* Interrupts, vGIF */ void svm_vmexit_do_clgi(struct cpu_user_regs *regs, struct vcpu *v); void svm_vmexit_do_stgi(struct cpu_user_regs *regs, struct vcpu *v); bool_t nestedsvm_gif_isset(struct vcpu *v); -int nsvm_hap_walk_L1_p2m( +int cf_check nsvm_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec); diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/asm/hvm/svm/svm.h index 09c32044ec..65e35a4f59 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -50,7 +50,6 @@ struct vcpu; unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); -void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); /* * PV context switch helpers. Prefetching the VMCB area itself has been shown diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 03c9ccf627..9119aa8536 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -22,10 +22,10 @@ extern void vmcs_dump_vcpu(struct vcpu *v); extern int vmx_vmcs_init(void); -extern int vmx_cpu_up_prepare(unsigned int cpu); -extern void vmx_cpu_dead(unsigned int cpu); -extern int vmx_cpu_up(void); -extern void vmx_cpu_down(void); +int cf_check vmx_cpu_up_prepare(unsigned int cpu); +void cf_check vmx_cpu_dead(unsigned int cpu); +int cf_check vmx_cpu_up(void); +void cf_check vmx_cpu_down(void); struct vmcs_struct { u32 vmcs_revision_id; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 97e7652aa1..5284fe931f 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -588,7 +588,7 @@ static inline int __vmxon(u64 addr) return rc; } -int vmx_guest_x86_mode(struct vcpu *v); +int cf_check vmx_guest_x86_mode(struct vcpu *v); unsigned int vmx_get_cpl(void); void vmx_inject_extint(int trap, uint8_t source); diff --git a/xen/arch/x86/include/asm/hvm/vmx/vvmx.h b/xen/arch/x86/include/asm/hvm/vmx/vvmx.h index e4ca3bc6ee..2c3adb5dd6 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vvmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vvmx.h @@ -84,23 +84,23 @@ union vmx_inst_info { u32 word; }; -int nvmx_vcpu_initialise(struct vcpu *v); -void nvmx_vcpu_destroy(struct vcpu *v); -int nvmx_vcpu_reset(struct vcpu *v); -uint64_t nvmx_vcpu_eptp_base(struct vcpu *v); -enum hvm_intblk nvmx_intr_blocked(struct vcpu *v); -bool_t nvmx_intercepts_exception( +int cf_check nvmx_vcpu_initialise(struct vcpu *v); +void cf_check nvmx_vcpu_destroy(struct vcpu *v); +int cf_check nvmx_vcpu_reset(struct vcpu *v); +uint64_t cf_check nvmx_vcpu_eptp_base(struct vcpu *v); +enum hvm_intblk cf_check nvmx_intr_blocked(struct vcpu *v); +bool cf_check nvmx_intercepts_exception( struct vcpu *v, unsigned int vector, int error_code); -void nvmx_domain_relinquish_resources(struct domain *d); +void cf_check nvmx_domain_relinquish_resources(struct domain *d); -bool_t nvmx_ept_enabled(struct vcpu *v); +bool cf_check nvmx_ept_enabled(struct vcpu *v); #define EPT_TRANSLATE_SUCCEED 0 #define EPT_TRANSLATE_VIOLATION 1 #define EPT_TRANSLATE_MISCONFIG 2 #define EPT_TRANSLATE_RETRY 3 -int nvmx_hap_walk_L1_p2m( +int cf_check nvmx_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:16:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:16:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277616.474260 (Exim 4.92) (envelope-from ) id 1nMuJP-0005IQ-Tz; Wed, 23 Feb 2022 16:16:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277616.474260; Wed, 23 Feb 2022 16:16:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJP-0005II-Qp; Wed, 23 Feb 2022 16:16:19 +0000 Received: by outflank-mailman (input) for mailman id 277616; Wed, 23 Feb 2022 16:16:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJP-0005Hx-7H for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJP-0005EJ-6U for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJP-0003y1-5k for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W9kNzkmF5MvS5hib/4CsVtOKTouDwvfmRXHHJi0dLfU=; b=OdcBVTSNFPJOHC9x+sH5v/OuEM 8CwJuHtUL3LW1Ivm+LmfeaqnT76MdSlRaUrW/Jrg26O4fgxn1HB9z/rQZfoHcUPg6DOUCVi5lVmBq YH55lea/sz12fmZDAur8njv1phREoUnGopeQKqiO+bKIoP1oiBicozsUbXhZeB7xLkJI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: CFI hardening for device emulation Message-Id: Date: Wed, 23 Feb 2022 16:16:19 +0000 commit ed907a02148f372c7ae918234d1d6c08c1b8ac4a Author: Andrew Cooper AuthorDate: Fri Oct 29 18:40:17 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: CFI hardening for device emulation Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/emul-i8254.c | 8 +++---- xen/arch/x86/hvm/emulate.c | 21 ++++++++--------- xen/arch/x86/hvm/hpet.c | 6 ++--- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/intercept.c | 28 +++++++++++++---------- xen/arch/x86/hvm/io.c | 38 +++++++++++++++++-------------- xen/arch/x86/hvm/ioreq.c | 2 +- xen/arch/x86/hvm/pmtimer.c | 4 ++-- xen/arch/x86/hvm/rtc.c | 6 ++--- xen/arch/x86/hvm/stdvga.c | 19 ++++++++-------- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/hvm/vioapic.c | 8 +++---- xen/arch/x86/hvm/vlapic.c | 11 +++++---- xen/arch/x86/hvm/vmsi.c | 14 +++++++----- xen/arch/x86/hvm/vpic.c | 4 ++-- xen/arch/x86/include/asm/hvm/vioapic.h | 2 +- xen/drivers/passthrough/amd/iommu_guest.c | 10 ++++---- 17 files changed, 98 insertions(+), 89 deletions(-) diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 050c784702..0e09a17318 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -48,9 +48,9 @@ #define RW_STATE_WORD0 3 #define RW_STATE_WORD1 4 -static int handle_pit_io( +static int cf_check handle_pit_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val); -static int handle_speaker_io( +static int cf_check handle_speaker_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val); #define get_guest_time(v) \ @@ -505,7 +505,7 @@ void pit_deinit(struct domain *d) } /* the intercept action for PIT DM retval:0--not handled; 1--handled */ -static int handle_pit_io( +static int cf_check handle_pit_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct PITState *vpit = vcpu_vpit(current); @@ -548,7 +548,7 @@ static uint32_t speaker_ioport_read( (pit_get_out(pit, 2) << 5) | (refresh_clock << 4)); } -static int handle_speaker_io( +static int cf_check handle_speaker_io( int dir, unsigned int port, uint32_t bytes, uint32_t *val) { struct PITState *vpit = vcpu_vpit(current); diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 2b3fb4d6ba..39dac7fd9d 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -71,19 +71,17 @@ static void hvmtrace_io_assist(const ioreq_t *p) trace_var(event, 0/*!cycles*/, size, buffer); } -static int null_read(const struct hvm_io_handler *io_handler, - uint64_t addr, - uint32_t size, - uint64_t *data) +static int cf_check null_read( + const struct hvm_io_handler *io_handler, uint64_t addr, uint32_t size, + uint64_t *data) { *data = ~0ul; return X86EMUL_OKAY; } -static int null_write(const struct hvm_io_handler *handler, - uint64_t addr, - uint32_t size, - uint64_t data) +static int cf_check null_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { return X86EMUL_OKAY; } @@ -114,10 +112,9 @@ static const struct hvm_io_handler null_handler = { .ops = &null_ops }; -static int ioreq_server_read(const struct hvm_io_handler *io_handler, - uint64_t addr, - uint32_t size, - uint64_t *data) +static int cf_check ioreq_server_read( + const struct hvm_io_handler *io_handler, uint64_t addr, uint32_t size, + uint64_t *data) { if ( hvm_copy_from_guest_phys(data, addr, size) != HVMTRANS_okay ) return X86EMUL_UNHANDLEABLE; diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 8267f0b8a2..7bdb51cfa1 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -162,7 +162,7 @@ static inline int hpet_check_access_length( return 0; } -static int hpet_read( +static int cf_check hpet_read( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long *pval) { @@ -351,7 +351,7 @@ static void timer_sanitize_int_route(HPETState *h, unsigned int tn) HPET_TN_ROUTE); } -static int hpet_write( +static int cf_check hpet_write( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long val) { @@ -569,7 +569,7 @@ static int hpet_write( return X86EMUL_OKAY; } -static int hpet_range(struct vcpu *v, unsigned long addr) +static int cf_check hpet_range(struct vcpu *v, unsigned long addr) { return ( (addr >= HPET_BASE_ADDRESS) && (addr < (HPET_BASE_ADDRESS + HPET_MMAP_SIZE)) ); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5ec10f3080..9e49246490 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -543,7 +543,7 @@ void hvm_do_resume(struct vcpu *v) } } -static int hvm_print_line( +static int cf_check hvm_print_line( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct domain *cd = current->domain; diff --git a/xen/arch/x86/hvm/intercept.c b/xen/arch/x86/hvm/intercept.c index 02ca3b05b0..ffa31b7467 100644 --- a/xen/arch/x86/hvm/intercept.c +++ b/xen/arch/x86/hvm/intercept.c @@ -32,8 +32,8 @@ #include #include -static bool_t hvm_mmio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check hvm_mmio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { paddr_t first = ioreq_mmio_first_byte(p), last; @@ -51,16 +51,18 @@ static bool_t hvm_mmio_accept(const struct hvm_io_handler *handler, return 1; } -static int hvm_mmio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check hvm_mmio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { BUG_ON(handler->type != IOREQ_TYPE_COPY); return handler->mmio.ops->read(current, addr, size, data); } -static int hvm_mmio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check hvm_mmio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { BUG_ON(handler->type != IOREQ_TYPE_COPY); @@ -73,8 +75,8 @@ static const struct hvm_io_ops mmio_ops = { .write = hvm_mmio_write }; -static bool_t hvm_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check hvm_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { unsigned int start = handler->portio.port; unsigned int end = start + handler->portio.size; @@ -84,8 +86,9 @@ static bool_t hvm_portio_accept(const struct hvm_io_handler *handler, return (p->addr >= start) && ((p->addr + p->size) <= end); } -static int hvm_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check hvm_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { uint32_t val = ~0u; int rc; @@ -98,8 +101,9 @@ static int hvm_portio_read(const struct hvm_io_handler *handler, return rc; } -static int hvm_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check hvm_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { uint32_t val = data; diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c index 93f1d1503f..f70bfde901 100644 --- a/xen/arch/x86/hvm/io.c +++ b/xen/arch/x86/hvm/io.c @@ -156,8 +156,8 @@ bool handle_pio(uint16_t port, unsigned int size, int dir) return true; } -static bool_t g2m_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check g2m_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { struct vcpu *curr = current; const struct hvm_domain *hvm = &curr->domain->arch.hvm; @@ -179,8 +179,9 @@ static bool_t g2m_portio_accept(const struct hvm_io_handler *handler, return 0; } -static int g2m_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check g2m_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { struct hvm_vcpu_io *hvio = ¤t->arch.hvm.hvm_io; const struct g2m_ioport *g2m_ioport = hvio->g2m_ioport; @@ -204,8 +205,9 @@ static int g2m_portio_read(const struct hvm_io_handler *handler, return X86EMUL_OKAY; } -static int g2m_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check g2m_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct hvm_vcpu_io *hvio = ¤t->arch.hvm.hvm_io; const struct g2m_ioport *g2m_ioport = hvio->g2m_ioport; @@ -261,14 +263,15 @@ unsigned int hvm_pci_decode_addr(unsigned int cf8, unsigned int addr, } /* vPCI config space IO ports handlers (0xcf8/0xcfc). */ -static bool vpci_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check vpci_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { return (p->addr == 0xcf8 && p->size == 4) || (p->addr & ~3) == 0xcfc; } -static int vpci_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check vpci_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { const struct domain *d = current->domain; unsigned int reg; @@ -299,8 +302,9 @@ static int vpci_portio_read(const struct hvm_io_handler *handler, return X86EMUL_OKAY; } -static int vpci_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check vpci_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct domain *d = current->domain; unsigned int reg; @@ -387,7 +391,7 @@ static unsigned int vpci_mmcfg_decode_addr(const struct hvm_mmcfg *mmcfg, return addr & (PCI_CFG_SPACE_EXP_SIZE - 1); } -static int vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) +static int cf_check vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) { struct domain *d = v->domain; bool found; @@ -399,8 +403,8 @@ static int vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) return found; } -static int vpci_mmcfg_read(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long *data) +static int cf_check vpci_mmcfg_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { struct domain *d = v->domain; const struct hvm_mmcfg *mmcfg; @@ -426,8 +430,8 @@ static int vpci_mmcfg_read(struct vcpu *v, unsigned long addr, return X86EMUL_OKAY; } -static int vpci_mmcfg_write(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long data) +static int cf_check vpci_mmcfg_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) { struct domain *d = v->domain; const struct hvm_mmcfg *mmcfg; diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 02ad9db565..8409d910d6 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -319,7 +319,7 @@ bool arch_ioreq_server_get_type_addr(const struct domain *d, return true; } -static int hvm_access_cf8( +static int cf_check hvm_access_cf8( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct domain *d = current->domain; diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 808819d1de..60e3c8de4c 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -152,7 +152,7 @@ static void cf_check pmt_timer_callback(void *opaque) } /* Handle port I/O to the PM1a_STS and PM1a_EN registers */ -static int handle_evt_io( +static int cf_check handle_evt_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct vcpu *v = current; @@ -216,7 +216,7 @@ static int handle_evt_io( /* Handle port I/O to the TMR_VAL register */ -static int handle_pmt_io( +static int cf_check handle_pmt_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct vcpu *v = current; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 09d3501276..bdc647e433 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -696,7 +696,7 @@ static uint32_t rtc_ioport_read(RTCState *s, uint32_t addr) return ret; } -static int handle_rtc_io( +static int cf_check handle_rtc_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct RTCState *vrtc = vcpu_vrtc(current); @@ -809,8 +809,8 @@ void rtc_reset(struct domain *d) } /* RTC mediator for HVM hardware domain. */ -static int hw_rtc_io(int dir, unsigned int port, unsigned int size, - uint32_t *val) +static int cf_check hw_rtc_io( + int dir, unsigned int port, unsigned int size, uint32_t *val) { if ( dir == IOREQ_READ ) *val = ~0; diff --git a/xen/arch/x86/hvm/stdvga.c b/xen/arch/x86/hvm/stdvga.c index ab9781d82a..be8200c8d0 100644 --- a/xen/arch/x86/hvm/stdvga.c +++ b/xen/arch/x86/hvm/stdvga.c @@ -199,7 +199,7 @@ static void stdvga_out(uint32_t port, uint32_t bytes, uint32_t val) } } -static int stdvga_intercept_pio( +static int cf_check stdvga_intercept_pio( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; @@ -302,8 +302,9 @@ static uint8_t stdvga_mem_readb(uint64_t addr) return ret; } -static int stdvga_mem_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *p_data) +static int cf_check stdvga_mem_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *p_data) { uint64_t data = ~0ul; @@ -453,9 +454,9 @@ static void stdvga_mem_writeb(uint64_t addr, uint32_t val) } } -static int stdvga_mem_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, - uint64_t data) +static int cf_check stdvga_mem_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; ioreq_t p = { @@ -514,8 +515,8 @@ static int stdvga_mem_write(const struct hvm_io_handler *handler, return ioreq_send(srv, &p, 1); } -static bool_t stdvga_mem_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check stdvga_mem_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; @@ -558,7 +559,7 @@ static bool_t stdvga_mem_accept(const struct hvm_io_handler *handler, return 0; } -static void stdvga_mem_complete(const struct hvm_io_handler *handler) +static void cf_check stdvga_mem_complete(const struct hvm_io_handler *handler) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index de6166241b..4c4ebda5e6 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1133,8 +1133,8 @@ static void svm_host_osvw_init(void) spin_unlock(&osvw_lock); } -static int acpi_c1e_quirk(int dir, unsigned int port, unsigned int bytes, - uint32_t *val) +static int cf_check acpi_c1e_quirk( + int dir, unsigned int port, unsigned int bytes, uint32_t *val) { ASSERT(bytes == 1 && port == acpi_smi_cmd); diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 553c0f76ef..b56549aa22 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -135,7 +135,7 @@ static uint32_t vioapic_read_indirect(const struct hvm_vioapic *vioapic) return result; } -static int vioapic_read( +static int cf_check vioapic_read( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long *pval) { @@ -351,7 +351,7 @@ static void vioapic_write_indirect( } } -static int vioapic_write( +static int cf_check vioapic_write( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long val) { @@ -383,7 +383,7 @@ static int vioapic_write( return X86EMUL_OKAY; } -static int vioapic_range(struct vcpu *v, unsigned long addr) +static int cf_check vioapic_range(struct vcpu *v, unsigned long addr) { return !!addr_vioapic(v->domain, addr); } @@ -568,7 +568,7 @@ int vioapic_get_mask(const struct domain *d, unsigned int gsi) return vioapic->redirtbl[pin].fields.mask; } -int vioapic_get_vector(const struct domain *d, unsigned int gsi) +int cf_check vioapic_get_vector(const struct domain *d, unsigned int gsi) { unsigned int pin = 0; /* See gsi_vioapic */ const struct hvm_vioapic *vioapic = gsi_vioapic(d, gsi, &pin); diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index fe375912be..652e3cb87f 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -615,8 +615,9 @@ static uint32_t vlapic_read_aligned(const struct vlapic *vlapic, return 0; } -static int vlapic_mmio_read(struct vcpu *v, unsigned long address, - unsigned int len, unsigned long *pval) +static int cf_check vlapic_mmio_read( + struct vcpu *v, unsigned long address, unsigned int len, + unsigned long *pval) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int offset = address - vlapic_base_address(vlapic); @@ -898,8 +899,8 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val) } } -static int vlapic_mmio_write(struct vcpu *v, unsigned long address, - unsigned int len, unsigned long val) +static int cf_check vlapic_mmio_write( + struct vcpu *v, unsigned long address, unsigned int len, unsigned long val) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int offset = address - vlapic_base_address(vlapic); @@ -1052,7 +1053,7 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t msr_content) return X86EMUL_OKAY; } -static int vlapic_range(struct vcpu *v, unsigned long addr) +static int cf_check vlapic_range(struct vcpu *v, unsigned long addr) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned long offset = addr - vlapic_base_address(vlapic); diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c index 2889575a20..d4a8c953e2 100644 --- a/xen/arch/x86/hvm/vmsi.c +++ b/xen/arch/x86/hvm/vmsi.c @@ -211,8 +211,9 @@ static struct msi_desc *msixtbl_addr_to_desc( return NULL; } -static int msixtbl_read(const struct hvm_io_handler *handler, - uint64_t address, uint32_t len, uint64_t *pval) +static int cf_check msixtbl_read( + const struct hvm_io_handler *handler, uint64_t address, uint32_t len, + uint64_t *pval) { unsigned long offset; struct msixtbl_entry *entry; @@ -350,14 +351,15 @@ out: return r; } -static int _msixtbl_write(const struct hvm_io_handler *handler, - uint64_t address, uint32_t len, uint64_t val) +static int cf_check _msixtbl_write( + const struct hvm_io_handler *handler, uint64_t address, uint32_t len, + uint64_t val) { return msixtbl_write(current, address, len, val); } -static bool_t msixtbl_range(const struct hvm_io_handler *handler, - const ioreq_t *r) +static bool cf_check msixtbl_range( + const struct hvm_io_handler *handler, const ioreq_t *r) { struct vcpu *curr = current; unsigned long addr = r->addr; diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 91c2c69833..5d8ef259b7 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -351,7 +351,7 @@ static uint32_t vpic_ioport_read(struct hvm_hw_vpic *vpic, uint32_t addr) return vpic->imr; } -static int vpic_intercept_pic_io( +static int cf_check vpic_intercept_pic_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_vpic *vpic; @@ -373,7 +373,7 @@ static int vpic_intercept_pic_io( return X86EMUL_OKAY; } -static int vpic_intercept_elcr_io( +static int cf_check vpic_intercept_elcr_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_vpic *vpic; diff --git a/xen/arch/x86/include/asm/hvm/vioapic.h b/xen/arch/x86/include/asm/hvm/vioapic.h index 36b64d20d6..2944ec20dd 100644 --- a/xen/arch/x86/include/asm/hvm/vioapic.h +++ b/xen/arch/x86/include/asm/hvm/vioapic.h @@ -66,7 +66,7 @@ void vioapic_irq_positive_edge(struct domain *d, unsigned int irq); void vioapic_update_EOI(struct domain *d, u8 vector); int vioapic_get_mask(const struct domain *d, unsigned int gsi); -int vioapic_get_vector(const struct domain *d, unsigned int gsi); +int cf_check vioapic_get_vector(const struct domain *d, unsigned int gsi); int vioapic_get_trigger_mode(const struct domain *d, unsigned int gsi); #endif /* __ASM_X86_HVM_VIOAPIC_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c index 361ff864d8..80a331f546 100644 --- a/xen/drivers/passthrough/amd/iommu_guest.c +++ b/xen/drivers/passthrough/amd/iommu_guest.c @@ -645,8 +645,8 @@ static uint64_t iommu_mmio_read64(struct guest_iommu *iommu, return val; } -static int guest_iommu_mmio_read(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long *pval) +static int cf_check guest_iommu_mmio_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *pval) { struct guest_iommu *iommu = vcpu_iommu(v); unsigned long offset; @@ -735,8 +735,8 @@ static void guest_iommu_mmio_write64(struct guest_iommu *iommu, } } -static int guest_iommu_mmio_write(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long val) +static int cf_check guest_iommu_mmio_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long val) { struct guest_iommu *iommu = vcpu_iommu(v); unsigned long offset; @@ -819,7 +819,7 @@ static void guest_iommu_reg_init(struct guest_iommu *iommu) iommu->reg_ext_feature = ef; } -static int guest_iommu_mmio_range(struct vcpu *v, unsigned long addr) +static int cf_check guest_iommu_mmio_range(struct vcpu *v, unsigned long addr) { struct guest_iommu *iommu = vcpu_iommu(v); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:16:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:16:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277617.474263 (Exim 4.92) (envelope-from ) id 1nMuJZ-0005MD-Vg; Wed, 23 Feb 2022 16:16:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277617.474263; Wed, 23 Feb 2022 16:16:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJZ-0005M5-Sd; Wed, 23 Feb 2022 16:16:29 +0000 Received: by outflank-mailman (input) for mailman id 277617; Wed, 23 Feb 2022 16:16:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJZ-0005Lv-Bu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJZ-0005ET-BE for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJZ-0003z3-AQ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uGPpbosxtXbK5H1JxzvMZeTEGDtVrmS3QU4ZESeD7qA=; b=BuIT1MDWy2tDl05hrvqiBYqtdf tMXG+qQbNVU08EZuHvjEgs3cB/BxWL+BfRaACGOCUbEL0qT8r2GYvaYyEPDMWroDwbLUHI22lyQ0p Hj2h73a2grgE5sAPajcQVFAHE5RzM5jFlApRy+ACe6aNpobzNk6VSZ8jxLgraiQ+hUeE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/emul: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:16:29 +0000 commit d5905b4ddea8f4e023be7c2ed89747b82a3766cd Author: Andrew Cooper AuthorDate: Fri Oct 29 17:28:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/emul: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. pv_emul_is_mem_write() is only used in a single file. Move it out of its header file, so it doesn't risk being duplicated in multiple translation units. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/emulate.c | 72 +++++++++++++++++----------------- xen/arch/x86/hvm/hvm.c | 8 ++-- xen/arch/x86/hvm/svm/svm.c | 4 +- xen/arch/x86/include/asm/hvm/emulate.h | 8 ++-- xen/arch/x86/include/asm/mm.h | 16 +++----- xen/arch/x86/mm.c | 4 +- xen/arch/x86/mm/shadow/hvm.c | 8 ++-- xen/arch/x86/pv/emul-gate-op.c | 9 +++-- xen/arch/x86/pv/emul-priv-op.c | 64 +++++++++++++++--------------- xen/arch/x86/pv/emulate.h | 7 ---- xen/arch/x86/pv/ro-page-fault.c | 31 +++++++++------ xen/arch/x86/x86_emulate.c | 21 +++++----- xen/arch/x86/x86_emulate/x86_emulate.c | 10 ++--- xen/arch/x86/x86_emulate/x86_emulate.h | 33 ++++++++-------- 14 files changed, 148 insertions(+), 147 deletions(-) diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 39dac7fd9d..e8d510e0be 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -1272,7 +1272,7 @@ static int __hvmemul_read( return linear_read(addr, bytes, p_data, pfec, hvmemul_ctxt); } -static int hvmemul_read( +static int cf_check hvmemul_read( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1290,7 +1290,7 @@ static int hvmemul_read( container_of(ctxt, struct hvm_emulate_ctxt, ctxt)); } -int hvmemul_insn_fetch( +int cf_check hvmemul_insn_fetch( unsigned long offset, void *p_data, unsigned int bytes, @@ -1336,7 +1336,7 @@ int hvmemul_insn_fetch( return X86EMUL_OKAY; } -static int hvmemul_write( +static int cf_check hvmemul_write( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1384,7 +1384,7 @@ static int hvmemul_write( return X86EMUL_OKAY; } -static int hvmemul_rmw( +static int cf_check hvmemul_rmw( enum x86_segment seg, unsigned long offset, unsigned int bytes, @@ -1437,7 +1437,7 @@ static int hvmemul_rmw( return rc; } -static int hvmemul_blk( +static int cf_check hvmemul_blk( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1478,7 +1478,7 @@ static int hvmemul_blk( return rc; } -static int hvmemul_write_discard( +static int cf_check hvmemul_write_discard( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1489,7 +1489,7 @@ static int hvmemul_write_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_ins_discard( +static int cf_check hvmemul_rep_ins_discard( uint16_t src_port, enum x86_segment dst_seg, unsigned long dst_offset, @@ -1500,7 +1500,7 @@ static int hvmemul_rep_ins_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_movs_discard( +static int cf_check hvmemul_rep_movs_discard( enum x86_segment src_seg, unsigned long src_offset, enum x86_segment dst_seg, @@ -1512,7 +1512,7 @@ static int hvmemul_rep_movs_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_stos_discard( +static int cf_check hvmemul_rep_stos_discard( void *p_data, enum x86_segment seg, unsigned long offset, @@ -1523,7 +1523,7 @@ static int hvmemul_rep_stos_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_outs_discard( +static int cf_check hvmemul_rep_outs_discard( enum x86_segment src_seg, unsigned long src_offset, uint16_t dst_port, @@ -1534,7 +1534,7 @@ static int hvmemul_rep_outs_discard( return X86EMUL_OKAY; } -static int hvmemul_cmpxchg_discard( +static int cf_check hvmemul_cmpxchg_discard( enum x86_segment seg, unsigned long offset, void *p_old, @@ -1546,7 +1546,7 @@ static int hvmemul_cmpxchg_discard( return X86EMUL_OKAY; } -static int hvmemul_read_io_discard( +static int cf_check hvmemul_read_io_discard( unsigned int port, unsigned int bytes, unsigned long *val, @@ -1555,7 +1555,7 @@ static int hvmemul_read_io_discard( return X86EMUL_OKAY; } -static int hvmemul_write_io_discard( +static int cf_check hvmemul_write_io_discard( unsigned int port, unsigned int bytes, unsigned long val, @@ -1564,7 +1564,7 @@ static int hvmemul_write_io_discard( return X86EMUL_OKAY; } -static int hvmemul_write_msr_discard( +static int cf_check hvmemul_write_msr_discard( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -1572,7 +1572,7 @@ static int hvmemul_write_msr_discard( return X86EMUL_OKAY; } -static int hvmemul_cache_op_discard( +static int cf_check hvmemul_cache_op_discard( enum x86emul_cache_op op, enum x86_segment seg, unsigned long offset, @@ -1581,7 +1581,7 @@ static int hvmemul_cache_op_discard( return X86EMUL_OKAY; } -static int hvmemul_cmpxchg( +static int cf_check hvmemul_cmpxchg( enum x86_segment seg, unsigned long offset, void *p_old, @@ -1675,7 +1675,7 @@ static int hvmemul_cmpxchg( return rc; } -static int hvmemul_validate( +static int cf_check hvmemul_validate( const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) { @@ -1688,7 +1688,7 @@ static int hvmemul_validate( ? X86EMUL_OKAY : X86EMUL_UNHANDLEABLE; } -static int hvmemul_rep_ins( +static int cf_check hvmemul_rep_ins( uint16_t src_port, enum x86_segment dst_seg, unsigned long dst_offset, @@ -1766,7 +1766,7 @@ static int hvmemul_rep_outs_set_context( return rc; } -static int hvmemul_rep_outs( +static int cf_check hvmemul_rep_outs( enum x86_segment src_seg, unsigned long src_offset, uint16_t dst_port, @@ -1807,7 +1807,7 @@ static int hvmemul_rep_outs( !!(ctxt->regs->eflags & X86_EFLAGS_DF), gpa); } -static int hvmemul_rep_movs( +static int cf_check hvmemul_rep_movs( enum x86_segment src_seg, unsigned long src_offset, enum x86_segment dst_seg, @@ -1977,7 +1977,7 @@ static int hvmemul_rep_movs( return X86EMUL_UNHANDLEABLE; } -static int hvmemul_rep_stos( +static int cf_check hvmemul_rep_stos( void *p_data, enum x86_segment seg, unsigned long offset, @@ -2105,7 +2105,7 @@ static int hvmemul_rep_stos( } } -static int hvmemul_read_segment( +static int cf_check hvmemul_read_segment( enum x86_segment seg, struct segment_register *reg, struct x86_emulate_ctxt *ctxt) @@ -2122,7 +2122,7 @@ static int hvmemul_read_segment( return X86EMUL_OKAY; } -static int hvmemul_write_segment( +static int cf_check hvmemul_write_segment( enum x86_segment seg, const struct segment_register *reg, struct x86_emulate_ctxt *ctxt) @@ -2141,7 +2141,7 @@ static int hvmemul_write_segment( return X86EMUL_OKAY; } -static int hvmemul_read_io( +static int cf_check hvmemul_read_io( unsigned int port, unsigned int bytes, unsigned long *val, @@ -2158,7 +2158,7 @@ static int hvmemul_read_io( return hvmemul_do_pio_buffer(port, bytes, IOREQ_READ, val); } -static int hvmemul_write_io( +static int cf_check hvmemul_write_io( unsigned int port, unsigned int bytes, unsigned long val, @@ -2167,7 +2167,7 @@ static int hvmemul_write_io( return hvmemul_do_pio_buffer(port, bytes, IOREQ_WRITE, &val); } -static int hvmemul_read_cr( +static int cf_check hvmemul_read_cr( unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) @@ -2188,7 +2188,7 @@ static int hvmemul_read_cr( return X86EMUL_UNHANDLEABLE; } -static int hvmemul_write_cr( +static int cf_check hvmemul_write_cr( unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) @@ -2232,7 +2232,7 @@ static int hvmemul_write_cr( return rc; } -static int hvmemul_read_xcr( +static int cf_check hvmemul_read_xcr( unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) @@ -2245,7 +2245,7 @@ static int hvmemul_read_xcr( return rc; } -static int hvmemul_write_xcr( +static int cf_check hvmemul_write_xcr( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -2255,7 +2255,7 @@ static int hvmemul_write_xcr( return x86emul_write_xcr(reg, val, ctxt); } -static int hvmemul_read_msr( +static int cf_check hvmemul_read_msr( unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) @@ -2268,7 +2268,7 @@ static int hvmemul_read_msr( return rc; } -static int hvmemul_write_msr( +static int cf_check hvmemul_write_msr( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -2281,7 +2281,7 @@ static int hvmemul_write_msr( return rc; } -static int hvmemul_cache_op( +static int cf_check hvmemul_cache_op( enum x86emul_cache_op op, enum x86_segment seg, unsigned long offset, @@ -2353,7 +2353,7 @@ static int hvmemul_cache_op( return X86EMUL_OKAY; } -static int hvmemul_get_fpu( +static int cf_check hvmemul_get_fpu( enum x86_emulate_fpu_type type, struct x86_emulate_ctxt *ctxt) { @@ -2395,7 +2395,7 @@ static int hvmemul_get_fpu( return X86EMUL_OKAY; } -static void hvmemul_put_fpu( +static void cf_check hvmemul_put_fpu( struct x86_emulate_ctxt *ctxt, enum x86_emulate_fpu_type backout, const struct x86_emul_fpu_aux *aux) @@ -2482,7 +2482,7 @@ static void hvmemul_put_fpu( } } -static int hvmemul_tlb_op( +static int cf_check hvmemul_tlb_op( enum x86emul_tlb_op op, unsigned long addr, unsigned long aux, @@ -2539,7 +2539,7 @@ static int hvmemul_tlb_op( return rc; } -static int hvmemul_vmfunc( +static int cf_check hvmemul_vmfunc( struct x86_emulate_ctxt *ctxt) { int rc; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 9e49246490..e87e809a94 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3755,8 +3755,8 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) } } -static bool is_sysdesc_access(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_sysdesc_access( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { unsigned int ext; int mode = x86_insn_modrm(state, NULL, &ext); @@ -3796,8 +3796,8 @@ int hvm_descriptor_access_intercept(uint64_t exit_info, return X86EMUL_OKAY; } -static bool is_cross_vendor(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_cross_vendor( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { switch ( ctxt->opcode ) { diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 4c4ebda5e6..dedb2848e6 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2447,8 +2447,8 @@ static void svm_invlpg_intercept(unsigned long linear) paging_invlpg(current, linear); } -static bool is_invlpg(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_invlpg( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { unsigned int ext; diff --git a/xen/arch/x86/include/asm/hvm/emulate.h b/xen/arch/x86/include/asm/hvm/emulate.h index e670040603..d8ba2df4e4 100644 --- a/xen/arch/x86/include/asm/hvm/emulate.h +++ b/xen/arch/x86/include/asm/hvm/emulate.h @@ -92,10 +92,10 @@ static inline bool handle_mmio(void) return hvm_emulate_one_insn(x86_insn_is_mem_access, "MMIO"); } -int hvmemul_insn_fetch(unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); +int cf_check hvmemul_insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt); + int hvmemul_do_pio_buffer(uint16_t port, unsigned int size, uint8_t dir, diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index bdde24d2ce..f2f7b6902c 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -538,16 +538,12 @@ struct mmio_ro_emulate_ctxt { unsigned int seg, bdf; }; -extern int mmio_ro_emulated_write(enum x86_segment seg, - unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); -extern int mmcfg_intercept_write(enum x86_segment seg, - unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); +int cf_check mmio_ro_emulated_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt); +int cf_check mmcfg_intercept_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt); int audit_adjust_pgtables(struct domain *d, int dir, int noisy); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 0665095d23..2befd0c191 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4852,7 +4852,7 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return 0; } -int mmio_ro_emulated_write( +int cf_check mmio_ro_emulated_write( enum x86_segment seg, unsigned long offset, void *p_data, @@ -4873,7 +4873,7 @@ int mmio_ro_emulated_write( return X86EMUL_OKAY; } -int mmcfg_intercept_write( +int cf_check mmcfg_intercept_write( enum x86_segment seg, unsigned long offset, void *p_data, diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index f2991bc176..c90d326bec 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -148,7 +148,7 @@ hvm_read(enum x86_segment seg, return X86EMUL_UNHANDLEABLE; } -static int +static int cf_check hvm_emulate_read(enum x86_segment seg, unsigned long offset, void *p_data, @@ -161,7 +161,7 @@ hvm_emulate_read(enum x86_segment seg, container_of(ctxt, struct sh_emulate_ctxt, ctxt)); } -static int +static int cf_check hvm_emulate_insn_fetch(unsigned long offset, void *p_data, unsigned int bytes, @@ -181,7 +181,7 @@ hvm_emulate_insn_fetch(unsigned long offset, return X86EMUL_OKAY; } -static int +static int cf_check hvm_emulate_write(enum x86_segment seg, unsigned long offset, void *p_data, @@ -234,7 +234,7 @@ hvm_emulate_write(enum x86_segment seg, return X86EMUL_OKAY; } -static int +static int cf_check hvm_emulate_cmpxchg(enum x86_segment seg, unsigned long offset, void *p_old, diff --git a/xen/arch/x86/pv/emul-gate-op.c b/xen/arch/x86/pv/emul-gate-op.c index 68ec4d11f6..758a20ad9d 100644 --- a/xen/arch/x86/pv/emul-gate-op.c +++ b/xen/arch/x86/pv/emul-gate-op.c @@ -96,8 +96,9 @@ struct gate_op_ctxt { bool insn_fetch; }; -static int read_mem(enum x86_segment seg, unsigned long offset, void *p_data, - unsigned int bytes, struct x86_emulate_ctxt *ctxt) +static int cf_check read_mem( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { const struct gate_op_ctxt *goc = container_of(ctxt, struct gate_op_ctxt, ctxt); @@ -163,8 +164,8 @@ static int read_mem(enum x86_segment seg, unsigned long offset, void *p_data, return X86EMUL_OKAY; } -static int fetch(unsigned long offset, void *p_data, - unsigned int bytes, struct x86_emulate_ctxt *ctxt) +static int cf_check fetch(unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { return read_mem(x86_seg_cs, offset, p_data, bytes, ctxt); } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index c78be6d92b..c46c072f93 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -358,8 +358,9 @@ static unsigned int check_guest_io_breakpoint(struct vcpu *v, return match; } -static int read_io(unsigned int port, unsigned int bytes, - unsigned long *val, struct x86_emulate_ctxt *ctxt) +static int cf_check read_io( + unsigned int port, unsigned int bytes, unsigned long *val, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -462,8 +463,9 @@ static void guest_io_write(unsigned int port, unsigned int bytes, } } -static int write_io(unsigned int port, unsigned int bytes, - unsigned long val, struct x86_emulate_ctxt *ctxt) +static int cf_check write_io( + unsigned int port, unsigned int bytes, unsigned long val, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -493,9 +495,9 @@ static int write_io(unsigned int port, unsigned int bytes, return X86EMUL_OKAY; } -static int read_segment(enum x86_segment seg, - struct segment_register *reg, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_segment( + enum x86_segment seg, struct segment_register *reg, + struct x86_emulate_ctxt *ctxt) { /* Check if this is an attempt to access the I/O bitmap. */ if ( seg == x86_seg_tr ) @@ -607,10 +609,10 @@ static int pv_emul_virt_to_linear(unsigned long base, unsigned long offset, return rc; } -static int rep_ins(uint16_t port, - enum x86_segment seg, unsigned long offset, - unsigned int bytes_per_rep, unsigned long *reps, - struct x86_emulate_ctxt *ctxt) +static int cf_check rep_ins( + uint16_t port, enum x86_segment seg, unsigned long offset, + unsigned int bytes_per_rep, unsigned long *reps, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -675,10 +677,10 @@ static int rep_ins(uint16_t port, return X86EMUL_OKAY; } -static int rep_outs(enum x86_segment seg, unsigned long offset, - uint16_t port, - unsigned int bytes_per_rep, unsigned long *reps, - struct x86_emulate_ctxt *ctxt) +static int cf_check rep_outs( + enum x86_segment seg, unsigned long offset, uint16_t port, + unsigned int bytes_per_rep, unsigned long *reps, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -744,8 +746,8 @@ static int rep_outs(enum x86_segment seg, unsigned long offset, return X86EMUL_OKAY; } -static int read_cr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_cr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) { const struct vcpu *curr = current; @@ -787,8 +789,8 @@ static int read_cr(unsigned int reg, unsigned long *val, return X86EMUL_UNHANDLEABLE; } -static int write_cr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt) +static int cf_check write_cr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -871,8 +873,8 @@ static uint64_t guest_efer(const struct domain *d) return val; } -static int read_msr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_msr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; const struct domain *currd = curr->domain; @@ -1020,8 +1022,8 @@ static int read_msr(unsigned int reg, uint64_t *val, return ret; } -static int write_msr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt) +static int cf_check write_msr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; const struct domain *currd = curr->domain; @@ -1188,8 +1190,9 @@ static int write_msr(unsigned int reg, uint64_t val, return X86EMUL_UNHANDLEABLE; } -static int cache_op(enum x86emul_cache_op op, enum x86_segment seg, - unsigned long offset, struct x86_emulate_ctxt *ctxt) +static int cf_check cache_op( + enum x86emul_cache_op op, enum x86_segment seg, + unsigned long offset, struct x86_emulate_ctxt *ctxt) { ASSERT(op == x86emul_wbinvd || op == x86emul_wbnoinvd); @@ -1208,8 +1211,8 @@ static int cache_op(enum x86emul_cache_op op, enum x86_segment seg, return X86EMUL_OKAY; } -static int validate(const struct x86_emulate_state *state, - struct x86_emulate_ctxt *ctxt) +static int cf_check validate( + const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) { switch ( ctxt->opcode ) { @@ -1258,10 +1261,9 @@ static int validate(const struct x86_emulate_state *state, return X86EMUL_UNHANDLEABLE; } -static int insn_fetch(unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt) { const struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); diff --git a/xen/arch/x86/pv/emulate.h b/xen/arch/x86/pv/emulate.h index 4b845b08e3..49a4d34832 100644 --- a/xen/arch/x86/pv/emulate.h +++ b/xen/arch/x86/pv/emulate.h @@ -12,13 +12,6 @@ int pv_emul_read_descriptor(unsigned int sel, const struct vcpu *v, void pv_emul_instruction_done(struct cpu_user_regs *regs, unsigned long rip); -static inline int pv_emul_is_mem_write(const struct x86_emulate_state *state, - struct x86_emulate_ctxt *ctxt) -{ - return x86_insn_is_mem_write(state, ctxt) ? X86EMUL_OKAY - : X86EMUL_UNHANDLEABLE; -} - /* Return a pointer to the GDT/LDT descriptor referenced by sel. */ static inline const seg_desc_t *gdt_ldt_desc_ptr(unsigned int sel) { diff --git a/xen/arch/x86/pv/ro-page-fault.c b/xen/arch/x86/pv/ro-page-fault.c index ef4d146c1d..5963f5ee2d 100644 --- a/xen/arch/x86/pv/ro-page-fault.c +++ b/xen/arch/x86/pv/ro-page-fault.c @@ -26,6 +26,13 @@ #include "emulate.h" #include "mm.h" +static int cf_check pv_emul_is_mem_write( + const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) +{ + return x86_insn_is_mem_write(state, ctxt) ? X86EMUL_OKAY + : X86EMUL_UNHANDLEABLE; +} + /********************* * Writable Pagetables */ @@ -35,9 +42,9 @@ struct ptwr_emulate_ctxt { l1_pgentry_t pte; }; -static int ptwr_emulated_read(enum x86_segment seg, unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_read( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { unsigned int rc = bytes; unsigned long addr = offset; @@ -52,9 +59,9 @@ static int ptwr_emulated_read(enum x86_segment seg, unsigned long offset, return X86EMUL_OKAY; } -static int ptwr_emulated_insn_fetch(unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt) { unsigned int rc = copy_from_guest_pv(p_data, (void *)offset, bytes); @@ -218,9 +225,9 @@ static int ptwr_emulated_update(unsigned long addr, intpte_t *p_old, return X86EMUL_OKAY; } -static int ptwr_emulated_write(enum x86_segment seg, unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { intpte_t val = 0; @@ -236,9 +243,9 @@ static int ptwr_emulated_write(enum x86_segment seg, unsigned long offset, return ptwr_emulated_update(offset, NULL, val, bytes, ctxt); } -static int ptwr_emulated_cmpxchg(enum x86_segment seg, unsigned long offset, - void *p_old, void *p_new, unsigned int bytes, - bool lock, struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_cmpxchg( + enum x86_segment seg, unsigned long offset, void *p_old, void *p_new, + unsigned int bytes, bool lock, struct x86_emulate_ctxt *ctxt) { intpte_t old = 0, new = 0; int rc; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..60191a94dc 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -53,8 +53,8 @@ #include "x86_emulate/x86_emulate.c" -int x86emul_read_xcr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_read_xcr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) { switch ( reg ) { @@ -77,8 +77,8 @@ int x86emul_read_xcr(unsigned int reg, uint64_t *val, } /* Note: May be called with ctxt=NULL. */ -int x86emul_write_xcr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_write_xcr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) { switch ( reg ) { @@ -100,8 +100,8 @@ int x86emul_write_xcr(unsigned int reg, uint64_t val, #ifdef CONFIG_PV /* Called with NULL ctxt in hypercall context. */ -int x86emul_read_dr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_read_dr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -143,8 +143,8 @@ int x86emul_read_dr(unsigned int reg, unsigned long *val, return X86EMUL_OKAY; } -int x86emul_write_dr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_write_dr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -167,8 +167,9 @@ int x86emul_write_dr(unsigned int reg, unsigned long val, } #endif /* CONFIG_PV */ -int x86emul_cpuid(uint32_t leaf, uint32_t subleaf, - struct cpuid_leaf *res, struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_cpuid( + uint32_t leaf, uint32_t subleaf, struct cpuid_leaf *res, + struct x86_emulate_ctxt *ctxt) { guest_cpuid(current, leaf, subleaf, res); diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 2ba54c6151..6c0d18954a 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -2524,7 +2524,7 @@ static void adjust_bnd(struct x86_emulate_ctxt *ctxt, done:; } -int x86emul_unhandleable_rw( +int cf_check x86emul_unhandleable_rw( enum x86_segment seg, unsigned long offset, void *p_data, @@ -12320,7 +12320,7 @@ x86_insn_operand_ea(const struct x86_emulate_state *state, * memory operand (like POP), but it does not mean e.g. segment selector * loads, where the descriptor table access is considered an implicit one. */ -bool +bool cf_check x86_insn_is_mem_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12412,7 +12412,7 @@ x86_insn_is_mem_access(const struct x86_emulate_state *state, * loads, where the (possible) descriptor table write is considered an * implicit access. */ -bool +bool cf_check x86_insn_is_mem_write(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12584,7 +12584,7 @@ x86_insn_is_mem_write(const struct x86_emulate_state *state, return false; } -bool +bool cf_check x86_insn_is_portio(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12599,7 +12599,7 @@ x86_insn_is_portio(const struct x86_emulate_state *state, return false; } -bool +bool cf_check x86_insn_is_cr_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 419def8790..4732855c40 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -737,7 +737,7 @@ static inline unsigned long *decode_gpr(struct cpu_user_regs *regs, } /* Unhandleable read, write or instruction fetch */ -int +int cf_check x86emul_unhandleable_rw( enum x86_segment seg, unsigned long offset, @@ -766,16 +766,16 @@ x86_insn_immediate(const struct x86_emulate_state *state, unsigned int x86_insn_length(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_mem_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_mem_write(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_portio(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_cr_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); @@ -787,17 +787,18 @@ void x86_emulate_free_state(struct x86_emulate_state *state); #ifdef __XEN__ -int x86emul_read_xcr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt); -int x86emul_write_xcr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt); - -int x86emul_read_dr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt); -int x86emul_write_dr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt); -int x86emul_cpuid(uint32_t leaf, uint32_t subleaf, - struct cpuid_leaf *res, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_read_xcr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_write_xcr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt); + +int cf_check x86emul_read_dr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_write_dr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_cpuid( + uint32_t leaf, uint32_t subleaf, struct cpuid_leaf *res, + struct x86_emulate_ctxt *ctxt); #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:16:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:16:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277618.474267 (Exim 4.92) (envelope-from ) id 1nMuJk-0005QZ-2o; Wed, 23 Feb 2022 16:16:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277618.474267; Wed, 23 Feb 2022 16:16:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJj-0005QM-Vu; Wed, 23 Feb 2022 16:16:39 +0000 Received: by outflank-mailman (input) for mailman id 277618; Wed, 23 Feb 2022 16:16:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJj-0005QD-F1 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJj-0005FR-EK for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJj-0003zn-Db for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m7ObKETitwc/zA4xTremPwlQg/g67P17RaeF+uSt8zw=; b=GjlT54w157nW+LFPVRat+DGrLD 1oYv+xMJX1rZK+RfnBB0TKTpFky4OhchHpoFTwWuvQd/h2R+58aX9gseNAOwlLbFfiZoXeC1T3FBk igkFfERmaLMgQBTJwOo7Km/xkZTdvmQYAME16B/5mNRiDVHV2Ml1diHg0FWdq59j0eDo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ucode: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:16:39 +0000 commit ce25a24c1f5e93bd17275a063d96a00205498111 Author: Andrew Cooper AuthorDate: Thu Oct 28 11:35:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/ucode: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 9 +++++---- xen/arch/x86/cpu/microcode/core.c | 4 ++-- xen/arch/x86/cpu/microcode/intel.c | 10 +++++----- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index fe92e594f1..0afa2192bf 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -91,7 +91,7 @@ static struct { uint16_t id; } equiv __read_mostly; -static void collect_cpu_info(void) +static void cf_check collect_cpu_info(void) { struct cpu_signature *csig = &this_cpu(cpu_sig); @@ -204,7 +204,7 @@ static enum microcode_match_result compare_header( return compare_revisions(old->patch_id, new->patch_id); } -static enum microcode_match_result compare_patch( +static enum microcode_match_result cf_check compare_patch( const struct microcode_patch *new, const struct microcode_patch *old) { /* Both patches to compare are supposed to be applicable to local CPU. */ @@ -214,7 +214,7 @@ static enum microcode_match_result compare_patch( return compare_header(new, old); } -static int apply_microcode(const struct microcode_patch *patch) +static int cf_check apply_microcode(const struct microcode_patch *patch) { int hw_err; unsigned int cpu = smp_processor_id(); @@ -299,7 +299,8 @@ static int scan_equiv_cpu_table(const struct container_equiv_table *et) return -ESRCH; } -static struct microcode_patch *cpu_request_microcode(const void *buf, size_t size) +static struct microcode_patch *cf_check cpu_request_microcode( + const void *buf, size_t size) { const struct microcode_patch *saved = NULL; struct microcode_patch *patch = NULL; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 8413642080..c07f68ba35 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -291,12 +291,12 @@ static int wait_for_condition(bool (*func)(unsigned int data), return 0; } -static bool wait_cpu_callin(unsigned int nr) +static bool cf_check wait_cpu_callin(unsigned int nr) { return cpumask_weight(&cpu_callin_map) >= nr; } -static bool wait_cpu_callout(unsigned int nr) +static bool cf_check wait_cpu_callout(unsigned int nr) { return atomic_read(&cpu_out) >= nr; } diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index f6d01490e0..d3864b5ab0 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -116,7 +116,7 @@ static bool signature_matches(const struct cpu_signature *cpu_sig, return cpu_sig->pf & ucode_pf; } -static void collect_cpu_info(void) +static void cf_check collect_cpu_info(void) { struct cpu_signature *csig = &this_cpu(cpu_sig); uint64_t msr_content; @@ -271,7 +271,7 @@ static enum microcode_match_result microcode_update_match( return compare_revisions(cpu_sig->rev, mc->rev); } -static enum microcode_match_result compare_patch( +static enum microcode_match_result cf_check compare_patch( const struct microcode_patch *new, const struct microcode_patch *old) { /* @@ -284,7 +284,7 @@ static enum microcode_match_result compare_patch( return compare_revisions(old->rev, new->rev); } -static int apply_microcode(const struct microcode_patch *patch) +static int cf_check apply_microcode(const struct microcode_patch *patch) { uint64_t msr_content; unsigned int cpu = smp_processor_id(); @@ -323,8 +323,8 @@ static int apply_microcode(const struct microcode_patch *patch) return 0; } -static struct microcode_patch *cpu_request_microcode(const void *buf, - size_t size) +static struct microcode_patch *cf_check cpu_request_microcode( + const void *buf, size_t size) { int error = 0; const struct microcode_patch *saved = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:16:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:16:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277619.474273 (Exim 4.92) (envelope-from ) id 1nMuJu-0005TU-4S; Wed, 23 Feb 2022 16:16:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277619.474273; Wed, 23 Feb 2022 16:16:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJu-0005TH-14; Wed, 23 Feb 2022 16:16:50 +0000 Received: by outflank-mailman (input) for mailman id 277619; Wed, 23 Feb 2022 16:16:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJt-0005T7-I8 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuJt-0005H7-HW for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuJt-00040W-Gl for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ppHIpDAy1ZcO0mj9xwIsuqo7UnjngtNx42gjKLRws40=; b=wnpQXDg8qEqS/wLuhhaEQ/0kM3 LbduANSUl+V7PctwHfCxVD9q09qZDD0iwnUn7By6kI9bu51SoJX/Evj/Tg611tXnafEENfyTRR7qw cqxKpvZ+2PjqPyFb0jWD2jDaKgx+wyZibcGIoceCna8lqOKn6f2q39lGXuP8nAcyZqKE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/power: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:16:49 +0000 commit 98f93855806d9301f08000be804bc9cbb97011c1 Author: Andrew Cooper AuthorDate: Thu Oct 28 12:00:06 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/power: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. cpufreq_governor_dbs() has no external callers so make it static. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 14 +++++++------- xen/arch/x86/acpi/cpufreq/powernow.c | 15 ++++++++------- xen/common/core_parking.c | 4 ++-- xen/drivers/cpufreq/cpufreq_ondemand.c | 6 ++++-- xen/include/acpi/cpufreq/cpufreq.h | 1 - 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 8133c2dd95..c27cbb2304 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -320,7 +320,7 @@ unsigned int get_measured_perf(unsigned int cpu, unsigned int flag) return policy->cpuinfo.max_freq * perf_percent / 100; } -static unsigned int get_cur_freq_on_cpu(unsigned int cpu) +static unsigned int cf_check get_cur_freq_on_cpu(unsigned int cpu) { struct cpufreq_policy *policy; struct acpi_cpufreq_data *data; @@ -369,8 +369,9 @@ static unsigned int check_freqs(const cpumask_t *mask, unsigned int freq, return 0; } -static int acpi_cpufreq_target(struct cpufreq_policy *policy, - unsigned int target_freq, unsigned int relation) +static int cf_check acpi_cpufreq_target( + struct cpufreq_policy *policy, + unsigned int target_freq, unsigned int relation) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; struct processor_performance *perf; @@ -449,7 +450,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy, return result; } -static int acpi_cpufreq_verify(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_verify(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data; struct processor_performance *perf; @@ -494,8 +495,7 @@ acpi_cpufreq_guess_freq(struct acpi_cpufreq_data *data, unsigned int cpu) } } -static int -acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) { unsigned int i; unsigned int valid_states = 0; @@ -609,7 +609,7 @@ err_unreg: return result; } -static int acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index ca71ecf72d..d4c7dcd5d9 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -67,8 +67,8 @@ static void cf_check update_cpb(void *data) } } -static int powernow_cpufreq_update (int cpuid, - struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_update( + int cpuid, struct cpufreq_policy *policy) { if (!cpumask_test_cpu(cpuid, &cpu_online_map)) return -EINVAL; @@ -78,8 +78,9 @@ static int powernow_cpufreq_update (int cpuid, return 0; } -static int powernow_cpufreq_target(struct cpufreq_policy *policy, - unsigned int target_freq, unsigned int relation) +static int cf_check powernow_cpufreq_target( + struct cpufreq_policy *policy, + unsigned int target_freq, unsigned int relation) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; struct processor_performance *perf; @@ -180,7 +181,7 @@ static void cf_check get_cpu_data(void *arg) amd_fixup_frequency(&perf->states[i]); } -static int powernow_cpufreq_verify(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_verify(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data; struct processor_performance *perf; @@ -197,7 +198,7 @@ static int powernow_cpufreq_verify(struct cpufreq_policy *policy) return cpufreq_frequency_table_verify(policy, data->freq_table); } -static int powernow_cpufreq_cpu_init(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_cpu_init(struct cpufreq_policy *policy) { unsigned int i; unsigned int valid_states = 0; @@ -303,7 +304,7 @@ err_unreg: return result; } -static int powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 4afad04f2f..c4f01291c0 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -53,7 +53,7 @@ static int __init cf_check setup_core_parking_option(const char *str) } custom_param("core_parking", setup_core_parking_option); -static unsigned int core_parking_performance(unsigned int event) +static unsigned int cf_check core_parking_performance(unsigned int event) { unsigned int cpu = -1; @@ -111,7 +111,7 @@ static unsigned int core_parking_performance(unsigned int event) return cpu; } -static unsigned int core_parking_power(unsigned int event) +static unsigned int cf_check core_parking_power(unsigned int event) { unsigned int cpu = -1; diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index ba03eaa233..fbcd14d6c3 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -215,7 +215,8 @@ static void dbs_timer_exit(struct cpu_dbs_info_s *dbs_info) kill_timer(&per_cpu(dbs_timer, dbs_info->cpu)); } -int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event) +static int cf_check cpufreq_governor_dbs( + struct cpufreq_policy *policy, unsigned int event) { unsigned int cpu = policy->cpu; struct cpu_dbs_info_s *this_dbs_info; @@ -307,7 +308,8 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event) return 0; } -static bool_t __init cpufreq_dbs_handle_option(const char *name, const char *val) +static bool __init cf_check cpufreq_dbs_handle_option( + const char *name, const char *val) { if ( !strcmp(name, "rate") && val ) { diff --git a/xen/include/acpi/cpufreq/cpufreq.h b/xen/include/acpi/cpufreq/cpufreq.h index 4958d3f7d3..e5e58c6c30 100644 --- a/xen/include/acpi/cpufreq/cpufreq.h +++ b/xen/include/acpi/cpufreq/cpufreq.h @@ -227,7 +227,6 @@ struct cpu_dbs_info_s { int8_t stoppable; }; -int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event); int get_cpufreq_ondemand_para(uint32_t *sampling_rate_max, uint32_t *sampling_rate_min, uint32_t *sampling_rate, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277620.474276 (Exim 4.92) (envelope-from ) id 1nMuK5-0005WG-5K; Wed, 23 Feb 2022 16:17:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277620.474276; Wed, 23 Feb 2022 16:17:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuK5-0005W8-2Y; Wed, 23 Feb 2022 16:17:01 +0000 Received: by outflank-mailman (input) for mailman id 277620; Wed, 23 Feb 2022 16:16:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuK3-0005Vw-LX for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuK3-0005IH-Ki for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuK3-000415-Ju for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:16:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CaH6w1uu1DCVtOvNNBe+YXVAjoMYeG92RnCVMIO1ay0=; b=IUlQHfUpmF4lMgy5AEHTE4Hmb2 RHeWwUChnn8nvUBhVCZj+zLXImLReNUfv3YE0y1LZjwB+7IjR4Yqy+b5/13XE15jRclFrrSqmDyaw S3yUmVEp2Nbc2yzn65DFAPaFu4OefCZRP+d/IJSdxi6jRnSe0MBXK/4ME5bBJQ3Z7ay4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/apic: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:16:59 +0000 commit 15b66009808ac7c5e66824ccac06be15d4129686 Author: Andrew Cooper AuthorDate: Thu Oct 28 14:05:05 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/apic: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/genapic/bigsmp.c | 4 ++-- xen/arch/x86/genapic/delivery.c | 12 ++++++------ xen/arch/x86/genapic/x2apic.c | 16 ++++++++++------ xen/arch/x86/include/asm/genapic.h | 18 +++++++++--------- xen/arch/x86/smp.c | 6 +++--- 5 files changed, 30 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index b9d976e8ab..2000383ab0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -10,7 +10,7 @@ #include #include -static __init int force_bigsmp(const struct dmi_system_id *d) +static int __init cf_check force_bigsmp(const struct dmi_system_id *d) { printk(KERN_NOTICE "%s detected: force use of apic=bigsmp\n", d->ident); def_to_bigsmp = true; @@ -27,7 +27,7 @@ static const struct dmi_system_id __initconstrel bigsmp_dmi_table[] = { }; -static __init int probe_bigsmp(void) +static int __init cf_check probe_bigsmp(void) { /* * We don't implement cluster mode, so force use of diff --git a/xen/arch/x86/genapic/delivery.c b/xen/arch/x86/genapic/delivery.c index 548c33f282..d1f99bf683 100644 --- a/xen/arch/x86/genapic/delivery.c +++ b/xen/arch/x86/genapic/delivery.c @@ -9,7 +9,7 @@ * LOGICAL FLAT DELIVERY MODE (multicast via bitmask to <= 8 logical APIC IDs). */ -void init_apic_ldr_flat(void) +void cf_check init_apic_ldr_flat(void) { unsigned long val; @@ -19,12 +19,12 @@ void init_apic_ldr_flat(void) apic_write(APIC_LDR, val); } -const cpumask_t *vector_allocation_cpumask_flat(int cpu) +const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu) { return &cpu_online_map; } -unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask) +unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask) { return cpumask_bits(cpumask)[0]&0xFF; } @@ -33,17 +33,17 @@ unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask) * PHYSICAL DELIVERY MODE (unicast to physical APIC IDs). */ -void init_apic_ldr_phys(void) +void cf_check init_apic_ldr_phys(void) { /* We only deliver in phys mode - no setup needed. */ } -const cpumask_t *vector_allocation_cpumask_phys(int cpu) +const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu) { return cpumask_of(cpu); } -unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask) +unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask) { /* As we are using single CPU as destination, pick only one CPU here */ return cpu_physical_id(cpumask_any(cpumask)); diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index bd44bb7539..de5032f202 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -38,7 +38,7 @@ static inline u32 x2apic_cluster(unsigned int cpu) return per_cpu(cpu_2_logical_apicid, cpu) >> 16; } -static void init_apic_ldr_x2apic_cluster(void) +static void cf_check init_apic_ldr_x2apic_cluster(void) { unsigned int cpu, this_cpu = smp_processor_id(); @@ -74,12 +74,14 @@ static void init_apic_ldr_x2apic_cluster(void) cpumask_set_cpu(this_cpu, per_cpu(cluster_cpus, this_cpu)); } -static const cpumask_t *vector_allocation_cpumask_x2apic_cluster(int cpu) +static const cpumask_t *cf_check vector_allocation_cpumask_x2apic_cluster( + int cpu) { return per_cpu(cluster_cpus, cpu); } -static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask) +static unsigned int cf_check cpu_mask_to_apicid_x2apic_cluster( + const cpumask_t *cpumask) { unsigned int cpu = cpumask_any(cpumask); unsigned int dest = per_cpu(cpu_2_logical_apicid, cpu); @@ -92,12 +94,13 @@ static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask) return dest; } -static void send_IPI_self_x2apic(uint8_t vector) +static void cf_check send_IPI_self_x2apic(uint8_t vector) { apic_wrmsr(APIC_SELF_IPI, vector); } -static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector) +static void cf_check send_IPI_mask_x2apic_phys( + const cpumask_t *cpumask, int vector) { unsigned int cpu; unsigned long flags; @@ -130,7 +133,8 @@ static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector) local_irq_restore(flags); } -static void send_IPI_mask_x2apic_cluster(const cpumask_t *cpumask, int vector) +static void cf_check send_IPI_mask_x2apic_cluster( + const cpumask_t *cpumask, int vector) { unsigned int cpu = smp_processor_id(); cpumask_t *ipimask = per_cpu(scratch_mask, cpu); diff --git a/xen/arch/x86/include/asm/genapic.h b/xen/arch/x86/include/asm/genapic.h index 51a65d3e0f..beeaddf19d 100644 --- a/xen/arch/x86/include/asm/genapic.h +++ b/xen/arch/x86/include/asm/genapic.h @@ -39,12 +39,12 @@ extern struct genapic genapic; extern const struct genapic apic_default; extern const struct genapic apic_bigsmp; -void send_IPI_self_legacy(uint8_t vector); +void cf_check send_IPI_self_legacy(uint8_t vector); -void init_apic_ldr_flat(void); -unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask); -void send_IPI_mask_flat(const cpumask_t *mask, int vector); -const cpumask_t *vector_allocation_cpumask_flat(int cpu); +void cf_check init_apic_ldr_flat(void); +unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask); +void cf_check send_IPI_mask_flat(const cpumask_t *mask, int vector); +const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu); #define GENAPIC_FLAT \ .int_delivery_mode = dest_LowestPrio, \ .int_dest_mode = 1 /* logical delivery */, \ @@ -54,10 +54,10 @@ const cpumask_t *vector_allocation_cpumask_flat(int cpu); .send_IPI_mask = send_IPI_mask_flat, \ .send_IPI_self = send_IPI_self_legacy -void init_apic_ldr_phys(void); -unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask); -void send_IPI_mask_phys(const cpumask_t *mask, int vector); -const cpumask_t *vector_allocation_cpumask_phys(int cpu); +void cf_check init_apic_ldr_phys(void); +unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask); +void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector); +const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu); #define GENAPIC_PHYS \ .int_delivery_mode = dest_Fixed, \ .int_dest_mode = 0 /* physical delivery */, \ diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index 33748e629a..0a02086966 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -161,13 +161,13 @@ void send_IPI_self(int vector) * The following functions deal with sending IPIs between CPUs. */ -void send_IPI_self_legacy(uint8_t vector) +void cf_check send_IPI_self_legacy(uint8_t vector) { /* NMI continuation handling relies on using a shorthand here. */ send_IPI_shortcut(APIC_DEST_SELF, vector, APIC_DEST_PHYSICAL); } -void send_IPI_mask_flat(const cpumask_t *cpumask, int vector) +void cf_check send_IPI_mask_flat(const cpumask_t *cpumask, int vector) { unsigned long mask = cpumask_bits(cpumask)[0]; unsigned long cfg; @@ -204,7 +204,7 @@ void send_IPI_mask_flat(const cpumask_t *cpumask, int vector) local_irq_restore(flags); } -void send_IPI_mask_phys(const cpumask_t *mask, int vector) +void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector) { unsigned long cfg, flags; unsigned int query_cpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277621.474280 (Exim 4.92) (envelope-from ) id 1nMuKF-0005Yr-6y; Wed, 23 Feb 2022 16:17:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277621.474280; Wed, 23 Feb 2022 16:17:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKF-0005Yj-41; Wed, 23 Feb 2022 16:17:11 +0000 Received: by outflank-mailman (input) for mailman id 277621; Wed, 23 Feb 2022 16:17:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKD-0005YZ-Oj for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKD-0005IY-Nz for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuKD-000424-NH for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xvCHWldZpvHUt/IuBIwfMqaPELe//pJpiJNAG0ljAjw=; b=Sot4O5OVBV/4PhJT5jczo6cL23 yzfr8EmCUSnYbPGwB8a5Ci2Y3uhGbN5/FDAmMWIY/Mt/QPTR9XyiQ9kny4awsEJwRTaLj9oUioxzD iuZwf8l4+gEjmy0nGCRk7kTSCbhhY2wggmIW+TM0VFfQWxlrDuLGFB4DFW37wCwy9JC8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/nmi: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:17:09 +0000 commit b1a7d40f30cde6e5b71ee23de25f9cae9837709e Author: Andrew Cooper AuthorDate: Fri Oct 29 14:05:07 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/nmi: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/alternative.c | 4 ++-- xen/arch/x86/cpu/microcode/core.c | 3 ++- xen/arch/x86/crash.c | 3 ++- xen/arch/x86/livepatch.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/traps.c | 3 ++- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1cb531c9df..436047abe0 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -324,8 +324,8 @@ static unsigned int __initdata alt_done; * condition where an NMI hits while we are midway though patching some * instructions in the NMI path. */ -static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, - int cpu) +static int __init cf_check nmi_apply_alternatives( + const struct cpu_user_regs *regs, int cpu) { /* * More than one NMI may occur between the two set_nmi_callback() below. diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index c07f68ba35..f84dafa826 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -376,7 +376,8 @@ static int primary_thread_work(const struct microcode_patch *patch) return ret; } -static int microcode_nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check microcode_nmi_callback( + const struct cpu_user_regs *regs, int cpu) { unsigned int primary = cpumask_first(this_cpu(cpu_sibling_mask)); int ret; diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index f6264946a6..c383f718f5 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -36,7 +36,8 @@ static unsigned int crashing_cpu; static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done); /* This becomes the NMI handler for non-crashing CPUs, when Xen is crashing. */ -static int noreturn do_nmi_crash(const struct cpu_user_regs *regs, int cpu) +static int noreturn cf_check do_nmi_crash( + const struct cpu_user_regs *regs, int cpu) { stac(); diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index d056b1ed8b..37c9b8435e 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -175,7 +175,7 @@ static nmi_callback_t *saved_nmi_callback; * Note that because of this NOP code the do_nmi is not safely patchable. * Also if we do receive 'real' NMIs we have lost them. */ -static int mask_nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check mask_nmi_callback(const struct cpu_user_regs *regs, int cpu) { /* TODO: Handle missing NMI/MCE.*/ return 1; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index 6ebe20bd1d..a90b728258 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -95,7 +95,7 @@ bool nmi_oprofile_send_virq(void) return v; } -static int nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check nmi_callback(const struct cpu_user_regs *regs, int cpu) { int xen_mode, ovf; diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 485bd66971..7b95710193 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -752,7 +752,8 @@ static cpumask_t show_state_mask; static bool opt_show_all; boolean_param("async-show-all", opt_show_all); -static int nmi_show_execution_state(const struct cpu_user_regs *regs, int cpu) +static int cf_check nmi_show_execution_state( + const struct cpu_user_regs *regs, int cpu) { if ( !cpumask_test_cpu(cpu, &show_state_mask) ) return 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:21 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277622.474283 (Exim 4.92) (envelope-from ) id 1nMuKP-0005cC-9P; Wed, 23 Feb 2022 16:17:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277622.474283; Wed, 23 Feb 2022 16:17:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKP-0005c4-6f; Wed, 23 Feb 2022 16:17:21 +0000 Received: by outflank-mailman (input) for mailman id 277622; Wed, 23 Feb 2022 16:17:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKN-0005br-Rf for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKN-0005Ic-Qz for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuKN-00042Z-QH for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dX+kTVyspZxNYJVZiatfrhwLpAQdiFzkE0GN9Uk1lhA=; b=T6HCIA2NR24GpvF2tCz2JwzIT5 tZ8h9+gKT1iiku7GO4LadWm0Mkke+USG5zf4A/7v1E6TZEJwwffSplPWmFy9VNbp7aVd26q4IDLf7 EJtUriWBRyzgVH68lC0psT+XU9d3/d+xKd1FAXtcowcnvxKtIfeBqCvrNeMfeHd9fxyc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mtrr: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:17:19 +0000 commit 142923eaaf71f6cf38053da13c6dba598aff8839 Author: Andrew Cooper AuthorDate: Thu Oct 28 13:48:54 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/mtrr: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mtrr/generic.c | 18 ++++++++++-------- xen/arch/x86/cpu/mtrr/mtrr.h | 8 ++++---- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 7cf4cd01f3..47aaf76226 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,8 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg) +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. The size (in bytes) of the region. @@ -309,8 +310,8 @@ int generic_get_free_region(unsigned long base, unsigned long size, int replace_ return -ENOSPC; } -static void generic_get_mtrr(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type *type) +static void cf_check generic_get_mtrr( + unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -499,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void generic_set_all(void) +static void cf_check generic_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -522,8 +523,8 @@ static void generic_set_all(void) } } -static void generic_set_mtrr(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type) +static void cf_check generic_set_mtrr( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. The base address of the region. @@ -566,7 +567,8 @@ static void generic_set_mtrr(unsigned int reg, unsigned long base, local_irq_restore(flags); } -int generic_validate_add_page(unsigned long base, unsigned long size, unsigned int type) +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -584,7 +586,7 @@ int generic_validate_add_page(unsigned long base, unsigned long size, unsigned i } -static int generic_have_wrcomb(void) +static int cf_check generic_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index 9a406e6f61..c7fd44daab 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -24,10 +24,10 @@ struct mtrr_ops { int (*have_wrcomb)(void); }; -extern int generic_get_free_region(unsigned long base, unsigned long size, - int replace_reg); -extern int generic_validate_add_page(unsigned long base, unsigned long size, - unsigned int type); +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg); +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type); extern const struct mtrr_ops generic_mtrr_ops; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:31 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277623.474288 (Exim 4.92) (envelope-from ) id 1nMuKZ-0005f4-BB; Wed, 23 Feb 2022 16:17:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277623.474288; Wed, 23 Feb 2022 16:17:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKZ-0005ex-88; Wed, 23 Feb 2022 16:17:31 +0000 Received: by outflank-mailman (input) for mailman id 277623; Wed, 23 Feb 2022 16:17:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKX-0005ej-VO for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKX-0005Im-Uf for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuKX-00043H-Tq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kob6MMJ1M0dYMIggI2WbBQeMBukNq1OuPdi3uEbvI+c=; b=REQkCqbWBxwyDBjnC/LifZbHfg OLJcBim7e7dpXMKbQF8M1SdEhLUsADh6M2RrSY45LP+fOhbI151UPhmol3SnmSvxQL9LurLywbawW G3RGJO0BAVf92DA7DmbaJMRxgx04FpXGLoxHIGGimd0PlC3vBIcoPEmJxHHlSSTY0dnA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/idle: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:17:29 +0000 commit afaa75410ec1010b9ae7c3ae9ce0f3d1c26b6312 Author: Andrew Cooper AuthorDate: Thu Oct 28 13:32:34 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/idle: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 31 +++++++++++++++++++++------- xen/arch/x86/acpi/cpuidle_menu.c | 6 +++--- xen/arch/x86/cpu/mwait-idle.c | 2 +- xen/arch/x86/domain.c | 6 +++--- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/cpuidle.h | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/include/asm/time.h | 6 +++--- xen/arch/x86/time.c | 6 +++--- xen/drivers/cpufreq/cpufreq_misc_governors.c | 14 ++++++------- 10 files changed, 49 insertions(+), 34 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 0142671bb8..557bc6ef86 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -75,7 +75,7 @@ #define GET_CC7_RES(val) GET_HW_RES_IN_NS(0x3FE, val) /* SNB onwards */ #define PHI_CC6_RES(val) GET_HW_RES_IN_NS(0x3FF, val) /* Xeon Phi only */ -static void lapic_timer_nop(void) { } +static void cf_check lapic_timer_nop(void) { } void (*__read_mostly lapic_timer_off)(void); void (*__read_mostly lapic_timer_on)(void); @@ -310,12 +310,27 @@ static char* acpi_cstate_method_name[] = "HALT" }; -static uint64_t get_stime_tick(void) { return (uint64_t)NOW(); } -static uint64_t stime_ticks_elapsed(uint64_t t1, uint64_t t2) { return t2 - t1; } -static uint64_t stime_tick_to_ns(uint64_t ticks) { return ticks; } +static uint64_t cf_check get_stime_tick(void) +{ + return NOW(); +} + +static uint64_t cf_check stime_ticks_elapsed(uint64_t t1, uint64_t t2) +{ + return t2 - t1; +} + +static uint64_t cf_check stime_tick_to_ns(uint64_t ticks) +{ + return ticks; +} + +static uint64_t cf_check get_acpi_pm_tick(void) +{ + return inl(pmtmr_ioport); +} -static uint64_t get_acpi_pm_tick(void) { return (uint64_t)inl(pmtmr_ioport); } -static uint64_t acpi_pm_ticks_elapsed(uint64_t t1, uint64_t t2) +static uint64_t cf_check acpi_pm_ticks_elapsed(uint64_t t1, uint64_t t2) { if ( t2 >= t1 ) return (t2 - t1); @@ -664,7 +679,7 @@ void update_idle_stats(struct acpi_processor_power *power, spin_unlock(&power->stat_lock); } -static void acpi_processor_idle(void) +static void cf_check acpi_processor_idle(void) { unsigned int cpu = smp_processor_id(); struct acpi_processor_power *power = processor_powers[cpu]; @@ -869,7 +884,7 @@ static void acpi_processor_idle(void) cpuidle_current_governor->reflect(power); } -void acpi_dead_idle(void) +void cf_check acpi_dead_idle(void) { struct acpi_processor_power *power; struct acpi_processor_cx *cx; diff --git a/xen/arch/x86/acpi/cpuidle_menu.c b/xen/arch/x86/acpi/cpuidle_menu.c index 6ff5fb8ff2..a275436d79 100644 --- a/xen/arch/x86/acpi/cpuidle_menu.c +++ b/xen/arch/x86/acpi/cpuidle_menu.c @@ -185,7 +185,7 @@ static unsigned int get_sleep_length_us(void) return (us >> 32) ? (unsigned int)-2000 : (unsigned int)us; } -static int menu_select(struct acpi_processor_power *power) +static int cf_check menu_select(struct acpi_processor_power *power) { struct menu_device *data = &this_cpu(menu_devices); int i; @@ -237,7 +237,7 @@ static int menu_select(struct acpi_processor_power *power) return data->last_state_idx; } -static void menu_reflect(struct acpi_processor_power *power) +static void cf_check menu_reflect(struct acpi_processor_power *power) { struct menu_device *data = &this_cpu(menu_devices); u64 new_factor; @@ -275,7 +275,7 @@ static void menu_reflect(struct acpi_processor_power *power) data->correction_factor[data->bucket] = new_factor; } -static int menu_enable_device(struct acpi_processor_power *power) +static int cf_check menu_enable_device(struct acpi_processor_power *power) { memset(&per_cpu(menu_devices, power->cpu), 0, sizeof(struct menu_device)); diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 927ce1b67a..f76c64e04b 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -773,7 +773,7 @@ static const struct cpuidle_state snr_cstates[] = { {} }; -static void mwait_idle(void) +static void cf_check mwait_idle(void) { unsigned int cpu = smp_processor_id(); struct acpi_processor_power *power = processor_powers[cpu]; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index ec0b631f7c..55df2a23f8 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -74,11 +74,11 @@ DEFINE_PER_CPU(struct vcpu *, curr_vcpu); -static void default_idle(void); +static void cf_check default_idle(void); void (*pm_idle) (void) __read_mostly = default_idle; void (*dead_idle) (void) __read_mostly = default_dead_idle; -static void default_idle(void) +static void cf_check default_idle(void) { struct cpu_info *info = get_cpu_info(); @@ -93,7 +93,7 @@ static void default_idle(void) local_irq_enable(); } -void default_dead_idle(void) +void cf_check default_dead_idle(void) { /* * When going into S3, without flushing caches modified data may be diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 5d4f891566..1632993f72 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -706,7 +706,7 @@ void hpet_disable_legacy_broadcast(void) smp_send_event_check_mask(&cpu_online_map); } -void hpet_broadcast_enter(void) +void cf_check hpet_broadcast_enter(void) { unsigned int cpu = smp_processor_id(); struct hpet_event_channel *ch = per_cpu(cpu_bc_channel, cpu); @@ -737,7 +737,7 @@ void hpet_broadcast_enter(void) spin_unlock(&ch->lock); } -void hpet_broadcast_exit(void) +void cf_check hpet_broadcast_exit(void) { unsigned int cpu = smp_processor_id(); struct hpet_event_channel *ch = per_cpu(cpu_bc_channel, cpu); diff --git a/xen/arch/x86/include/asm/cpuidle.h b/xen/arch/x86/include/asm/cpuidle.h index 0981a8fd64..3edd7a75d2 100644 --- a/xen/arch/x86/include/asm/cpuidle.h +++ b/xen/arch/x86/include/asm/cpuidle.h @@ -17,8 +17,8 @@ extern uint64_t (*cpuidle_get_tick)(void); int mwait_idle_init(struct notifier_block *); int cpuidle_init_cpu(unsigned int cpu); -void default_dead_idle(void); -void acpi_dead_idle(void); +void cf_check default_dead_idle(void); +void cf_check acpi_dead_idle(void); void play_dead(void); void trace_exit_reason(u32 *irq_traced); void update_idle_stats(struct acpi_processor_power *, diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 8f9725a95e..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -91,8 +91,8 @@ void hpet_disable_legacy_replacement_mode(void); */ void hpet_broadcast_init(void); void hpet_broadcast_resume(void); -void hpet_broadcast_enter(void); -void hpet_broadcast_exit(void); +void cf_check hpet_broadcast_enter(void); +void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); void hpet_disable_legacy_broadcast(void); diff --git a/xen/arch/x86/include/asm/time.h b/xen/arch/x86/include/asm/time.h index f06f2bfd8b..2a57d930ef 100644 --- a/xen/arch/x86/include/asm/time.h +++ b/xen/arch/x86/include/asm/time.h @@ -43,11 +43,11 @@ int hwdom_pit_access(struct ioreq *ioreq); int cpu_frequency_change(u64 freq); -void pit_broadcast_enter(void); -void pit_broadcast_exit(void); +void cf_check pit_broadcast_enter(void); +void cf_check pit_broadcast_exit(void); int pit_broadcast_is_available(void); -uint64_t acpi_pm_tick_to_ns(uint64_t ticks); +uint64_t cf_check acpi_pm_tick_to_ns(uint64_t ticks); uint64_t tsc_ticks2ns(uint64_t ticks); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index a296704fb1..d5ec58a360 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -545,7 +545,7 @@ static __init int cf_check init_pmtmr_scale(void) } __initcall(init_pmtmr_scale); -uint64_t acpi_pm_tick_to_ns(uint64_t ticks) +uint64_t cf_check acpi_pm_tick_to_ns(uint64_t ticks) { return scale_delta(ticks, &pmt_scale); } @@ -2235,12 +2235,12 @@ static int __init cf_check disable_pit_irq(void) } __initcall(disable_pit_irq); -void pit_broadcast_enter(void) +void cf_check pit_broadcast_enter(void) { cpumask_set_cpu(smp_processor_id(), &pit_broadcast_mask); } -void pit_broadcast_exit(void) +void cf_check pit_broadcast_exit(void) { int cpu = smp_processor_id(); diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index ad79d0f5d2..f5571f5486 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -26,8 +26,8 @@ static unsigned int __read_mostly userspace_cmdline_freq; static DEFINE_PER_CPU(unsigned int, cpu_set_freq); -static int cpufreq_governor_userspace(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_userspace( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; unsigned int cpu; @@ -81,7 +81,7 @@ int write_userspace_scaling_setspeed(unsigned int cpu, unsigned int freq) return __cpufreq_driver_target(policy, freq, CPUFREQ_RELATION_L); } -static bool_t __init +static bool __init cf_check cpufreq_userspace_handle_option(const char *name, const char *val) { if (!strcmp(name, "speed") && val) { @@ -131,8 +131,8 @@ __initcall(cpufreq_gov_userspace_init); /* * cpufreq performance governor */ -static int cpufreq_governor_performance(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_performance( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; @@ -170,8 +170,8 @@ __initcall(cpufreq_gov_performance_init); /* * cpufreq powersave governor */ -static int cpufreq_governor_powersave(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_powersave( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277624.474292 (Exim 4.92) (envelope-from ) id 1nMuKj-0005i8-Ck; Wed, 23 Feb 2022 16:17:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277624.474292; Wed, 23 Feb 2022 16:17:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKj-0005i0-9r; Wed, 23 Feb 2022 16:17:41 +0000 Received: by outflank-mailman (input) for mailman id 277624; Wed, 23 Feb 2022 16:17:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKi-0005ho-2Q for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKi-0005Iq-1i for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuKi-00043m-0x for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xik2BGgxIyCXhOwMSaoO2I/cwAfPUwlqpfEfWZHzJkU=; b=rlRHbyF+Dm/ajVs2UKhgNnjSGD 0+9oDTQgjxe6xyH6CsEjDOb/k46hl9cVCWwwlA+5kInhj0zsqOF1d77K+Pp0KxsgKjVmSX49gWkf4 qFJQ2YXh9iW2Xh1QqOmALz2+tSqn+FbFbwQmufYAliwkVSdlzspDMYMlEJtyHCt3QZqs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/quirks: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:17:40 +0000 commit f8840cabc61ad715ac5dc42b1a9f5a8b3cb22814 Author: Andrew Cooper AuthorDate: Fri Oct 29 20:43:29 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/quirks: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/dmi_scan.c | 10 +++++----- xen/arch/x86/hvm/quirks.c | 2 +- xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/dmi_scan.c b/xen/arch/x86/dmi_scan.c index d27cd3450a..81f80c053a 100644 --- a/xen/arch/x86/dmi_scan.c +++ b/xen/arch/x86/dmi_scan.c @@ -476,7 +476,7 @@ static void __init dmi_save_ident(const struct dmi_header *dm, int slot, int str #define NO_MATCH { DMI_NONE, NULL} #define MATCH DMI_MATCH -static int __init ich10_bios_quirk(const struct dmi_system_id *d) +static int __init cf_check ich10_bios_quirk(const struct dmi_system_id *d) { u32 port, smictl; @@ -499,14 +499,14 @@ static int __init ich10_bios_quirk(const struct dmi_system_id *d) return 0; } -static __init int reset_videomode_after_s3(const struct dmi_blacklist *d) +static __init int cf_check reset_videomode_after_s3(const struct dmi_blacklist *d) { /* See wakeup.S */ acpi_video_flags |= 2; return 0; } -static __init int dmi_disable_acpi(const struct dmi_blacklist *d) +static __init int cf_check dmi_disable_acpi(const struct dmi_blacklist *d) { if (!acpi_force) { printk(KERN_NOTICE "%s detected: acpi off\n",d->ident); @@ -521,7 +521,7 @@ static __init int dmi_disable_acpi(const struct dmi_blacklist *d) /* * Limit ACPI to CPU enumeration for HT */ -static __init int force_acpi_ht(const struct dmi_blacklist *d) +static __init int cf_check force_acpi_ht(const struct dmi_blacklist *d) { if (!acpi_force) { printk(KERN_NOTICE "%s detected: force use of acpi=ht\n", d->ident); @@ -650,7 +650,7 @@ static const struct dmi_blacklist __initconstrel dmi_blacklist[] = { * out of here. */ -static void __init dmi_decode(const struct dmi_header *dm) +static void __init cf_check dmi_decode(const struct dmi_header *dm) { #ifdef DMI_DEBUG const uint8_t *data = (const void *)dm; diff --git a/xen/arch/x86/hvm/quirks.c b/xen/arch/x86/hvm/quirks.c index 917356b131..2adab1f4b8 100644 --- a/xen/arch/x86/hvm/quirks.c +++ b/xen/arch/x86/hvm/quirks.c @@ -25,7 +25,7 @@ s8 __read_mostly hvm_port80_allowed = -1; boolean_param("hvm_port80", hvm_port80_allowed); -static int __init dmi_hvm_deny_port80(const struct dmi_system_id *id) +static int __init cf_check dmi_hvm_deny_port80(const struct dmi_system_id *id) { printk(XENLOG_WARNING "%s: port 0x80 access %s allowed for HVM guests\n", id->ident, hvm_port80_allowed > 0 ? "forcibly" : "not"); diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index 30985d36a6..7619544d14 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -158,7 +158,7 @@ static void default_reboot_type(void) reboot_type = BOOT_ACPI; } -static int __init override_reboot(const struct dmi_system_id *d) +static int __init cf_check override_reboot(const struct dmi_system_id *d) { enum reboot_type type = (long)d->driver_data; diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 2fa7f3f0bc..74b22b71a1 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -62,7 +62,7 @@ static int __init cf_check parse_mmcfg(const char *s) } custom_param("mmcfg", parse_mmcfg); -static const char __init *pci_mmcfg_e7520(void) +static const char *__init cf_check pci_mmcfg_e7520(void) { u32 win; win = pci_conf_read16(PCI_SBDF(0, 0, 0, 0), 0xce); @@ -84,7 +84,7 @@ static const char __init *pci_mmcfg_e7520(void) return "Intel Corporation E7520 Memory Controller Hub"; } -static const char __init *pci_mmcfg_intel_945(void) +static const char *__init cf_check pci_mmcfg_intel_945(void) { u32 pciexbar, mask = 0, len = 0; @@ -137,7 +137,7 @@ static const char __init *pci_mmcfg_intel_945(void) return "Intel Corporation 945G/GZ/P/PL Express Memory Controller Hub"; } -static const char __init *pci_mmcfg_amd_fam10h(void) +static const char *__init cf_check pci_mmcfg_amd_fam10h(void) { uint32_t address; uint64_t base, msr_content; @@ -190,7 +190,7 @@ static const char __init *pci_mmcfg_amd_fam10h(void) return "AMD Family 10h NB"; } -static const char __init *pci_mmcfg_nvidia_mcp55(void) +static const char *__init cf_check pci_mmcfg_nvidia_mcp55(void) { static bool_t __initdata mcp55_checked; int bus, i; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:17:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:17:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277625.474295 (Exim 4.92) (envelope-from ) id 1nMuKt-0005kz-EJ; Wed, 23 Feb 2022 16:17:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277625.474295; Wed, 23 Feb 2022 16:17:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKt-0005kr-BI; Wed, 23 Feb 2022 16:17:51 +0000 Received: by outflank-mailman (input) for mailman id 277625; Wed, 23 Feb 2022 16:17:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKs-0005ki-6F for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuKs-0005JG-5M for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuKs-00044J-4a for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:17:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XzkqIYukGi0+H99DhX16R86EJSjhp9Kw1POwJ5IsIf0=; b=FY2/W3Pb0RSYXyUQ/NmXZbNRSA dIsoNOeD+KSRY43Om4jclyJ8czQEHAHpx+q1qfukQT9sa4vJbSCXuwgSt2QITyyrvoHJrxzALQSVx epv1+nZXb3rB/5zxRR3VT9zRHPbYEvapFov1+QmPeh0TGa6+/Uj0vwhedwz8zC+LQc5g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvmsave: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:17:50 +0000 commit 5b587af6a79062ff086d3df0d5047577edbde424 Author: Andrew Cooper AuthorDate: Fri Oct 29 16:30:57 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvmsave: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/vmce.c | 4 ++-- xen/arch/x86/emul-i8254.c | 4 ++-- xen/arch/x86/hvm/hpet.c | 4 ++-- xen/arch/x86/hvm/hvm.c | 18 ++++++++++-------- xen/arch/x86/hvm/irq.c | 12 ++++++------ xen/arch/x86/hvm/mtrr.c | 4 ++-- xen/arch/x86/hvm/pmtimer.c | 4 ++-- xen/arch/x86/hvm/rtc.c | 4 ++-- xen/arch/x86/hvm/vioapic.c | 4 ++-- xen/arch/x86/hvm/viridian/viridian.c | 15 ++++++++------- xen/arch/x86/hvm/vlapic.c | 8 ++++---- xen/arch/x86/hvm/vpic.c | 4 ++-- 12 files changed, 44 insertions(+), 41 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index eb6434a3ba..458120f9ad 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -353,7 +353,7 @@ int vmce_wrmsr(uint32_t msr, uint64_t val) } #if CONFIG_HVM -static int vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) { struct hvm_vmce_vcpu ctxt = { .caps = v->arch.vmce.mcg_cap, @@ -365,7 +365,7 @@ static int vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(VMCE_VCPU, v->vcpu_id, h, &ctxt); } -static int vmce_load_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h) +static int cf_check vmce_load_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 0e09a17318..d170f464d9 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -391,7 +391,7 @@ void pit_stop_channel0_irq(PITState *pit) spin_unlock(&pit->lock); } -static int pit_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check pit_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; PITState *pit = domain_vpit(d); @@ -409,7 +409,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int pit_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); int i, rc = 0; diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 7bdb51cfa1..ed512fa65b 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -582,7 +582,7 @@ static const struct hvm_mmio_ops hpet_mmio_ops = { }; -static int hpet_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hpet_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; HPETState *hp = domain_vhpet(d); @@ -645,7 +645,7 @@ static int hpet_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int hpet_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check hpet_load(struct domain *d, hvm_domain_context_t *h) { HPETState *hp = domain_vhpet(d); struct hvm_hw_hpet *rec; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index e87e809a94..4cf313a0ad 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -756,7 +756,7 @@ void hvm_domain_destroy(struct domain *d) destroy_vpci_mmcfg(d); } -static int hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) { struct hvm_tsc_adjust ctxt = { .tsc_adjust = v->arch.hvm.msr_tsc_adjust, @@ -765,7 +765,7 @@ static int hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(TSC_ADJUST, v->vcpu_id, h, &ctxt); } -static int hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -788,7 +788,7 @@ static int hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) HVM_REGISTER_SAVE_RESTORE(TSC_ADJUST, hvm_save_tsc_adjust, hvm_load_tsc_adjust, 1, HVMSR_PER_VCPU); -static int hvm_save_cpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) { struct segment_register seg; struct hvm_hw_cpu ctxt = { @@ -971,7 +971,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (cet ? X86_CR4_CET : 0)); } -static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -1172,7 +1172,8 @@ HVM_REGISTER_SAVE_RESTORE(CPU, hvm_save_cpu_ctxt, hvm_load_cpu_ctxt, 1, save_area) + \ xstate_ctxt_size(xcr0)) -static int hvm_save_cpu_xsave_states(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_xsave_states( + struct vcpu *v, hvm_domain_context_t *h) { struct hvm_hw_cpu_xsave *ctxt; unsigned int size = HVM_CPU_XSAVE_SIZE(v->arch.xcr0_accum); @@ -1210,7 +1211,8 @@ CHECK_FIELD_(struct, xsave_hdr, reserved); #undef compat_xsave_hdr #undef xen_xsave_hdr -static int hvm_load_cpu_xsave_states(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_xsave_states( + struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid, size; int err; @@ -1338,7 +1340,7 @@ static const uint32_t msrs_to_send[] = { MSR_AMD64_DR3_ADDRESS_MASK, }; -static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); @@ -1418,7 +1420,7 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) return 0; } -static int hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) { unsigned int i, vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index a7f8991a7b..5a7f39b54f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -657,7 +657,7 @@ static int __init cf_check dump_irq_info_key_init(void) } __initcall(dump_irq_info_key_init); -static int irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -690,7 +690,7 @@ static int irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -699,7 +699,7 @@ static int irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(ISA_IRQ, 0, h, &hvm_irq->isa_irq); } -static int irq_save_link(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_link(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -708,7 +708,7 @@ static int irq_save_link(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(PCI_LINK, 0, h, &hvm_irq->pci_link); } -static int irq_load_pci(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_pci(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int link, dev, intx, gsi; @@ -741,7 +741,7 @@ static int irq_load_pci(struct domain *d, hvm_domain_context_t *h) return 0; } -static int irq_load_isa(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_isa(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int irq; @@ -760,7 +760,7 @@ static int irq_load_isa(struct domain *d, hvm_domain_context_t *h) } -static int irq_load_link(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_link(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int link, gsi; diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index 42f3d83192..4d2aa6def8 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -687,7 +687,7 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start, return 0; } -static int hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) { const struct mtrr_state *mtrr_state = &v->arch.hvm.mtrr; struct hvm_hw_mtrr hw_mtrr = { @@ -725,7 +725,7 @@ static int hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(MTRR, v->vcpu_id, h, &hw_mtrr); } -static int hvm_load_mtrr_msr(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_mtrr_msr(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid, i; struct vcpu *v; diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 60e3c8de4c..2a89bbdfa5 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -249,7 +249,7 @@ static int cf_check handle_pmt_io( return X86EMUL_OKAY; } -static int acpi_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check acpi_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_hw_acpi *acpi = &d->arch.hvm.acpi; @@ -281,7 +281,7 @@ static int acpi_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int acpi_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check acpi_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_hw_acpi *acpi = &d->arch.hvm.acpi; PMTState *s = &d->arch.hvm.pl_time->vpmt; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index bdc647e433..ed397276fa 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -738,7 +738,7 @@ void rtc_migrate_timers(struct vcpu *v) } /* Save RTC hardware state */ -static int rtc_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check rtc_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; RTCState *s = domain_vrtc(d); @@ -756,7 +756,7 @@ static int rtc_save(struct vcpu *v, hvm_domain_context_t *h) } /* Reload the hardware state from a saved domain */ -static int rtc_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check rtc_load(struct domain *d, hvm_domain_context_t *h) { RTCState *s = domain_vrtc(d); diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index b56549aa22..d5d5b02421 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -590,7 +590,7 @@ int vioapic_get_trigger_mode(const struct domain *d, unsigned int gsi) return vioapic->redirtbl[pin].fields.trig_mode; } -static int ioapic_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check ioapic_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_vioapic *s; @@ -607,7 +607,7 @@ static int ioapic_save(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(IOAPIC, 0, h, &s->domU); } -static int ioapic_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check ioapic_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_vioapic *s; diff --git a/xen/arch/x86/hvm/viridian/viridian.c b/xen/arch/x86/hvm/viridian/viridian.c index 7ebcaa1c89..25dca93e8b 100644 --- a/xen/arch/x86/hvm/viridian/viridian.c +++ b/xen/arch/x86/hvm/viridian/viridian.c @@ -1104,8 +1104,8 @@ void viridian_unmap_guest_page(struct viridian_page *vp) put_page_and_type(page); } -static int viridian_save_domain_ctxt(struct vcpu *v, - hvm_domain_context_t *h) +static int cf_check viridian_save_domain_ctxt( + struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; const struct viridian_domain *vd = d->arch.hvm.viridian; @@ -1123,8 +1123,8 @@ static int viridian_save_domain_ctxt(struct vcpu *v, return (hvm_save_entry(VIRIDIAN_DOMAIN, 0, h, &ctxt) != 0); } -static int viridian_load_domain_ctxt(struct domain *d, - hvm_domain_context_t *h) +static int cf_check viridian_load_domain_ctxt( + struct domain *d, hvm_domain_context_t *h) { struct viridian_domain *vd = d->arch.hvm.viridian; struct hvm_viridian_domain_context ctxt; @@ -1144,7 +1144,8 @@ static int viridian_load_domain_ctxt(struct domain *d, HVM_REGISTER_SAVE_RESTORE(VIRIDIAN_DOMAIN, viridian_save_domain_ctxt, viridian_load_domain_ctxt, 1, HVMSR_PER_DOM); -static int viridian_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check viridian_save_vcpu_ctxt( + struct vcpu *v, hvm_domain_context_t *h) { struct hvm_viridian_vcpu_context ctxt = {}; @@ -1157,8 +1158,8 @@ static int viridian_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(VIRIDIAN_VCPU, v->vcpu_id, h, &ctxt); } -static int viridian_load_vcpu_ctxt(struct domain *d, - hvm_domain_context_t *h) +static int cf_check viridian_load_vcpu_ctxt( + struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index 652e3cb87f..d4e29ef1ff 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -1482,7 +1482,7 @@ static void lapic_rearm(struct vlapic *s) s->timer_last_update = s->pt.last_plt_gtime; } -static int lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) { if ( !has_vlapic(v->domain) ) return 0; @@ -1490,7 +1490,7 @@ static int lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(LAPIC, v->vcpu_id, h, &vcpu_vlapic(v)->hw); } -static int lapic_save_regs(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check lapic_save_regs(struct vcpu *v, hvm_domain_context_t *h) { if ( !has_vlapic(v->domain) ) return 0; @@ -1529,7 +1529,7 @@ static void lapic_load_fixup(struct vlapic *vlapic) } } -static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) +static int cf_check lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -1563,7 +1563,7 @@ static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) return 0; } -static int lapic_load_regs(struct domain *d, hvm_domain_context_t *h) +static int cf_check lapic_load_regs(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 5d8ef259b7..b3cafaab8f 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -400,7 +400,7 @@ static int cf_check vpic_intercept_elcr_io( return X86EMUL_OKAY; } -static int vpic_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check vpic_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_hw_vpic *s; @@ -420,7 +420,7 @@ static int vpic_save(struct vcpu *v, hvm_domain_context_t *h) return 0; } -static int vpic_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check vpic_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_hw_vpic *s; unsigned int inst = hvm_load_instance(h); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277627.474301 (Exim 4.92) (envelope-from ) id 1nMuL3-0005oK-Hb; Wed, 23 Feb 2022 16:18:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277627.474301; Wed, 23 Feb 2022 16:18:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuL3-0005oC-EC; Wed, 23 Feb 2022 16:18:01 +0000 Received: by outflank-mailman (input) for mailman id 277627; Wed, 23 Feb 2022 16:18:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuL2-0005o6-9Y for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuL2-0005JK-8h for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuL2-00044s-7v for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ov43N6UHJ7iPNg65Vl3HrWixzmzDdfnrYhvj0TIh+aE=; b=ic62Ztszl0R1O5G3dUg1O1LIO/ Jua1yAFOrCXiiplLZVJUzUlOA1A7d8d8+DqU2qDUBj1Z3JXfpcYX6hI1UrTcZ/cgghqGInsR7JXiL U4ODgmVUr7DblKM6Aindzli9lWO/j2JortuoVXz41iwuzwTJWruYriDcsOxMyEyGyF18=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mce: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:00 +0000 commit f716c734e9573da42f8c5c6ce301801bf0eb620e Author: Andrew Cooper AuthorDate: Fri Oct 29 11:15:03 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/mce: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/mce.c | 8 ++++---- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 9 ++++---- xen/arch/x86/cpu/mcheck/mce_amd.h | 4 ++-- xen/arch/x86/cpu/mcheck/mce_intel.c | 41 +++++++++++++++++-------------------- 5 files changed, 31 insertions(+), 33 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 3467e0f1a3..275c54be7c 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -75,7 +75,7 @@ static int __init cf_check mce_set_verbosity(const char *str) custom_param("mce_verbosity", mce_set_verbosity); /* Handle unconfigured int18 (should never happen) */ -static void unexpected_machine_check(const struct cpu_user_regs *regs) +static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) { console_force_unlock(); printk("Unexpected Machine Check Exception\n"); @@ -469,7 +469,7 @@ static int mce_urgent_action(const struct cpu_user_regs *regs, } /* Shared #MC handler. */ -void mcheck_cmn_handler(const struct cpu_user_regs *regs) +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs) { static DEFINE_MCE_BARRIER(mce_trap_bar); static atomic_t severity_cpu = ATOMIC_INIT(-1); @@ -1684,7 +1684,7 @@ long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) } int mcinfo_dumpped; -static int x86_mcinfo_dump_panic(mctelem_cookie_t mctc) +static int cf_check x86_mcinfo_dump_panic(mctelem_cookie_t mctc) { struct mc_info *mcip = mctelem_dataptr(mctc); @@ -1801,7 +1801,7 @@ static enum mce_result mce_action(const struct cpu_user_regs *regs, * should be committed for dom0 consumption, 0 if it should be * dismissed. */ -static int mce_delayed_action(mctelem_cookie_t mctc) +static int cf_check mce_delayed_action(mctelem_cookie_t mctc) { enum mce_result result; int ret = 0; diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 1953626919..535d0abf8f 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -70,7 +70,7 @@ extern void x86_mce_vector_register(x86_mce_vector_t); * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ -extern void mcheck_cmn_handler(const struct cpu_user_regs *regs); +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); /* Register a handler for judging whether mce is recoverable. */ typedef bool (*mce_recoverable_t)(uint64_t status); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index 279a8e6f12..d7ae8919df 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -113,7 +113,7 @@ mc_ec2type(uint16_t errorcode) return 0; } -bool mc_amd_recoverable_scan(uint64_t status) +bool cf_check mc_amd_recoverable_scan(uint64_t status) { bool ret = false; enum mc_ec_type ectype; @@ -143,7 +143,7 @@ bool mc_amd_recoverable_scan(uint64_t status) return ret; } -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) { enum mc_ec_type ectype; uint16_t errorcode; @@ -216,7 +216,7 @@ static void mcequirk_amd_apply(enum mcequirk_amd_flags flags) } } -static struct mcinfo_extended * +static struct mcinfo_extended *cf_check amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) { struct mcinfo_extended *mc_ext; @@ -252,7 +252,8 @@ amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) return mc_ext; } -static bool amd_need_clearbank_scan(enum mca_source who, uint64_t status) +static bool cf_check amd_need_clearbank_scan( + enum mca_source who, uint64_t status) { if ( who != MCA_MCE_SCAN ) return true; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.h b/xen/arch/x86/cpu/mcheck/mce_amd.h index 67c4545470..c12c25d745 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.h +++ b/xen/arch/x86/cpu/mcheck/mce_amd.h @@ -1,7 +1,7 @@ #ifndef _MCHECK_AMD_H #define _MCHECK_AMD_H -bool mc_amd_recoverable_scan(uint64_t status); -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); +bool cf_check mc_amd_recoverable_scan(uint64_t status); +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); #endif diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 7aaa56fd02..50198e0c29 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -271,12 +271,13 @@ static void intel_memerr_dhandler( mc_memerr_dhandler(binfo, result, regs); } -static bool intel_srar_check(uint64_t status) +static bool cf_check intel_srar_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srar); } -static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) +static bool cf_check intel_checkaddr( + uint64_t status, uint64_t misc, int addrtype) { if ( !(status & MCi_STATUS_ADDRV) || !(status & MCi_STATUS_MISCV) || @@ -287,10 +288,9 @@ static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) return (addrtype == MC_ADDR_PHYSICAL); } -static void intel_srar_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srar_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -306,15 +306,14 @@ static void intel_srar_dhandler( } } -static bool intel_srao_check(uint64_t status) +static bool cf_check intel_srao_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srao); } -static void intel_srao_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srao_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -333,15 +332,14 @@ static void intel_srao_dhandler( } } -static bool intel_default_check(uint64_t status) +static bool cf_check intel_default_check(uint64_t status) { return true; } -static void intel_default_mce_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs * regs) +static void cf_check intel_default_mce_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs * regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -360,10 +358,9 @@ static const struct mca_error_handler intel_mce_dhandlers[] = { {intel_default_check, intel_default_mce_dhandler} }; -static void intel_default_mce_uhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_default_mce_uhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -396,7 +393,7 @@ static const struct mca_error_handler intel_mce_uhandlers[] = { * 3) ser_support = 1, SRAO, UC = 1, S = 1, AR = 0, [EN = 1] */ -static bool intel_need_clearbank_scan(enum mca_source who, u64 status) +static bool cf_check intel_need_clearbank_scan(enum mca_source who, u64 status) { if ( who == MCA_CMCI_HANDLER ) { @@ -453,7 +450,7 @@ static bool intel_need_clearbank_scan(enum mca_source who, u64 status) * 4) SRAO ser_support = 1, PCC = 0, S = 1, AR = 0, EN = 1 [UC = 1] * 5) UCNA ser_support = 1, OVER = 0, EN = 1, PCC = 0, S = 0, AR = 0, [UC = 1] */ -static bool intel_recoverable_scan(uint64_t status) +static bool cf_check intel_recoverable_scan(uint64_t status) { if ( !(status & MCi_STATUS_UC ) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277628.474304 (Exim 4.92) (envelope-from ) id 1nMuLD-0005rB-Ig; Wed, 23 Feb 2022 16:18:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277628.474304; Wed, 23 Feb 2022 16:18:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLD-0005r3-Fj; Wed, 23 Feb 2022 16:18:11 +0000 Received: by outflank-mailman (input) for mailman id 277628; Wed, 23 Feb 2022 16:18:10 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLC-0005qs-Ci for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:10 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLC-0005Jb-Bu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:10 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuLC-00045U-BD for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:10 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rsN08/Xxd2mqKnP2pUop+DbmaZdOAE8v0+o3fpkHWfo=; b=z2PGO5PaQbs2ZRf8y5Inro8vJp pgaXKv2T2xkLbTumy2qeS+RcjeDUgr1r03na8ub02Sz93CdhPM3hIgDT74Vk3n7LnLBLPcbb6+bh4 giUUOdTmUQy9GPflCkkfKGNFaQO3pBa6Fif4zGJcP3aKpmCXXhaOLmTo/AsT3Z10dvzw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pmu: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:10 +0000 commit 8ec706d9024f82e4be8deadf7bebbb25efae8396 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:07:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/pmu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/vpmu_amd.c | 16 ++++++++-------- xen/arch/x86/cpu/vpmu_intel.c | 16 ++++++++-------- xen/arch/x86/oprofile/op_model_athlon.c | 16 ++++++++-------- xen/arch/x86/oprofile/op_model_p4.c | 14 +++++++------- xen/arch/x86/oprofile/op_model_ppro.c | 26 ++++++++++++++------------ 5 files changed, 45 insertions(+), 43 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 25ad4ecf48..5963ce9015 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -186,7 +186,7 @@ static void amd_vpmu_unset_msr_bitmap(struct vcpu *v) msr_bitmap_off(vpmu); } -static int amd_vpmu_do_interrupt(struct cpu_user_regs *regs) +static int cf_check amd_vpmu_do_interrupt(struct cpu_user_regs *regs) { return 1; } @@ -206,7 +206,7 @@ static inline void context_load(struct vcpu *v) } } -static int amd_vpmu_load(struct vcpu *v, bool_t from_guest) +static int cf_check amd_vpmu_load(struct vcpu *v, bool from_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct xen_pmu_amd_ctxt *ctxt; @@ -280,7 +280,7 @@ static inline void context_save(struct vcpu *v) rdmsrl(counters[i], counter_regs[i]); } -static int amd_vpmu_save(struct vcpu *v, bool_t to_guest) +static int cf_check amd_vpmu_save(struct vcpu *v, bool to_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); unsigned int i; @@ -348,7 +348,7 @@ static void context_update(unsigned int msr, u64 msr_content) } } -static int amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) +static int cf_check amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -404,7 +404,7 @@ static int amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) return 0; } -static int amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) +static int cf_check amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) { struct vcpu *v = current; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -422,7 +422,7 @@ static int amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) return 0; } -static void amd_vpmu_destroy(struct vcpu *v) +static void cf_check amd_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -440,7 +440,7 @@ static void amd_vpmu_destroy(struct vcpu *v) } /* VPMU part of the 'q' keyhandler */ -static void amd_vpmu_dump(const struct vcpu *v) +static void cf_check amd_vpmu_dump(const struct vcpu *v) { const struct vpmu_struct *vpmu = vcpu_vpmu(v); const struct xen_pmu_amd_ctxt *ctxt = vpmu->context; @@ -480,7 +480,7 @@ static void amd_vpmu_dump(const struct vcpu *v) } } -static int svm_vpmu_initialise(struct vcpu *v) +static int cf_check svm_vpmu_initialise(struct vcpu *v) { struct xen_pmu_amd_ctxt *ctxt; struct vpmu_struct *vpmu = vcpu_vpmu(v); diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 22dd4469d9..48b81ab6f0 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -288,7 +288,7 @@ static inline void __core2_vpmu_save(struct vcpu *v) rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, core2_vpmu_cxt->global_status); } -static int core2_vpmu_save(struct vcpu *v, bool_t to_guest) +static int cf_check core2_vpmu_save(struct vcpu *v, bool to_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -407,7 +407,7 @@ static int core2_vpmu_verify(struct vcpu *v) return 0; } -static int core2_vpmu_load(struct vcpu *v, bool_t from_guest) +static int cf_check core2_vpmu_load(struct vcpu *v, bool from_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -522,7 +522,7 @@ static int core2_vpmu_msr_common_check(u32 msr_index, int *type, int *index) return 1; } -static int core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) +static int cf_check core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) { int i, tmp; int type = -1, index = -1; @@ -690,7 +690,7 @@ static int core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) return 0; } -static int core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) +static int cf_check core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) { int type = -1, index = -1; struct vcpu *v = current; @@ -730,7 +730,7 @@ static int core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) } /* Dump vpmu info on console, called in the context of keyhandler 'q'. */ -static void core2_vpmu_dump(const struct vcpu *v) +static void cf_check core2_vpmu_dump(const struct vcpu *v) { const struct vpmu_struct *vpmu = vcpu_vpmu(v); unsigned int i; @@ -775,7 +775,7 @@ static void core2_vpmu_dump(const struct vcpu *v) } } -static int core2_vpmu_do_interrupt(struct cpu_user_regs *regs) +static int cf_check core2_vpmu_do_interrupt(struct cpu_user_regs *regs) { struct vcpu *v = current; u64 msr_content; @@ -802,7 +802,7 @@ static int core2_vpmu_do_interrupt(struct cpu_user_regs *regs) return 1; } -static void core2_vpmu_destroy(struct vcpu *v) +static void cf_check core2_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -816,7 +816,7 @@ static void core2_vpmu_destroy(struct vcpu *v) vpmu_clear(vpmu); } -static int vmx_vpmu_initialise(struct vcpu *v) +static int cf_check vmx_vpmu_initialise(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); u64 msr_content; diff --git a/xen/arch/x86/oprofile/op_model_athlon.c b/xen/arch/x86/oprofile/op_model_athlon.c index 2177f02946..7bc5853a6c 100644 --- a/xen/arch/x86/oprofile/op_model_athlon.c +++ b/xen/arch/x86/oprofile/op_model_athlon.c @@ -164,7 +164,7 @@ static inline u64 op_amd_randomize_ibs_op(u64 val) return val; } -static void athlon_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check athlon_fill_in_addresses(struct op_msrs * const msrs) { msrs->counters[0].addr = MSR_K7_PERFCTR0; msrs->counters[1].addr = MSR_K7_PERFCTR1; @@ -177,7 +177,7 @@ static void athlon_fill_in_addresses(struct op_msrs * const msrs) msrs->controls[3].addr = MSR_K7_EVNTSEL3; } -static void fam15h_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check fam15h_fill_in_addresses(struct op_msrs * const msrs) { msrs->counters[0].addr = MSR_AMD_FAM15H_PERFCTR0; msrs->counters[1].addr = MSR_AMD_FAM15H_PERFCTR1; @@ -194,7 +194,7 @@ static void fam15h_fill_in_addresses(struct op_msrs * const msrs) msrs->controls[5].addr = MSR_AMD_FAM15H_EVNTSEL5; } -static void athlon_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check athlon_setup_ctrs(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -308,9 +308,9 @@ static inline int handle_ibs(int mode, struct cpu_user_regs const * const regs) return 1; } -static int athlon_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check athlon_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { uint64_t msr_content; @@ -386,7 +386,7 @@ static inline void start_ibs(void) } } -static void athlon_start(struct op_msrs const * const msrs) +static void cf_check athlon_start(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -415,7 +415,7 @@ static void stop_ibs(void) wrmsrl(MSR_AMD64_IBSOPCTL, 0); } -static void athlon_stop(struct op_msrs const * const msrs) +static void cf_check athlon_stop(struct op_msrs const * const msrs) { uint64_t msr_content; int i; diff --git a/xen/arch/x86/oprofile/op_model_p4.c b/xen/arch/x86/oprofile/op_model_p4.c index b08ba53cbd..d047258644 100644 --- a/xen/arch/x86/oprofile/op_model_p4.c +++ b/xen/arch/x86/oprofile/op_model_p4.c @@ -390,7 +390,7 @@ static unsigned int get_stagger(void) static unsigned long reset_value[NUM_COUNTERS_NON_HT]; -static void p4_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check p4_fill_in_addresses(struct op_msrs * const msrs) { unsigned int i; unsigned int addr, stag; @@ -530,7 +530,7 @@ static void pmc_setup_one_p4_counter(unsigned int ctr) } -static void p4_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check p4_setup_ctrs(struct op_msrs const * const msrs) { unsigned int i; uint64_t msr_content; @@ -609,9 +609,9 @@ static void p4_setup_ctrs(struct op_msrs const * const msrs) } } -static int p4_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check p4_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { unsigned long ctr, stag, real; uint64_t msr_content; @@ -665,7 +665,7 @@ static int p4_check_ctrs(unsigned int const cpu, } -static void p4_start(struct op_msrs const * const msrs) +static void cf_check p4_start(struct op_msrs const * const msrs) { unsigned int stag; uint64_t msr_content; @@ -683,7 +683,7 @@ static void p4_start(struct op_msrs const * const msrs) } -static void p4_stop(struct op_msrs const * const msrs) +static void cf_check p4_stop(struct op_msrs const * const msrs) { unsigned int stag; uint64_t msr_content; diff --git a/xen/arch/x86/oprofile/op_model_ppro.c b/xen/arch/x86/oprofile/op_model_ppro.c index 72c504a102..8d7e13ea87 100644 --- a/xen/arch/x86/oprofile/op_model_ppro.c +++ b/xen/arch/x86/oprofile/op_model_ppro.c @@ -63,7 +63,7 @@ static int counter_width = 32; static unsigned long reset_value[OP_MAX_COUNTER]; int ppro_has_global_ctrl = 0; -static void ppro_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check ppro_fill_in_addresses(struct op_msrs * const msrs) { int i; @@ -74,7 +74,7 @@ static void ppro_fill_in_addresses(struct op_msrs * const msrs) } -static void ppro_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check ppro_setup_ctrs(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -128,9 +128,9 @@ static void ppro_setup_ctrs(struct op_msrs const * const msrs) } } -static int ppro_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check ppro_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { u64 val; int i; @@ -170,7 +170,7 @@ static int ppro_check_ctrs(unsigned int const cpu, } -static void ppro_start(struct op_msrs const * const msrs) +static void cf_check ppro_start(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -190,7 +190,7 @@ static void ppro_start(struct op_msrs const * const msrs) } -static void ppro_stop(struct op_msrs const * const msrs) +static void cf_check ppro_stop(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -206,7 +206,7 @@ static void ppro_stop(struct op_msrs const * const msrs) wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0x0ULL); } -static int ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) +static int cf_check ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) { if ( (msr_index >= MSR_IA32_PERFCTR0) && (msr_index < (MSR_IA32_PERFCTR0 + num_counters)) ) @@ -226,7 +226,7 @@ static int ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) return 0; } -static int ppro_allocate_msr(struct vcpu *v) +static int cf_check ppro_allocate_msr(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct arch_msr_pair *msr_content; @@ -245,7 +245,7 @@ out: return 0; } -static void ppro_free_msr(struct vcpu *v) +static void cf_check ppro_free_msr(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -255,7 +255,8 @@ static void ppro_free_msr(struct vcpu *v) vpmu_reset(vpmu, VPMU_PASSIVE_DOMAIN_ALLOCATED); } -static void ppro_load_msr(struct vcpu *v, int type, int index, u64 *msr_content) +static void cf_check ppro_load_msr( + struct vcpu *v, int type, int index, u64 *msr_content) { struct arch_msr_pair *msrs = vcpu_vpmu(v)->context; switch ( type ) @@ -269,7 +270,8 @@ static void ppro_load_msr(struct vcpu *v, int type, int index, u64 *msr_content) } } -static void ppro_save_msr(struct vcpu *v, int type, int index, u64 msr_content) +static void cf_check ppro_save_msr( + struct vcpu *v, int type, int index, u64 msr_content) { struct arch_msr_pair *msrs = vcpu_vpmu(v)->context; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:21 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277629.474308 (Exim 4.92) (envelope-from ) id 1nMuLN-0005tx-KM; Wed, 23 Feb 2022 16:18:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277629.474308; Wed, 23 Feb 2022 16:18:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLN-0005tn-HL; Wed, 23 Feb 2022 16:18:21 +0000 Received: by outflank-mailman (input) for mailman id 277629; Wed, 23 Feb 2022 16:18:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLM-0005tW-G0 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLM-0005Jf-FI for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuLM-000465-EQ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pO6kfTe6GyU+i0j1OkJYV1AyADuPk3XNpl/7EikHQSs=; b=R12EIr5+CENVeiTpnVRP9fskQM /Tt1eoMnl5z8DZpLfiClBC1NNxjbLJZdoMCvwYfAWvWNdZPW5a3VDiO+yKFtFVrNHDZo82Wncq2Pa ljXjUBLzSQfRP5ZD+bC6Ajo1CLaruGKq9QSO33aSROSyZtaF8Xq6h5xsU55LUrKdkNIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpu: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:20 +0000 commit 78f14da74c79864d5b1c5b9df3d3f0ac5a28a546 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:11:52 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/cpu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 6 +++--- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/cpu.h | 2 +- xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 6 +++--- xen/arch/x86/cpu/shanghai.c | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 2d18223f20..4999f8be2b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -208,7 +208,7 @@ static void __init noinline probe_masking_msrs(void) * parameter of NULL is used to context switch to the default host state (by * the cpu bringup-code, crash path, etc). */ -static void amd_ctxt_switch_masking(const struct vcpu *next) +static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) { struct cpuidmasks *these_masks = &this_cpu(cpuidmasks); const struct domain *nextd = next ? next->domain : NULL; @@ -634,7 +634,7 @@ void amd_log_freq(const struct cpuinfo_x86 *c) #undef FREQ } -void early_init_amd(struct cpuinfo_x86 *c) +void cf_check early_init_amd(struct cpuinfo_x86 *c) { if (c == &boot_cpu_data) amd_init_levelling(); @@ -744,7 +744,7 @@ void __init detect_zen2_null_seg_behaviour(void) } -static void init_amd(struct cpuinfo_x86 *c) +static void cf_check init_amd(struct cpuinfo_x86 *c) { u32 l, h; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index 34a5bfcaee..eac49d78db 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -48,7 +48,7 @@ static void init_c3(struct cpuinfo_x86 *c) display_cacheinfo(c); } -static void init_centaur(struct cpuinfo_x86 *c) +static void cf_check init_centaur(struct cpuinfo_x86 *c) { if (c->x86 == 6) init_c3(c); diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 3d61d95386..2429818e60 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -104,7 +104,7 @@ bool __init is_forced_cpu_cap(unsigned int cap) return test_bit(cap, forced_caps); } -static void default_init(struct cpuinfo_x86 * c) +static void cf_check default_init(struct cpuinfo_x86 * c) { /* Not much we can do here... */ /* Check if at least it has cpuid */ diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index b593bd85f0..a228087f91 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -18,7 +18,7 @@ extern void display_cacheinfo(struct cpuinfo_x86 *c); extern void detect_ht(struct cpuinfo_x86 *c); extern bool detect_extended_topology(struct cpuinfo_x86 *c); -void early_init_amd(struct cpuinfo_x86 *c); +void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index cdc94130dd..3c8516e014 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -28,7 +28,7 @@ static void hygon_get_topology(struct cpuinfo_x86 *c) c->phys_proc_id, c->cpu_core_id); } -static void init_hygon(struct cpuinfo_x86 *c) +static void cf_check init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index eb5fba35ca..dc6a0c7807 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -176,7 +176,7 @@ static void __init probe_masking_msrs(void) * parameter of NULL is used to context switch to the default host state (by * the cpu bringup-code, crash path, etc). */ -static void intel_ctxt_switch_masking(const struct vcpu *next) +static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) { struct cpuidmasks *these_masks = &this_cpu(cpuidmasks); const struct domain *nextd = next ? next->domain : NULL; @@ -286,7 +286,7 @@ static void __init noinline intel_init_levelling(void) ctxt_switch_masking = intel_ctxt_switch_masking; } -static void early_init_intel(struct cpuinfo_x86 *c) +static void cf_check early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable, disable; @@ -518,7 +518,7 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) printk("%u MHz\n", (factor * max_ratio + 50) / 100); } -static void init_intel(struct cpuinfo_x86 *c) +static void cf_check init_intel(struct cpuinfo_x86 *c) { /* Detect the extended topology information if available */ detect_extended_topology(c); diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 08a81f0f0c..95ae544f8c 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -3,7 +3,7 @@ #include #include "cpu.h" -static void init_shanghai(struct cpuinfo_x86 *c) +static void cf_check init_shanghai(struct cpuinfo_x86 *c) { if ( cpu_has(c, X86_FEATURE_ITSC) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:31 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277630.474312 (Exim 4.92) (envelope-from ) id 1nMuLX-0005xI-NJ; Wed, 23 Feb 2022 16:18:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277630.474312; Wed, 23 Feb 2022 16:18:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLX-0005xA-KG; Wed, 23 Feb 2022 16:18:31 +0000 Received: by outflank-mailman (input) for mailman id 277630; Wed, 23 Feb 2022 16:18:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLW-0005x1-J8 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLW-0005Jk-IM for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuLW-00046j-HY for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+mSS7IPDFpZ1A4uaz/9HNA2x9sciShheGjZmLKwG/0U=; b=1pO+fiIZHxZX53WKhHLhLxoD4I jCVJKIyIajkEE6pE8J4KeybL8Ya8CeOaLfVrOBKZRss4FTyYJ+Slaiv+of2ImUDjr9kxWTvIeR7gV nmD7/Pap/to27ht8jHOx9u+X7eF+iyCrUCY7UVYDVFlIWJqEXoBWLYO7aNMSK4HUIDxc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/guest: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:30 +0000 commit ba2aec1b7a54284535cb1c093c219e9d4e63a298 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:23:09 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/guest: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/guest/hyperv/hyperv.c | 10 +++++----- xen/arch/x86/guest/xen/xen.c | 11 ++++++----- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index 84221b7514..b101ba3080 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -175,7 +175,7 @@ static int setup_vp_assist(void) return 0; } -static void __init setup(void) +static void __init cf_check setup(void) { ASM_CONSTANT(HV_HCALL_PAGE, __fix_x_to_virt(FIX_X_HYPERV_HCALL)); @@ -188,7 +188,7 @@ static void __init setup(void) panic("VP assist page setup failed\n"); } -static int ap_setup(void) +static int cf_check ap_setup(void) { int rc; @@ -199,7 +199,7 @@ static int ap_setup(void) return setup_vp_assist(); } -static void __init e820_fixup(struct e820map *e820) +static void __init cf_check e820_fixup(struct e820map *e820) { uint64_t s = HV_HCALL_MFN << PAGE_SHIFT; @@ -207,8 +207,8 @@ static void __init e820_fixup(struct e820map *e820) panic("Unable to reserve Hyper-V hypercall range\n"); } -static int flush_tlb(const cpumask_t *mask, const void *va, - unsigned int flags) +static int cf_check flush_tlb( + const cpumask_t *mask, const void *va, unsigned int flags) { if ( !(ms_hyperv.hints & HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED) ) return -EOPNOTSUPP; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 17807cdea6..9c2defaa66 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -237,7 +237,7 @@ static int init_evtchn(void) return rc; } -static void __init setup(void) +static void __init cf_check setup(void) { init_memmap(); @@ -265,7 +265,7 @@ static void __init setup(void) BUG_ON(init_evtchn()); } -static int ap_setup(void) +static int cf_check ap_setup(void) { set_vcpu_id(); @@ -295,7 +295,7 @@ static void cf_check ap_resume(void *unused) BUG_ON(init_evtchn()); } -static void resume(void) +static void cf_check resume(void) { /* Reset shared info page. */ map_shared_info(); @@ -318,13 +318,14 @@ static void resume(void) pv_console_init(); } -static void __init e820_fixup(struct e820map *e820) +static void __init cf_check e820_fixup(struct e820map *e820) { if ( pv_shim ) pv_shim_fixup_e820(e820); } -static int flush_tlb(const cpumask_t *mask, const void *va, unsigned int flags) +static int cf_check flush_tlb( + const cpumask_t *mask, const void *va, unsigned int flags) { return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277631.474316 (Exim 4.92) (envelope-from ) id 1nMuLh-00060M-Oq; Wed, 23 Feb 2022 16:18:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277631.474316; Wed, 23 Feb 2022 16:18:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLh-00060E-Ll; Wed, 23 Feb 2022 16:18:41 +0000 Received: by outflank-mailman (input) for mailman id 277631; Wed, 23 Feb 2022 16:18:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLg-000604-M8 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLg-0005Jy-LU for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuLg-00047G-Kp for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O0GebHH5PF+bsQ2WBYinrRjMV6UaRFdiyP3AKeoSmRg=; b=Hasw7Y6an1JA1qAsF982e834Je vZnOyahI7FlYSzCMc3eP9OORacPMTeFkChnFrEH0kjpuiz5AVaXOOoI1H7kWTw25JBT/6TriYqQZl dvyzft4s19Ds71/2C6FWWyFhFIXaPyqVk5SZgP6QaN54aXdk9XldH8/kC5owc58tSsFA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/logdirty: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:40 +0000 commit 82081d6ef72b287d7e41807f50f070e0ebd408fe Author: Andrew Cooper AuthorDate: Fri Oct 29 17:35:26 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/logdirty: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/hap.c | 6 +++--- xen/arch/x86/mm/shadow/common.c | 12 ++++++------ xen/arch/x86/mm/shadow/none.c | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index de4b13565a..ed5112b00b 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -180,7 +180,7 @@ out: * NB: Domain that having device assigned should not set log_global. Because * there is no way to track the memory updating from device. */ -static int hap_enable_log_dirty(struct domain *d, bool_t log_global) +static int cf_check hap_enable_log_dirty(struct domain *d, bool log_global) { struct p2m_domain *p2m = p2m_get_hostp2m(d); @@ -211,7 +211,7 @@ static int hap_enable_log_dirty(struct domain *d, bool_t log_global) return 0; } -static int hap_disable_log_dirty(struct domain *d) +static int cf_check hap_disable_log_dirty(struct domain *d) { paging_lock(d); d->arch.paging.mode &= ~PG_log_dirty; @@ -228,7 +228,7 @@ static int hap_disable_log_dirty(struct domain *d) return 0; } -static void hap_clean_dirty_bitmap(struct domain *d) +static void cf_check hap_clean_dirty_bitmap(struct domain *d) { /* * Switch to log-dirty mode, either by setting l1e entries of P2M table to diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 83dedc8870..071a19adce 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -40,9 +40,9 @@ DEFINE_PER_CPU(uint32_t,trace_shadow_path_flags); -static int sh_enable_log_dirty(struct domain *, bool log_global); -static int sh_disable_log_dirty(struct domain *); -static void sh_clean_dirty_bitmap(struct domain *); +static int cf_check sh_enable_log_dirty(struct domain *, bool log_global); +static int cf_check sh_disable_log_dirty(struct domain *); +static void cf_check sh_clean_dirty_bitmap(struct domain *); /* Set up the shadow-specific parts of a domain struct at start of day. * Called for every domain from arch_domain_create() */ @@ -3016,7 +3016,7 @@ static int shadow_test_disable(struct domain *d) /* Shadow specific code which is called in paging_log_dirty_enable(). * Return 0 if no problem found. */ -static int sh_enable_log_dirty(struct domain *d, bool log_global) +static int cf_check sh_enable_log_dirty(struct domain *d, bool log_global) { int ret; @@ -3044,7 +3044,7 @@ static int sh_enable_log_dirty(struct domain *d, bool log_global) } /* shadow specfic code which is called in paging_log_dirty_disable() */ -static int sh_disable_log_dirty(struct domain *d) +static int cf_check sh_disable_log_dirty(struct domain *d) { int ret; @@ -3058,7 +3058,7 @@ static int sh_disable_log_dirty(struct domain *d) /* This function is called when we CLEAN log dirty bitmap. See * paging_log_dirty_op() for details. */ -static void sh_clean_dirty_bitmap(struct domain *d) +static void cf_check sh_clean_dirty_bitmap(struct domain *d) { paging_lock(d); /* Need to revoke write access to the domain's pages again. diff --git a/xen/arch/x86/mm/shadow/none.c b/xen/arch/x86/mm/shadow/none.c index 79889b926a..463a0e3e89 100644 --- a/xen/arch/x86/mm/shadow/none.c +++ b/xen/arch/x86/mm/shadow/none.c @@ -1,19 +1,19 @@ #include #include -static int _enable_log_dirty(struct domain *d, bool log_global) +static int cf_check _enable_log_dirty(struct domain *d, bool log_global) { ASSERT(is_pv_domain(d)); return -EOPNOTSUPP; } -static int _disable_log_dirty(struct domain *d) +static int cf_check _disable_log_dirty(struct domain *d) { ASSERT(is_pv_domain(d)); return -EOPNOTSUPP; } -static void _clean_dirty_bitmap(struct domain *d) +static void cf_check _clean_dirty_bitmap(struct domain *d) { ASSERT(is_pv_domain(d)); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:18:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:18:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277632.474320 (Exim 4.92) (envelope-from ) id 1nMuLr-00063I-QH; Wed, 23 Feb 2022 16:18:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277632.474320; Wed, 23 Feb 2022 16:18:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLr-00063A-NF; Wed, 23 Feb 2022 16:18:51 +0000 Received: by outflank-mailman (input) for mailman id 277632; Wed, 23 Feb 2022 16:18:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLq-000630-Pn for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuLq-0005KR-P3 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuLq-00049N-O9 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:18:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nlyogx7Fje37hTfaDpetBcqapc95DM1C1yhQUoPiNM8=; b=yiBFQo5SrP70yND3QFUJxou6bP bc6ziuNEqniO3SFvVHt1GYSSnoZgqlZprw5y7VDDtJp9hteQuGOeizcJ0bFQY4+ww/l3UIjFBcgWT AgVzCSwnkFomabWLEwE0p4Jbxd8Gl+qQKtBHCfzxFyuAiM9FAoxEsq2XgDGOZEw1abwI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:18:50 +0000 commit 5ea89176628017620899ce119913eee1c313137f Author: Andrew Cooper AuthorDate: Fri Oct 29 15:41:15 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/shadow: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/shadow/common.c | 11 +++--- xen/arch/x86/mm/shadow/hvm.c | 8 ++-- xen/arch/x86/mm/shadow/multi.c | 80 ++++++++++++++++++++-------------------- xen/arch/x86/mm/shadow/multi.h | 20 +++++----- xen/arch/x86/mm/shadow/none.c | 14 +++---- xen/arch/x86/mm/shadow/private.h | 12 +++--- xen/arch/x86/mm/shadow/pv.c | 4 +- 7 files changed, 74 insertions(+), 75 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 071a19adce..8f11190173 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1215,7 +1215,7 @@ void shadow_free(struct domain *d, mfn_t smfn) * This action is irreversible: the p2m mapping only ever grows. * That's OK because the p2m table only exists for translated domains, * and those domains can't ever turn off shadow mode. */ -static struct page_info * +static struct page_info *cf_check shadow_alloc_p2m_page(struct domain *d) { struct page_info *pg; @@ -1251,7 +1251,7 @@ shadow_alloc_p2m_page(struct domain *d) return pg; } -static void +static void cf_check shadow_free_p2m_page(struct domain *d, struct page_info *pg) { struct domain *owner = page_get_owner(pg); @@ -2290,7 +2290,8 @@ void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, /* Reset the up-pointers of every L3 shadow to 0. * This is called when l3 shadows stop being pinnable, to clear out all * the list-head bits so the up-pointer field is properly inititalised. */ -static int sh_clear_up_pointer(struct vcpu *v, mfn_t smfn, mfn_t unused) +static int cf_check sh_clear_up_pointer( + struct vcpu *v, mfn_t smfn, mfn_t unused) { mfn_to_page(smfn)->up = 0; return 0; @@ -2490,7 +2491,7 @@ static void sh_update_paging_modes(struct vcpu *v) v->arch.paging.mode->update_cr3(v, 0, false); } -void shadow_update_paging_modes(struct vcpu *v) +void cf_check shadow_update_paging_modes(struct vcpu *v) { paging_lock(v->domain); sh_update_paging_modes(v); @@ -3075,7 +3076,7 @@ static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap) } /* Flush TLB of selected vCPUs. NULL for all. */ -bool shadow_flush_tlb(const unsigned long *vcpu_bitmap) +bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap) { static DEFINE_PER_CPU(cpumask_t, flush_cpumask); cpumask_t *mask = &this_cpu(flush_cpumask); diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index c90d326bec..27dd99f1a1 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -794,9 +794,9 @@ sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn) * It means extra emulated writes and slows down removal of mappings. */ } -static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn, - l1_pgentry_t old, l1_pgentry_t new, - unsigned int level) +static void cf_check sh_unshadow_for_p2m_change( + struct domain *d, unsigned long gfn, l1_pgentry_t old, l1_pgentry_t new, + unsigned int level) { mfn_t omfn = l1e_get_mfn(old); unsigned int oflags = l1e_get_flags(old); @@ -879,7 +879,7 @@ static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn, } #if (SHADOW_OPTIMIZATIONS & SHOPT_FAST_FAULT_PATH) -static void +static void cf_check sh_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { struct domain *d = p2m->domain; diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index bddef53163..b0b1c31ee0 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -369,7 +369,7 @@ static void sh_audit_gw(struct vcpu *v, const walk_t *gw) #if GUEST_PAGING_LEVELS == 2 /* From one page of a multi-page shadow, find the next one */ -static inline mfn_t sh_next_page(mfn_t smfn) +static inline mfn_t cf_check sh_next_page(mfn_t smfn) { struct page_info *pg = mfn_to_page(smfn), *next; struct page_list_head h = PAGE_LIST_HEAD_INIT(h); @@ -399,8 +399,7 @@ guest_index(void *ptr) return (u32)((unsigned long)ptr & ~PAGE_MASK) / sizeof(guest_l1e_t); } -static u32 -shadow_l1_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l1_index(mfn_t *smfn, u32 guest_index) { #if (GUEST_PAGING_LEVELS == 2) ASSERT(mfn_to_page(*smfn)->u.sh.head); @@ -412,8 +411,7 @@ shadow_l1_index(mfn_t *smfn, u32 guest_index) #endif } -static u32 -shadow_l2_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l2_index(mfn_t *smfn, u32 guest_index) { #if (GUEST_PAGING_LEVELS == 2) int i; @@ -432,14 +430,12 @@ shadow_l2_index(mfn_t *smfn, u32 guest_index) #if GUEST_PAGING_LEVELS >= 4 -static u32 -shadow_l3_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l3_index(mfn_t *smfn, u32 guest_index) { return guest_index; } -static u32 -shadow_l4_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l4_index(mfn_t *smfn, u32 guest_index) { return guest_index; } @@ -924,7 +920,7 @@ do { \ /**************************************************************************/ /* Create a shadow of a given guest page. */ -static mfn_t +static mfn_t cf_check sh_make_shadow(struct vcpu *v, mfn_t gmfn, u32 shadow_type) { struct domain *d = v->domain; @@ -1459,7 +1455,8 @@ void sh_unhook_64b_mappings(struct domain *d, mfn_t sl4mfn, int user_only) */ #if GUEST_PAGING_LEVELS >= 4 -static int validate_gl4e(struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) +static int cf_check validate_gl4e( + struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) { shadow_l4e_t new_sl4e; guest_l4e_t new_gl4e = *(guest_l4e_t *)new_ge; @@ -1518,7 +1515,8 @@ static int validate_gl4e(struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) } -static int validate_gl3e(struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) +static int cf_check validate_gl3e( + struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) { struct domain *d = v->domain; shadow_l3e_t new_sl3e; @@ -1552,7 +1550,8 @@ static int validate_gl3e(struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) } #endif // GUEST_PAGING_LEVELS >= 4 -static int validate_gl2e(struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) +static int cf_check validate_gl2e( + struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) { struct domain *d = v->domain; shadow_l2e_t new_sl2e; @@ -1599,7 +1598,8 @@ static int validate_gl2e(struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) return result; } -static int validate_gl1e(struct vcpu *v, void *new_ge, mfn_t sl1mfn, void *se) +static int cf_check validate_gl1e( + struct vcpu *v, void *new_ge, mfn_t sl1mfn, void *se) { struct domain *d = v->domain; shadow_l1e_t new_sl1e; @@ -2089,8 +2089,8 @@ static DEFINE_PER_CPU(int,trace_extra_emulation_count); #endif static DEFINE_PER_CPU(guest_pa_t,trace_emulate_write_val); -static void trace_emulate_write_val(const void *ptr, unsigned long vaddr, - const void *src, unsigned int bytes) +static void cf_check trace_emulate_write_val( + const void *ptr, unsigned long vaddr, const void *src, unsigned int bytes) { #if GUEST_PAGING_LEVELS == 3 if ( vaddr == this_cpu(trace_emulate_initial_va) ) @@ -2144,9 +2144,8 @@ static inline void trace_shadow_emulate(guest_l1e_t gl1e, unsigned long va) * shadow code (and the guest should retry) or 0 if it is not (and the * fault should be handled elsewhere or passed to the guest). */ -static int sh_page_fault(struct vcpu *v, - unsigned long va, - struct cpu_user_regs *regs) +static int cf_check sh_page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { struct domain *d = v->domain; walk_t gw; @@ -2898,7 +2897,7 @@ propagate: * instruction should be issued on the hardware, or false if it's safe not * to do so. */ -static bool sh_invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check sh_invlpg(struct vcpu *v, unsigned long linear) { mfn_t sl1mfn; shadow_l2e_t sl2e; @@ -3030,9 +3029,8 @@ static bool sh_invlpg(struct vcpu *v, unsigned long linear) #ifdef CONFIG_HVM -static unsigned long -sh_gva_to_gfn(struct vcpu *v, struct p2m_domain *p2m, - unsigned long va, uint32_t *pfec) +static unsigned long cf_check sh_gva_to_gfn( + struct vcpu *v, struct p2m_domain *p2m, unsigned long va, uint32_t *pfec) /* Called to translate a guest virtual address to what the *guest* * pagetables would map it to. */ { @@ -3196,8 +3194,7 @@ sh_update_linear_entries(struct vcpu *v) * Removes v->arch.paging.shadow.shadow_table[]. * Does all appropriate management/bookkeeping/refcounting/etc... */ -static void -sh_detach_old_tables(struct vcpu *v) +static void cf_check sh_detach_old_tables(struct vcpu *v) { struct domain *d = v->domain; mfn_t smfn; @@ -3216,8 +3213,7 @@ sh_detach_old_tables(struct vcpu *v) } } -static void -sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) /* Updates vcpu->arch.cr3 after the guest has changed CR3. * Paravirtual guests should set v->arch.guest_table (and guest_table_user, * if appropriate). @@ -3525,7 +3521,8 @@ int sh_rm_write_access_from_sl1p(struct domain *d, mfn_t gmfn, #endif /* OOS */ #if defined(CONFIG_HVM) && (SHADOW_OPTIMIZATIONS & SHOPT_WRITABLE_HEURISTIC) -static int sh_guess_wrmap(struct vcpu *v, unsigned long vaddr, mfn_t gmfn) +static int cf_check sh_guess_wrmap( + struct vcpu *v, unsigned long vaddr, mfn_t gmfn) /* Look up this vaddr in the current shadow and see if it's a writeable * mapping of this gmfn. If so, remove it. Returns 1 if it worked. */ { @@ -3589,8 +3586,8 @@ static int sh_guess_wrmap(struct vcpu *v, unsigned long vaddr, mfn_t gmfn) } #endif -int sh_rm_write_access_from_l1(struct domain *d, mfn_t sl1mfn, - mfn_t readonly_mfn) +int cf_check sh_rm_write_access_from_l1( + struct domain *d, mfn_t sl1mfn, mfn_t readonly_mfn) /* Excises all writeable mappings to readonly_mfn from this l1 shadow table */ { shadow_l1e_t *sl1e; @@ -3626,7 +3623,8 @@ int sh_rm_write_access_from_l1(struct domain *d, mfn_t sl1mfn, } -int sh_rm_mappings_from_l1(struct domain *d, mfn_t sl1mfn, mfn_t target_mfn) +int cf_check sh_rm_mappings_from_l1( + struct domain *d, mfn_t sl1mfn, mfn_t target_mfn) /* Excises all mappings to guest frame from this shadow l1 table */ { shadow_l1e_t *sl1e; @@ -3677,7 +3675,7 @@ void sh_clear_shadow_entry(struct domain *d, void *ep, mfn_t smfn) } } -int sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) +int cf_check sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) /* Remove all mappings of this l1 shadow from this l2 shadow */ { shadow_l2e_t *sl2e; @@ -3700,7 +3698,7 @@ int sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) } #if GUEST_PAGING_LEVELS >= 4 -int sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) +int cf_check sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) /* Remove all mappings of this l2 shadow from this l3 shadow */ { shadow_l3e_t *sl3e; @@ -3722,7 +3720,7 @@ int sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) return done; } -int sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) +int cf_check sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) /* Remove all mappings of this l3 shadow from this l4 shadow */ { shadow_l4e_t *sl4e; @@ -3752,7 +3750,7 @@ int sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) * and in the meantime we unhook its top-level user-mode entries. */ #if GUEST_PAGING_LEVELS == 3 -static void sh_pagetable_dying(paddr_t gpa) +static void cf_check sh_pagetable_dying(paddr_t gpa) { struct vcpu *v = current; struct domain *d = v->domain; @@ -3833,7 +3831,7 @@ out_put_gfn: put_gfn(d, l3gfn); } #else -static void sh_pagetable_dying(paddr_t gpa) +static void cf_check sh_pagetable_dying(paddr_t gpa) { struct vcpu *v = current; struct domain *d = v->domain; @@ -3932,7 +3930,7 @@ static const char *sh_audit_flags(struct vcpu *v, int level, return NULL; } -int sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) +int cf_check sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) { guest_l1e_t *gl1e, *gp; shadow_l1e_t *sl1e; @@ -4000,7 +3998,7 @@ int sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) return done; } -int sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) +int cf_check sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) { guest_l1e_t *gl1e, e; shadow_l1e_t *sl1e; @@ -4026,7 +4024,7 @@ int sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) return 0; } -int sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) +int cf_check sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) { struct domain *d = v->domain; guest_l2e_t *gl2e, *gp; @@ -4078,7 +4076,7 @@ int sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) } #if GUEST_PAGING_LEVELS >= 4 -int sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) +int cf_check sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) { struct domain *d = v->domain; guest_l3e_t *gl3e, *gp; @@ -4126,7 +4124,7 @@ int sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) return 0; } -int sh_audit_l4_table(struct vcpu *v, mfn_t sl4mfn, mfn_t x) +int cf_check sh_audit_l4_table(struct vcpu *v, mfn_t sl4mfn, mfn_t x) { struct domain *d = v->domain; guest_l4e_t *gl4e, *gp; diff --git a/xen/arch/x86/mm/shadow/multi.h b/xen/arch/x86/mm/shadow/multi.h index 0bd6a2d5b7..5bcd6ae1a8 100644 --- a/xen/arch/x86/mm/shadow/multi.h +++ b/xen/arch/x86/mm/shadow/multi.h @@ -59,10 +59,10 @@ extern void SHADOW_INTERNAL_NAME(sh_unhook_64b_mappings, GUEST_LEVELS) (struct domain *d, mfn_t sl4mfn, int user_only); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_rm_write_access_from_l1, GUEST_LEVELS) (struct domain *d, mfn_t sl1mfn, mfn_t readonly_mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_rm_mappings_from_l1, GUEST_LEVELS) (struct domain *d, mfn_t sl1mfn, mfn_t target_mfn); @@ -70,30 +70,30 @@ extern void SHADOW_INTERNAL_NAME(sh_clear_shadow_entry, GUEST_LEVELS) (struct domain *d, void *ep, mfn_t smfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l1_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l2_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l3_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn); #if SHADOW_AUDIT & SHADOW_AUDIT_ENTRIES -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l1_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl1mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_fl1_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl1mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l2_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl2mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l3_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl3mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l4_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl4mfn, mfn_t x); #endif diff --git a/xen/arch/x86/mm/shadow/none.c b/xen/arch/x86/mm/shadow/none.c index 463a0e3e89..eaaa874b11 100644 --- a/xen/arch/x86/mm/shadow/none.c +++ b/xen/arch/x86/mm/shadow/none.c @@ -30,34 +30,34 @@ int shadow_domain_init(struct domain *d) return is_hvm_domain(d) ? -EOPNOTSUPP : 0; } -static int _page_fault(struct vcpu *v, unsigned long va, - struct cpu_user_regs *regs) +static int cf_check _page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { ASSERT_UNREACHABLE(); return 0; } -static bool _invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check _invlpg(struct vcpu *v, unsigned long linear) { ASSERT_UNREACHABLE(); return true; } #ifdef CONFIG_HVM -static unsigned long _gva_to_gfn(struct vcpu *v, struct p2m_domain *p2m, - unsigned long va, uint32_t *pfec) +static unsigned long cf_check _gva_to_gfn( + struct vcpu *v, struct p2m_domain *p2m, unsigned long va, uint32_t *pfec) { ASSERT_UNREACHABLE(); return gfn_x(INVALID_GFN); } #endif -static void _update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check _update_cr3(struct vcpu *v, int do_locking, bool noflush) { ASSERT_UNREACHABLE(); } -static void _update_paging_modes(struct vcpu *v) +static void cf_check _update_paging_modes(struct vcpu *v) { ASSERT_UNREACHABLE(); } diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h index e4db8d3254..3dc024e30f 100644 --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -420,15 +420,15 @@ static inline int sh_remove_write_access(struct domain *d, mfn_t readonly_mfn, #endif /* Functions that atomically write PV guest PT entries */ -void sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, - mfn_t gmfn); -intpte_t sh_cmpxchg_guest_entry(struct vcpu *v, intpte_t *p, intpte_t old, - intpte_t new, mfn_t gmfn); +void cf_check sh_write_guest_entry( + struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn); +intpte_t cf_check sh_cmpxchg_guest_entry( + struct vcpu *v, intpte_t *p, intpte_t old, intpte_t new, mfn_t gmfn); /* Update all the things that are derived from the guest's CR0/CR3/CR4. * Called to initialize paging structures if the paging mode * has changed, and when bringing up a VCPU for the first time. */ -void shadow_update_paging_modes(struct vcpu *v); +void cf_check shadow_update_paging_modes(struct vcpu *v); /* Unhook the non-Xen mappings in this top-level shadow mfn. * With user_only == 1, unhooks only the user-mode mappings. */ @@ -922,7 +922,7 @@ static inline int sh_check_page_has_no_refs(struct page_info *page) } /* Flush the TLB of the selected vCPUs. */ -bool shadow_flush_tlb(const unsigned long *vcpu_bitmap); +bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap); #endif /* _XEN_SHADOW_PRIVATE_H */ diff --git a/xen/arch/x86/mm/shadow/pv.c b/xen/arch/x86/mm/shadow/pv.c index f51f980f26..ed10d5479c 100644 --- a/xen/arch/x86/mm/shadow/pv.c +++ b/xen/arch/x86/mm/shadow/pv.c @@ -28,7 +28,7 @@ * Write a new value into the guest pagetable, and update the shadows * appropriately. */ -void +void cf_check sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn) { paging_lock(v->domain); @@ -42,7 +42,7 @@ sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn) * appropriately. Returns the previous entry found, which the caller is * expected to check to see if the cmpxchg was successful. */ -intpte_t +intpte_t cf_check sh_cmpxchg_guest_entry(struct vcpu *v, intpte_t *p, intpte_t old, intpte_t new, mfn_t gmfn) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277633.474324 (Exim 4.92) (envelope-from ) id 1nMuM1-00066d-TU; Wed, 23 Feb 2022 16:19:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277633.474324; Wed, 23 Feb 2022 16:19:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuM1-00066R-Q7; Wed, 23 Feb 2022 16:19:01 +0000 Received: by outflank-mailman (input) for mailman id 277633; Wed, 23 Feb 2022 16:19:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuM0-00066J-Sm for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuM0-0005KV-S7 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuM0-0004A2-RN for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/cJt88dJmti9cBqY/YHnQH0krDfHhtNEwwKKGLjPjdQ=; b=s0hI2/IzbXCJ9R5WZE93KVHmt5 eYl4DXEtXPIH3IDmtx49/5tmqFb5K8KmFyvWxM+D+LzH3a1J58bIeC0DA4IT2tkUtLozMbzNfj5w4 cEH1qONSHy4CfK3oY9zFEXhlnyr1DXf1476zrnp2njz8EydxRCjnwTm5kzvgZHyqfiic=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hap: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:00 +0000 commit b0331a678e07eb5cd9da4b1b1e784e1f37b91a23 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:44:02 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hap: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/guest_walk.c | 4 ++-- xen/arch/x86/mm/hap/hap.c | 21 +++++++++++---------- xen/arch/x86/mm/hap/private.h | 30 ++++++++++++------------------ 3 files changed, 25 insertions(+), 30 deletions(-) diff --git a/xen/arch/x86/mm/hap/guest_walk.c b/xen/arch/x86/mm/hap/guest_walk.c index 832a805847..1da8d3b99e 100644 --- a/xen/arch/x86/mm/hap/guest_walk.c +++ b/xen/arch/x86/mm/hap/guest_walk.c @@ -36,14 +36,14 @@ #include #include -unsigned long hap_gva_to_gfn(GUEST_PAGING_LEVELS)( +unsigned long cf_check hap_gva_to_gfn(GUEST_PAGING_LEVELS)( struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec) { unsigned long cr3 = v->arch.hvm.guest_cr[3]; return hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)(v, p2m, cr3, gva, pfec, NULL); } -unsigned long hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)( +unsigned long cf_check hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)( struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order) { diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index ed5112b00b..9d67a47f5f 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -268,7 +268,7 @@ static void hap_free(struct domain *d, mfn_t mfn) page_list_add_tail(pg, &d->arch.paging.hap.freelist); } -static struct page_info *hap_alloc_p2m_page(struct domain *d) +static struct page_info *cf_check hap_alloc_p2m_page(struct domain *d) { struct page_info *pg; @@ -294,7 +294,7 @@ static struct page_info *hap_alloc_p2m_page(struct domain *d) return pg; } -static void hap_free_p2m_page(struct domain *d, struct page_info *pg) +static void cf_check hap_free_p2m_page(struct domain *d, struct page_info *pg) { struct domain *owner = page_get_owner(pg); @@ -662,8 +662,8 @@ void hap_vcpu_init(struct vcpu *v) * HAP guests can handle page faults (in the guest page tables) without * needing any action from Xen, so we should not be intercepting them. */ -static int hap_page_fault(struct vcpu *v, unsigned long va, - struct cpu_user_regs *regs) +static int cf_check hap_page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { struct domain *d = v->domain; @@ -677,7 +677,7 @@ static int hap_page_fault(struct vcpu *v, unsigned long va, * should not be intercepting it. However, we need to correctly handle * getting here from instruction emulation. */ -static bool_t hap_invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check hap_invlpg(struct vcpu *v, unsigned long linear) { /* * Emulate INVLPGA: @@ -690,7 +690,8 @@ static bool_t hap_invlpg(struct vcpu *v, unsigned long linear) return 1; } -static void hap_update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check hap_update_cr3( + struct vcpu *v, int do_locking, bool noflush) { v->arch.hvm.hw_cr[3] = v->arch.hvm.guest_cr[3]; hvm_update_guest_cr3(v, noflush); @@ -702,7 +703,7 @@ static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap) } /* Flush TLB of selected vCPUs. NULL for all. */ -static bool flush_tlb(const unsigned long *vcpu_bitmap) +static bool cf_check flush_tlb(const unsigned long *vcpu_bitmap) { static DEFINE_PER_CPU(cpumask_t, flush_cpumask); cpumask_t *mask = &this_cpu(flush_cpumask); @@ -747,7 +748,7 @@ hap_paging_get_mode(struct vcpu *v) &hap_paging_protected_mode); } -static void hap_update_paging_modes(struct vcpu *v) +static void cf_check hap_update_paging_modes(struct vcpu *v) { struct domain *d = v->domain; unsigned long cr3_gfn = v->arch.hvm.guest_cr[3] >> PAGE_SHIFT; @@ -791,13 +792,13 @@ void hap_p2m_init(struct p2m_domain *p2m) p2m->write_p2m_entry_post = hap_write_p2m_entry_post; } -static unsigned long hap_gva_to_gfn_real_mode( +static unsigned long cf_check hap_gva_to_gfn_real_mode( struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec) { return ((paddr_t)gva >> PAGE_SHIFT); } -static unsigned long hap_p2m_ga_to_gfn_real_mode( +static unsigned long cf_check hap_p2m_ga_to_gfn_real_mode( struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order) { diff --git a/xen/arch/x86/mm/hap/private.h b/xen/arch/x86/mm/hap/private.h index 973fbe8be5..1040eaf69f 100644 --- a/xen/arch/x86/mm/hap/private.h +++ b/xen/arch/x86/mm/hap/private.h @@ -24,27 +24,21 @@ /********************************************/ /* GUEST TRANSLATION FUNCS */ /********************************************/ -unsigned long hap_gva_to_gfn_2_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); -unsigned long hap_gva_to_gfn_3_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); -unsigned long hap_gva_to_gfn_4_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_2_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_3_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_4_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); -unsigned long hap_p2m_ga_to_gfn_2_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_2_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); -unsigned long hap_p2m_ga_to_gfn_3_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_3_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); -unsigned long hap_p2m_ga_to_gfn_4_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_4_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); #endif /* __HAP_PRIVATE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277634.474327 (Exim 4.92) (envelope-from ) id 1nMuMC-00069Z-Ud; Wed, 23 Feb 2022 16:19:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277634.474327; Wed, 23 Feb 2022 16:19:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMC-00069R-Ri; Wed, 23 Feb 2022 16:19:12 +0000 Received: by outflank-mailman (input) for mailman id 277634; Wed, 23 Feb 2022 16:19:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMA-00069B-WA for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMA-0005Kp-VV for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:10 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuMA-0004B6-Um for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:10 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y3LhXpdRbdKY7EkABz78WaGMp7CU28AM8slVsDVNE7Y=; b=T4TEk8Y2AvOlzSPGQYseE6/6J6 Zr8keYsUVjOHf1FHNla/HHTM0cHd3Iw2sHc4L32xRcFCvtXQFXZYaH/rFsyalYRt3VwhaUtZSDpZM LuMgA50cDyYHQYf6mEet3sIe/WfkAN7Qn4Eyx5+sXemBQJh32ply/RHyYP8ADoVdPpi4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/p2m: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:10 +0000 commit 84667b15cdb7d7039f179e9160950a944f9b41e0 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:47:59 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/p2m: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/p2m.h | 4 ++-- xen/arch/x86/mm/hap/hap.c | 2 +- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm/p2m-ept.c | 32 +++++++++++++++----------------- xen/arch/x86/mm/p2m-pt.c | 19 +++++++++---------- 5 files changed, 28 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 6e2206874d..7873744263 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -820,8 +820,8 @@ void np2m_flush_base(struct vcpu *v, unsigned long np2m_base); void hap_p2m_init(struct p2m_domain *p2m); void shadow_p2m_init(struct p2m_domain *p2m); -void nestedp2m_write_p2m_entry_post(struct p2m_domain *p2m, - unsigned int oflags); +void cf_check nestedp2m_write_p2m_entry_post( + struct p2m_domain *p2m, unsigned int oflags); /* * Alternate p2m: shadow p2m tables used for alternate memory views diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 9d67a47f5f..c19e337d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -778,7 +778,7 @@ static void cf_check hap_update_paging_modes(struct vcpu *v) put_gfn(d, cr3_gfn); } -static void +static void cf_check hap_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { struct domain *d = p2m->domain; diff --git a/xen/arch/x86/mm/hap/nested_hap.c b/xen/arch/x86/mm/hap/nested_hap.c index d8a7b3b401..dbe5ad23a1 100644 --- a/xen/arch/x86/mm/hap/nested_hap.c +++ b/xen/arch/x86/mm/hap/nested_hap.c @@ -71,7 +71,7 @@ /* NESTED VIRT P2M FUNCTIONS */ /********************************************/ -void +void cf_check nestedp2m_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { if ( oflags & _PAGE_PRESENT ) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index a8a6ad6295..70a401c3a7 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -624,7 +624,7 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, * - zero if no adjustment was done, * - a positive value if at least one adjustment was done. */ -static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) +static int cf_check resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) { struct ept_data *ept = &p2m->ept; unsigned int level = ept->wl; @@ -793,7 +793,7 @@ bool_t ept_handle_misconfig(uint64_t gpa) * * Returns: 0 for success, -errno for failure */ -static int +static int cf_check ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, unsigned int order, p2m_type_t p2mt, p2m_access_t p2ma, int sve) @@ -1002,10 +1002,9 @@ out: } /* Read ept p2m entries */ -static mfn_t ept_get_entry(struct p2m_domain *p2m, - gfn_t gfn_, p2m_type_t *t, p2m_access_t* a, - p2m_query_t q, unsigned int *page_order, - bool_t *sve) +static mfn_t cf_check ept_get_entry( + struct p2m_domain *p2m, gfn_t gfn_, p2m_type_t *t, p2m_access_t *a, + p2m_query_t q, unsigned int *page_order, bool *sve) { ept_entry_t *table = map_domain_page(pagetable_get_mfn(p2m_get_pagetable(p2m))); @@ -1165,8 +1164,8 @@ out: return; } -static void ept_change_entry_type_global(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt) +static void cf_check ept_change_entry_type_global( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { unsigned long mfn = p2m->ept.mfn; @@ -1177,10 +1176,9 @@ static void ept_change_entry_type_global(struct p2m_domain *p2m, ept_sync_domain(p2m); } -static int ept_change_entry_type_range(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt, - unsigned long first_gfn, - unsigned long last_gfn) +static int cf_check ept_change_entry_type_range( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt, + unsigned long first_gfn, unsigned long last_gfn) { unsigned int i, wl = p2m->ept.wl; unsigned long mask = (1 << EPT_TABLE_ORDER) - 1; @@ -1224,7 +1222,7 @@ static int ept_change_entry_type_range(struct p2m_domain *p2m, return rc < 0 ? rc : 0; } -static void ept_memory_type_changed(struct p2m_domain *p2m) +static void cf_check ept_memory_type_changed(struct p2m_domain *p2m) { unsigned long mfn = p2m->ept.mfn; @@ -1283,7 +1281,7 @@ void ept_sync_domain(struct p2m_domain *p2m) ept_sync_domain_mask(p2m, d->dirty_cpumask); } -static void ept_tlb_flush(struct p2m_domain *p2m) +static void cf_check ept_tlb_flush(struct p2m_domain *p2m) { ept_sync_domain_mask(p2m, p2m->domain->dirty_cpumask); } @@ -1346,7 +1344,7 @@ static void ept_disable_pml(struct p2m_domain *p2m) vmx_domain_update_eptp(p2m->domain); } -static void ept_enable_hardware_log_dirty(struct p2m_domain *p2m) +static void cf_check ept_enable_hardware_log_dirty(struct p2m_domain *p2m) { struct p2m_domain *hostp2m = p2m_get_hostp2m(p2m->domain); @@ -1355,7 +1353,7 @@ static void ept_enable_hardware_log_dirty(struct p2m_domain *p2m) p2m_unlock(hostp2m); } -static void ept_disable_hardware_log_dirty(struct p2m_domain *p2m) +static void cf_check ept_disable_hardware_log_dirty(struct p2m_domain *p2m) { struct p2m_domain *hostp2m = p2m_get_hostp2m(p2m->domain); @@ -1364,7 +1362,7 @@ static void ept_disable_hardware_log_dirty(struct p2m_domain *p2m) p2m_unlock(hostp2m); } -static void ept_flush_pml_buffers(struct p2m_domain *p2m) +static void cf_check ept_flush_pml_buffers(struct p2m_domain *p2m) { /* Domain must have been paused */ ASSERT(atomic_read(&p2m->domain->pause_count)); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index ef3f8e02a4..eaba2b0fb4 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -399,7 +399,7 @@ static int p2m_pt_set_recalc_range(struct p2m_domain *p2m, * GFN. Propagate the re-calculation flag down to the next page table level * for entries not involved in the translation of the given GFN. */ -static int do_recalc(struct p2m_domain *p2m, unsigned long gfn) +static int cf_check do_recalc(struct p2m_domain *p2m, unsigned long gfn) { void *table; unsigned long gfn_remainder = gfn; @@ -573,7 +573,7 @@ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, } /* Returns: 0 for success, -errno for failure */ -static int +static int cf_check p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma, int sve) @@ -774,7 +774,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, return rc; } -static mfn_t +static mfn_t cf_check p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t *sve) @@ -943,8 +943,8 @@ pod_retry_l1: return (p2m_is_valid(*t) || p2m_is_any_ram(*t)) ? mfn : INVALID_MFN; } -static void p2m_pt_change_entry_type_global(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt) +static void cf_check p2m_pt_change_entry_type_global( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { l1_pgentry_t *tab; unsigned long gfn = 0; @@ -983,10 +983,9 @@ static void p2m_pt_change_entry_type_global(struct p2m_domain *p2m, guest_flush_tlb_mask(d, d->dirty_cpumask); } -static int p2m_pt_change_entry_type_range(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt, - unsigned long first_gfn, - unsigned long last_gfn) +static int cf_check p2m_pt_change_entry_type_range( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt, + unsigned long first_gfn, unsigned long last_gfn) { unsigned long mask = (1 << PAGETABLE_ORDER) - 1; unsigned int i; @@ -1025,7 +1024,7 @@ static int p2m_pt_change_entry_type_range(struct p2m_domain *p2m, } #if P2M_AUDIT -static long p2m_pt_audit_p2m(struct p2m_domain *p2m) +static long cf_check p2m_pt_audit_p2m(struct p2m_domain *p2m) { unsigned long entry_count = 0, pmbad = 0; unsigned long mfn, gfn, m2pfn; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277635.474332 (Exim 4.92) (envelope-from ) id 1nMuMN-0006CF-0X; Wed, 23 Feb 2022 16:19:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277635.474332; Wed, 23 Feb 2022 16:19:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMM-0006C7-TI; Wed, 23 Feb 2022 16:19:22 +0000 Received: by outflank-mailman (input) for mailman id 277635; Wed, 23 Feb 2022 16:19:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuML-0006Bt-3p for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuML-0005L8-36 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuML-0004Bh-2C for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DAvcQfqs5QZqtfPRAKir7zHu3IgQPGVbplIe1nhZl78=; b=cAkbx1L9QGbTPqJ/mRVcIs2loX tWiBF4I0VBhK0dl87cRVmzxYaLyr3Xud0b9np6XjDS6KIbXHOguDbxd9lM9c6g5JkPnTiTSldsOMD 1ig2sa3yNzvwlAYvvrEr2sAhQGFxsPHOqRavyjcDMSU+OpdJkvDRX9wAikmdWusyQvjg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/irq: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:21 +0000 commit 287f541c6e0a47904b4ee2908746d2279eceef6d Author: Andrew Cooper AuthorDate: Fri Oct 29 18:45:59 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/irq: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hpet.c | 11 ++++++----- xen/arch/x86/i8259.c | 10 +++++----- xen/arch/x86/include/asm/irq.h | 8 ++++---- xen/arch/x86/include/asm/msi.h | 8 ++++---- xen/arch/x86/io_apic.c | 24 ++++++++++++------------ xen/arch/x86/irq.c | 6 +++--- xen/arch/x86/msi.c | 14 +++++++------- xen/common/irq.c | 6 +++--- xen/drivers/passthrough/amd/iommu_init.c | 15 ++++++++------- xen/drivers/passthrough/vtd/iommu.c | 13 +++++++------ xen/include/xen/irq.h | 6 +++--- 11 files changed, 62 insertions(+), 59 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 1632993f72..19cab52587 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -253,7 +253,7 @@ static void cf_check hpet_interrupt_handler( ch->event_handler(ch); } -static void hpet_msi_unmask(struct irq_desc *desc) +static void cf_check hpet_msi_unmask(struct irq_desc *desc) { u32 cfg; struct hpet_event_channel *ch = desc->action->dev_id; @@ -264,7 +264,7 @@ static void hpet_msi_unmask(struct irq_desc *desc) ch->msi.msi_attrib.host_masked = 0; } -static void hpet_msi_mask(struct irq_desc *desc) +static void cf_check hpet_msi_mask(struct irq_desc *desc) { u32 cfg; struct hpet_event_channel *ch = desc->action->dev_id; @@ -293,7 +293,7 @@ static int hpet_msi_write(struct hpet_event_channel *ch, struct msi_msg *msg) return 0; } -static unsigned int hpet_msi_startup(struct irq_desc *desc) +static unsigned int cf_check hpet_msi_startup(struct irq_desc *desc) { hpet_msi_unmask(desc); return 0; @@ -301,14 +301,15 @@ static unsigned int hpet_msi_startup(struct irq_desc *desc) #define hpet_msi_shutdown hpet_msi_mask -static void hpet_msi_ack(struct irq_desc *desc) +static void cf_check hpet_msi_ack(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); ack_APIC_irq(); } -static void hpet_msi_set_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check hpet_msi_set_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct hpet_event_channel *ch = desc->action->dev_id; struct msi_msg msg = ch->msi.msg; diff --git a/xen/arch/x86/i8259.c b/xen/arch/x86/i8259.c index b389bb2176..6b35be10f0 100644 --- a/xen/arch/x86/i8259.c +++ b/xen/arch/x86/i8259.c @@ -40,18 +40,18 @@ bool bogus_8259A_irq(unsigned int irq) return _mask_and_ack_8259A_irq(irq); } -static void mask_and_ack_8259A_irq(struct irq_desc *desc) +static void cf_check mask_and_ack_8259A_irq(struct irq_desc *desc) { _mask_and_ack_8259A_irq(desc->irq); } -static unsigned int startup_8259A_irq(struct irq_desc *desc) +static unsigned int cf_check startup_8259A_irq(struct irq_desc *desc) { enable_8259A_irq(desc); return 0; /* never anything pending */ } -static void end_8259A_irq(struct irq_desc *desc, u8 vector) +static void cf_check end_8259A_irq(struct irq_desc *desc, u8 vector) { if (!(desc->status & (IRQ_DISABLED|IRQ_INPROGRESS))) enable_8259A_irq(desc); @@ -108,12 +108,12 @@ static void _disable_8259A_irq(unsigned int irq) spin_unlock_irqrestore(&i8259A_lock, flags); } -void disable_8259A_irq(struct irq_desc *desc) +void cf_check disable_8259A_irq(struct irq_desc *desc) { _disable_8259A_irq(desc->irq); } -void enable_8259A_irq(struct irq_desc *desc) +void cf_check enable_8259A_irq(struct irq_desc *desc) { unsigned int mask = ~(1 << desc->irq); unsigned long flags; diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index b3f49abc55..76e6ed6d60 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -111,8 +111,8 @@ void alloc_direct_apic_vector( void do_IRQ(struct cpu_user_regs *regs); -void disable_8259A_irq(struct irq_desc *); -void enable_8259A_irq(struct irq_desc *); +void cf_check disable_8259A_irq(struct irq_desc *); +void cf_check enable_8259A_irq(struct irq_desc *); int i8259A_irq_pending(unsigned int irq); void mask_8259A(void); void unmask_8259A(void); @@ -173,7 +173,7 @@ int create_irq(nodeid_t node, bool grant_access); void destroy_irq(unsigned int irq); int assign_irq_vector(int irq, const cpumask_t *); -extern void irq_complete_move(struct irq_desc *); +void cf_check irq_complete_move(struct irq_desc *); extern struct irq_desc *irq_desc; @@ -187,7 +187,7 @@ void move_masked_irq(struct irq_desc *); int bind_irq_vector(int irq, int vector, const cpumask_t *); -void end_nonmaskable_irq(struct irq_desc *, uint8_t vector); +void cf_check end_nonmaskable_irq(struct irq_desc *, uint8_t vector); void irq_set_affinity(struct irq_desc *, const cpumask_t *mask); int init_domain_irq_mapping(struct domain *); diff --git a/xen/arch/x86/include/asm/msi.h b/xen/arch/x86/include/asm/msi.h index e228b0f3f3..117379318f 100644 --- a/xen/arch/x86/include/asm/msi.h +++ b/xen/arch/x86/include/asm/msi.h @@ -247,10 +247,10 @@ void early_msi_init(void); void msi_compose_msg(unsigned vector, const cpumask_t *mask, struct msi_msg *msg); void __msi_set_enable(u16 seg, u8 bus, u8 slot, u8 func, int pos, int enable); -void mask_msi_irq(struct irq_desc *); -void unmask_msi_irq(struct irq_desc *); +void cf_check mask_msi_irq(struct irq_desc *); +void cf_check unmask_msi_irq(struct irq_desc *); void guest_mask_msi_irq(struct irq_desc *, bool mask); -void ack_nonmaskable_msi_irq(struct irq_desc *); -void set_msi_affinity(struct irq_desc *, const cpumask_t *); +void cf_check ack_nonmaskable_msi_irq(struct irq_desc *); +void cf_check set_msi_affinity(struct irq_desc *, const cpumask_t *); #endif /* __ASM_MSI_H */ diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 4c5eaef862..c086f40f63 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -473,7 +473,7 @@ static void __level_IO_APIC_irq (unsigned int irq) modify_IO_APIC_irq(irq, IO_APIC_REDIR_LEVEL_TRIGGER, 0); } -static void mask_IO_APIC_irq(struct irq_desc *desc) +static void cf_check mask_IO_APIC_irq(struct irq_desc *desc) { unsigned long flags; @@ -482,7 +482,7 @@ static void mask_IO_APIC_irq(struct irq_desc *desc) spin_unlock_irqrestore(&ioapic_lock, flags); } -static void unmask_IO_APIC_irq(struct irq_desc *desc) +static void cf_check unmask_IO_APIC_irq(struct irq_desc *desc) { unsigned long flags; @@ -567,7 +567,7 @@ static void clear_IO_APIC (void) } } -static void +static void cf_check set_ioapic_affinity_irq(struct irq_desc *desc, const cpumask_t *mask) { unsigned int dest; @@ -1547,7 +1547,7 @@ static int __init timer_irq_works(void) * This is not complete - we should be able to fake * an edge even if it isn't on the 8259A... */ -static unsigned int startup_edge_ioapic_irq(struct irq_desc *desc) +static unsigned int cf_check startup_edge_ioapic_irq(struct irq_desc *desc) { int was_pending = 0; unsigned long flags; @@ -1569,7 +1569,7 @@ static unsigned int startup_edge_ioapic_irq(struct irq_desc *desc) * interrupt for real. This prevents IRQ storms from unhandled * devices. */ -static void ack_edge_ioapic_irq(struct irq_desc *desc) +static void cf_check ack_edge_ioapic_irq(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); @@ -1594,7 +1594,7 @@ static void ack_edge_ioapic_irq(struct irq_desc *desc) * generic IRQ layer and by the fact that an unacked local * APIC does not accept IRQs. */ -static unsigned int startup_level_ioapic_irq(struct irq_desc *desc) +static unsigned int cf_check startup_level_ioapic_irq(struct irq_desc *desc) { unmask_IO_APIC_irq(desc); @@ -1652,7 +1652,7 @@ static bool io_apic_level_ack_pending(unsigned int irq) return 0; } -static void mask_and_ack_level_ioapic_irq(struct irq_desc *desc) +static void cf_check mask_and_ack_level_ioapic_irq(struct irq_desc *desc) { unsigned long v; int i; @@ -1702,7 +1702,7 @@ static void mask_and_ack_level_ioapic_irq(struct irq_desc *desc) } } -static void end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) +static void cf_check end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) { if ( directed_eoi_enabled ) { @@ -1723,7 +1723,7 @@ static void end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) unmask_IO_APIC_irq(desc); } -static void end_level_ioapic_irq_new(struct irq_desc *desc, u8 vector) +static void cf_check end_level_ioapic_irq_new(struct irq_desc *desc, u8 vector) { /* * It appears there is an erratum which affects at least version 0x11 @@ -1807,7 +1807,7 @@ static inline void init_IO_APIC_traps(void) make_8259A_irq(irq); } -static void enable_lapic_irq(struct irq_desc *desc) +static void cf_check enable_lapic_irq(struct irq_desc *desc) { unsigned long v; @@ -1815,7 +1815,7 @@ static void enable_lapic_irq(struct irq_desc *desc) apic_write(APIC_LVT0, v & ~APIC_LVT_MASKED); } -static void disable_lapic_irq(struct irq_desc *desc) +static void cf_check disable_lapic_irq(struct irq_desc *desc) { unsigned long v; @@ -1823,7 +1823,7 @@ static void disable_lapic_irq(struct irq_desc *desc) apic_write(APIC_LVT0, v | APIC_LVT_MASKED); } -static void ack_lapic_irq(struct irq_desc *desc) +static void cf_check ack_lapic_irq(struct irq_desc *desc) { ack_APIC_irq(); } diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 61e09a356f..285ac399fb 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -468,7 +468,7 @@ int __init init_irq_data(void) return 0; } -static void ack_none(struct irq_desc *desc) +static void cf_check ack_none(struct irq_desc *desc) { ack_bad_irq(desc->irq); } @@ -832,7 +832,7 @@ static void send_cleanup_vector(struct irq_desc *desc) desc->arch.move_in_progress = 0; } -void irq_complete_move(struct irq_desc *desc) +void cf_check irq_complete_move(struct irq_desc *desc) { unsigned vector, me; @@ -1086,7 +1086,7 @@ bool cpu_has_pending_apic_eoi(void) return pending_eoi_sp(this_cpu(pending_eoi)) != 0; } -void end_nonmaskable_irq(struct irq_desc *desc, uint8_t vector) +void cf_check end_nonmaskable_irq(struct irq_desc *desc, uint8_t vector) { struct pending_eoi *peoi = this_cpu(pending_eoi); unsigned int sp = pending_eoi_sp(peoi); diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 77a4fbf13f..b32b1378f8 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -241,7 +241,7 @@ static int write_msi_msg(struct msi_desc *entry, struct msi_msg *msg) return 0; } -void set_msi_affinity(struct irq_desc *desc, const cpumask_t *mask) +void cf_check set_msi_affinity(struct irq_desc *desc, const cpumask_t *mask) { struct msi_msg msg; unsigned int dest; @@ -416,14 +416,14 @@ static int msi_get_mask_bit(const struct msi_desc *entry) return -1; } -void mask_msi_irq(struct irq_desc *desc) +void cf_check mask_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 1, desc->msi_desc->msi_attrib.guest_masked)) ) BUG_ON(!(desc->status & IRQ_DISABLED)); } -void unmask_msi_irq(struct irq_desc *desc) +void cf_check unmask_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 0, desc->msi_desc->msi_attrib.guest_masked)) ) @@ -435,26 +435,26 @@ void guest_mask_msi_irq(struct irq_desc *desc, bool mask) msi_set_mask_bit(desc, desc->msi_desc->msi_attrib.host_masked, mask); } -static unsigned int startup_msi_irq(struct irq_desc *desc) +static unsigned int cf_check startup_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 0, !!(desc->status & IRQ_GUEST))) ) WARN(); return 0; } -static void shutdown_msi_irq(struct irq_desc *desc) +static void cf_check shutdown_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 1, 1)) ) BUG_ON(!(desc->status & IRQ_DISABLED)); } -void ack_nonmaskable_msi_irq(struct irq_desc *desc) +void cf_check ack_nonmaskable_msi_irq(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); } -static void ack_maskable_msi_irq(struct irq_desc *desc) +static void cf_check ack_maskable_msi_irq(struct irq_desc *desc) { ack_nonmaskable_msi_irq(desc); ack_APIC_irq(); /* ACKTYPE_NONE */ diff --git a/xen/common/irq.c b/xen/common/irq.c index f42512db33..727cf8bd22 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -27,15 +27,15 @@ int init_one_irq_desc(struct irq_desc *desc) return err; } -void no_action(int cpl, void *dev_id, struct cpu_user_regs *regs) +void cf_check no_action(int cpl, void *dev_id, struct cpu_user_regs *regs) { } -void irq_actor_none(struct irq_desc *desc) +void cf_check irq_actor_none(struct irq_desc *desc) { } -unsigned int irq_startup_none(struct irq_desc *desc) +unsigned int cf_check irq_startup_none(struct irq_desc *desc) { return 0; } diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index d2ad282e93..657c7f619a 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -410,7 +410,7 @@ static void amd_iommu_msi_enable(struct amd_iommu *iommu, int flag) PCI_FUNC(iommu->bdf), iommu->msi.msi_attrib.pos, flag); } -static void iommu_msi_unmask(struct irq_desc *desc) +static void cf_check iommu_msi_unmask(struct irq_desc *desc) { unsigned long flags; struct amd_iommu *iommu = desc->action->dev_id; @@ -421,7 +421,7 @@ static void iommu_msi_unmask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 0; } -static void iommu_msi_mask(struct irq_desc *desc) +static void cf_check iommu_msi_mask(struct irq_desc *desc) { unsigned long flags; struct amd_iommu *iommu = desc->action->dev_id; @@ -434,13 +434,13 @@ static void iommu_msi_mask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 1; } -static unsigned int iommu_msi_startup(struct irq_desc *desc) +static unsigned int cf_check iommu_msi_startup(struct irq_desc *desc) { iommu_msi_unmask(desc); return 0; } -static void iommu_msi_end(struct irq_desc *desc, u8 vector) +static void cf_check iommu_msi_end(struct irq_desc *desc, u8 vector) { iommu_msi_unmask(desc); end_nonmaskable_irq(desc, vector); @@ -458,14 +458,14 @@ static hw_irq_controller iommu_msi_type = { .set_affinity = set_msi_affinity, }; -static unsigned int iommu_maskable_msi_startup(struct irq_desc *desc) +static unsigned int cf_check iommu_maskable_msi_startup(struct irq_desc *desc) { iommu_msi_unmask(desc); unmask_msi_irq(desc); return 0; } -static void iommu_maskable_msi_shutdown(struct irq_desc *desc) +static void cf_check iommu_maskable_msi_shutdown(struct irq_desc *desc) { mask_msi_irq(desc); iommu_msi_mask(desc); @@ -489,7 +489,8 @@ static hw_irq_controller iommu_maskable_msi_type = { .set_affinity = set_msi_affinity, }; -static void set_x2apic_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check set_x2apic_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct amd_iommu *iommu = desc->action->dev_id; unsigned int dest = set_desc_affinity(desc, mask); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f2a5a4b4e4..56968a06a1 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1080,7 +1080,7 @@ static void cf_check iommu_page_fault( tasklet_schedule(&vtd_fault_tasklet); } -static void dma_msi_unmask(struct irq_desc *desc) +static void cf_check dma_msi_unmask(struct irq_desc *desc) { struct vtd_iommu *iommu = desc->action->dev_id; unsigned long flags; @@ -1095,7 +1095,7 @@ static void dma_msi_unmask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 0; } -static void dma_msi_mask(struct irq_desc *desc) +static void cf_check dma_msi_mask(struct irq_desc *desc) { unsigned long flags; struct vtd_iommu *iommu = desc->action->dev_id; @@ -1110,26 +1110,27 @@ static void dma_msi_mask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 1; } -static unsigned int dma_msi_startup(struct irq_desc *desc) +static unsigned int cf_check dma_msi_startup(struct irq_desc *desc) { dma_msi_unmask(desc); return 0; } -static void dma_msi_ack(struct irq_desc *desc) +static void cf_check dma_msi_ack(struct irq_desc *desc) { irq_complete_move(desc); dma_msi_mask(desc); move_masked_irq(desc); } -static void dma_msi_end(struct irq_desc *desc, u8 vector) +static void cf_check dma_msi_end(struct irq_desc *desc, u8 vector) { dma_msi_unmask(desc); end_nonmaskable_irq(desc, vector); } -static void dma_msi_set_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check dma_msi_set_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct msi_msg msg; unsigned int dest; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 43d567fe44..d8beadd16b 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -116,9 +116,9 @@ extern int request_irq(unsigned int irq, unsigned int irqflags, const char * devname, void *dev_id); extern hw_irq_controller no_irq_type; -extern void no_action(int cpl, void *dev_id, struct cpu_user_regs *regs); -extern unsigned int irq_startup_none(struct irq_desc *); -extern void irq_actor_none(struct irq_desc *); +void cf_check no_action(int cpl, void *dev_id, struct cpu_user_regs *regs); +unsigned int cf_check irq_startup_none(struct irq_desc *); +void cf_check irq_actor_none(struct irq_desc *); #define irq_shutdown_none irq_actor_none #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277636.474336 (Exim 4.92) (envelope-from ) id 1nMuMX-0006Fm-35; Wed, 23 Feb 2022 16:19:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277636.474336; Wed, 23 Feb 2022 16:19:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMX-0006Fe-0F; Wed, 23 Feb 2022 16:19:33 +0000 Received: by outflank-mailman (input) for mailman id 277636; Wed, 23 Feb 2022 16:19:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMV-0006F4-6u for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMV-0005LI-6D for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuMV-0004CA-5T for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dk8V5yNTHWMRRTjP+SHsb6id/Kr+jNOiT5MIJ81Kh/A=; b=VKRDHXIVZFXfDDfdHUyN+ivCUW a9K42RFV+qyxsG8umdXZp5Dnk1mWw+OJ4EEqPraSnHGUhahZX4avMuax7iijpwQD8P4jNjzh+ACjD Cy6lxq4RLeQaFwu1o2GIzXJAYCGwPH//5OH3FJzT0LClh4VxBW0rUhow6eynM/9BEvFs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/apei: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:31 +0000 commit c028bde9a6960b440e537dbde2c0327fce7f4955 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:37:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/apei: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/acpi/apei/apei-base.c | 32 ++++++++++---------- xen/drivers/acpi/apei/apei-internal.h | 20 ++++++------ xen/drivers/acpi/apei/erst.c | 57 +++++++++++++++++------------------ 3 files changed, 54 insertions(+), 55 deletions(-) diff --git a/xen/drivers/acpi/apei/apei-base.c b/xen/drivers/acpi/apei/apei-base.c index 6f81e7fa36..de75c1cef9 100644 --- a/xen/drivers/acpi/apei/apei-base.c +++ b/xen/drivers/acpi/apei/apei-base.c @@ -80,8 +80,8 @@ int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val) return 0; } -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val = 0; @@ -94,8 +94,8 @@ int apei_exec_read_register(struct apei_exec_context *ctx, return 0; } -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -126,14 +126,14 @@ int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val) return rc; } -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->value); } -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -143,8 +143,8 @@ int apei_exec_write_register_value(struct apei_exec_context *ctx, return rc; } -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return 0; } @@ -230,9 +230,9 @@ static int __init apei_exec_for_each_entry(struct apei_exec_context *ctx, return 0; } -static int __init pre_map_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check pre_map_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; @@ -259,9 +259,9 @@ int __init apei_exec_pre_map_gars(struct apei_exec_context *ctx) return rc; } -static int __init post_unmap_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check post_unmap_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; diff --git a/xen/drivers/acpi/apei/apei-internal.h b/xen/drivers/acpi/apei/apei-internal.h index b813d55b92..360e94b9c8 100644 --- a/xen/drivers/acpi/apei/apei-internal.h +++ b/xen/drivers/acpi/apei/apei-internal.h @@ -68,16 +68,16 @@ static inline int apei_exec_run_optional(struct apei_exec_context *ctx, u8 actio int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val); int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val); -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); int apei_exec_pre_map_gars(struct apei_exec_context *ctx); int apei_exec_post_unmap_gars(struct apei_exec_context *ctx); diff --git a/xen/drivers/acpi/apei/erst.c b/xen/drivers/acpi/apei/erst.c index c5df512b98..40d8f00270 100644 --- a/xen/drivers/acpi/apei/erst.c +++ b/xen/drivers/acpi/apei/erst.c @@ -114,40 +114,40 @@ static int erst_timedout(u64 *t, u64 spin_unit) return 0; } -static int erst_exec_load_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var1); } -static int erst_exec_load_var2(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var2( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var2); } -static int erst_exec_store_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_store_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->var1); } -static int erst_exec_add(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 += ctx->var2; return 0; } -static int erst_exec_subtract(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 -= ctx->var2; return 0; } -static int erst_exec_add_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -160,8 +160,8 @@ static int erst_exec_add_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_subtract_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -174,8 +174,8 @@ static int erst_exec_subtract_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_stall(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { udelay((ctx->var1 > FIRMWARE_MAX_STALL) ? FIRMWARE_MAX_STALL : @@ -183,8 +183,8 @@ static int erst_exec_stall(struct apei_exec_context *ctx, return 0; } -static int erst_exec_stall_while_true(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall_while_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -205,9 +205,8 @@ static int erst_exec_stall_while_true(struct apei_exec_context *ctx, return 0; } -static int erst_exec_skip_next_instruction_if_true( - struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_skip_next_instruction_if_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -223,27 +222,27 @@ static int erst_exec_skip_next_instruction_if_true( return 0; } -static int erst_exec_goto(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_goto( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->ip = ctx->value; return APEI_EXEC_SET_IP; } -static int erst_exec_set_src_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_src_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->src_base); } -static int erst_exec_set_dst_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_dst_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->dst_base); } -static int erst_exec_move_data(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_move_data( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 offset; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277637.474340 (Exim 4.92) (envelope-from ) id 1nMuMh-0006Ia-4Y; Wed, 23 Feb 2022 16:19:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277637.474340; Wed, 23 Feb 2022 16:19:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMh-0006IS-1i; Wed, 23 Feb 2022 16:19:43 +0000 Received: by outflank-mailman (input) for mailman id 277637; Wed, 23 Feb 2022 16:19:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMf-0006IE-A0 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMf-0005LS-9L for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuMf-0004Ck-8c for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V8bjqA0aDN6QLXVKryYOEJ4TL91xL+MRDGs2YXYlGnM=; b=whb4Tr5DkupwiGaYbFItF9tpj1 nTsjT5XyIto7U/xUmVQkjJbYza5CtMaE+fwxgSRgqw2FeowGgtIC9LeO2wMoe99u6pJ7UkG0sitf4 SDgODkKFvhkMVlSg7kut8OIqPAnLxwRGkfHW20hJRW50JA6YB4LX+aH4LgLvlS31B6ME=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/psr: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:41 +0000 commit ab340ffdd8851e04103fcdb397331e57e69f32ce Author: Andrew Cooper AuthorDate: Fri Oct 29 13:48:47 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/psr: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/psr.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 6c9cabf384..ccb761998f 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -282,7 +282,7 @@ static enum psr_feat_type psr_type_to_feat_type(enum psr_type type) } /* Implementation of allocation features' functions. */ -static bool cat_check_cbm(const struct feat_node *feat, uint32_t *val) +static bool cf_check cat_check_cbm(const struct feat_node *feat, uint32_t *val) { unsigned int first_bit, zero_bit; unsigned int cbm_len = feat->cat.cbm_len; @@ -417,8 +417,8 @@ static bool mba_init_feature(const struct cpuid_leaf *regs, return true; } -static bool cat_get_feat_info(const struct feat_node *feat, - uint32_t data[], unsigned int array_len) +static bool cf_check cat_get_feat_info( + const struct feat_node *feat, uint32_t data[], unsigned int array_len) { if ( array_len != PSR_INFO_ARRAY_SIZE ) return false; @@ -431,8 +431,8 @@ static bool cat_get_feat_info(const struct feat_node *feat, } /* L3 CAT props */ -static void l3_cat_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l3_cat_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_L3_MASK(cos), val); } @@ -447,8 +447,8 @@ static const struct feat_props l3_cat_props = { }; /* L3 CDP props */ -static bool l3_cdp_get_feat_info(const struct feat_node *feat, - uint32_t data[], uint32_t array_len) +static bool cf_check l3_cdp_get_feat_info( + const struct feat_node *feat, uint32_t data[], uint32_t array_len) { if ( !cat_get_feat_info(feat, data, array_len) ) return false; @@ -458,8 +458,8 @@ static bool l3_cdp_get_feat_info(const struct feat_node *feat, return true; } -static void l3_cdp_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l3_cdp_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(((type == PSR_TYPE_L3_DATA) ? MSR_IA32_PSR_L3_MASK_DATA(cos) : @@ -478,8 +478,8 @@ static const struct feat_props l3_cdp_props = { }; /* L2 CAT props */ -static void l2_cat_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l2_cat_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_L2_MASK(cos), val); } @@ -494,8 +494,8 @@ static const struct feat_props l2_cat_props = { }; /* MBA props */ -static bool mba_get_feat_info(const struct feat_node *feat, - uint32_t data[], unsigned int array_len) +static bool cf_check mba_get_feat_info( + const struct feat_node *feat, uint32_t data[], unsigned int array_len) { ASSERT(array_len == PSR_INFO_ARRAY_SIZE); @@ -508,13 +508,14 @@ static bool mba_get_feat_info(const struct feat_node *feat, return true; } -static void mba_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check mba_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_MBA_MASK(cos), val); } -static bool mba_sanitize_thrtl(const struct feat_node *feat, uint32_t *thrtl) +static bool cf_check mba_sanitize_thrtl( + const struct feat_node *feat, uint32_t *thrtl) { /* * Per SDM (chapter "Memory Bandwidth Allocation Configuration"): -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:19:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:19:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277638.474344 (Exim 4.92) (envelope-from ) id 1nMuMr-0006LJ-6B; Wed, 23 Feb 2022 16:19:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277638.474344; Wed, 23 Feb 2022 16:19:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMr-0006LB-35; Wed, 23 Feb 2022 16:19:53 +0000 Received: by outflank-mailman (input) for mailman id 277638; Wed, 23 Feb 2022 16:19:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMp-0006Kp-DL for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:51 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMp-0005Ls-Ci for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:51 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuMp-0004DB-C4 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:19:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g4qCE+t8TJF/dSE7eCj2QTK46P9v60DLYX+Igt2p04I=; b=FQNeSbPjoMy0xQdlYBkOPbQLTD x5+VSYejtEHjXAXkr6tVg299RJvoH+p6P2kV5v3s4ix6YCVsQrv8L9ytuXD7pmZ3w1PJrvaPFzarA 7/8zMmkM1TRuaaFxH//3UvqOwj0wXm84V91LwQR7WTJFgb2yCGxJFJs3DHHnNFRUQ8Ww=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/dpci: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:19:51 +0000 commit 47fa059e4e661c541fc407169411f214c9ab9d6f Author: Andrew Cooper AuthorDate: Fri Oct 29 15:47:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/dpci: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/drivers/passthrough/vtd/x86/hvm.c | 4 ++-- xen/drivers/passthrough/x86/hvm.c | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4cf313a0ad..cdd1529014 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -474,8 +474,8 @@ void hvm_migrate_pirq(struct hvm_pirq_dpci *pirq_dpci, const struct vcpu *v) } } -static int migrate_pirq(struct domain *d, struct hvm_pirq_dpci *pirq_dpci, - void *arg) +static int cf_check migrate_pirq( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { hvm_migrate_pirq(pirq_dpci, arg); diff --git a/xen/drivers/passthrough/vtd/x86/hvm.c b/xen/drivers/passthrough/vtd/x86/hvm.c index b531fe907a..132d252d1c 100644 --- a/xen/drivers/passthrough/vtd/x86/hvm.c +++ b/xen/drivers/passthrough/vtd/x86/hvm.c @@ -21,8 +21,8 @@ #include #include -static int _hvm_dpci_isairq_eoi(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check _hvm_dpci_isairq_eoi( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); unsigned int isairq = (long)arg; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0e3c0f6aee..0f94203af8 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -777,8 +777,8 @@ static void __msi_pirq_eoi(struct hvm_pirq_dpci *pirq_dpci) } } -static int _hvm_dpci_msi_eoi(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check _hvm_dpci_msi_eoi( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { int vector = (long)arg; @@ -947,8 +947,8 @@ unlock: spin_unlock(&d->event_lock); } -static int pci_clean_dpci_irq(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check pci_clean_dpci_irq( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { struct dev_intx_gsi_link *digl, *tmp; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277639.474349 (Exim 4.92) (envelope-from ) id 1nMuN1-0006f2-8Z; Wed, 23 Feb 2022 16:20:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277639.474349; Wed, 23 Feb 2022 16:20:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuN1-0006eY-4a; Wed, 23 Feb 2022 16:20:03 +0000 Received: by outflank-mailman (input) for mailman id 277639; Wed, 23 Feb 2022 16:20:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMz-0006P0-H3 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuMz-0005ML-GL for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuMz-0004E0-FN for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=El+cj8mMyNVN7O682LEhfNwLmm8hEB0sSAQWmJWlzks=; b=n01+87tggdI581AqNE125EJW9E iMcmOfqa5PHTu145HKPqKmALJjG3ak8v+v6hlejUJczvlqC7v35oNoHWr2KZVv+/6EIOLa5plsSn2 PWpzUoPw3zIe0yESyO/t8egoNVO9obLBAjPL3C/w9NX1bMT0FMjT0hdgyb5H0nTvHKpM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pt: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:20:01 +0000 commit e236fb0798f46d1c15bacdc1d52dc906c74e0ff8 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:47:47 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/pt: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/emul-i8254.c | 2 +- xen/arch/x86/hvm/hpet.c | 2 +- xen/arch/x86/hvm/rtc.c | 2 +- xen/arch/x86/hvm/vlapic.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index d170f464d9..18894b6348 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -156,7 +156,7 @@ static int pit_get_gate(PITState *pit, int channel) return pit->hw.channels[channel].gate; } -static void pit_time_fired(struct vcpu *v, void *priv) +static void cf_check pit_time_fired(struct vcpu *v, void *priv) { uint64_t *count_load_time = priv; TRACE_0D(TRC_HVM_EMUL_PIT_TIMER_CB); diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index ed512fa65b..45c7b9b406 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -219,7 +219,7 @@ static void hpet_stop_timer(HPETState *h, unsigned int tn, hpet_get_comparator(h, tn, guest_time); } -static void hpet_timer_fired(struct vcpu *v, void *data) +static void cf_check hpet_timer_fired(struct vcpu *v, void *data) { unsigned int tn = (unsigned long)data; HPETState *h = vcpu_vhpet(v); diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index ed397276fa..d21925db08 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -81,7 +81,7 @@ static void rtc_update_irq(RTCState *s) /* Called by the VPT code after it's injected a PF interrupt for us. * Fix up the register state to reflect what happened. */ -static void rtc_pf_callback(struct vcpu *v, void *opaque) +static void cf_check rtc_pf_callback(struct vcpu *v, void *opaque) { RTCState *s = opaque; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index d4e29ef1ff..49be9c8ea4 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -691,13 +691,13 @@ int guest_rdmsr_x2apic(const struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_OKAY; } -static void vlapic_pt_cb(struct vcpu *v, void *data) +static void cf_check vlapic_pt_cb(struct vcpu *v, void *data) { TRACE_0D(TRC_HVM_EMUL_LAPIC_TIMER_CB); *(s_time_t *)data = hvm_get_guest_time(v); } -static void vlapic_tdt_pt_cb(struct vcpu *v, void *data) +static void cf_check vlapic_tdt_pt_cb(struct vcpu *v, void *data) { *(s_time_t *)data = hvm_get_guest_time(v); vcpu_vlapic(v)->hw.tdt_msr = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277640.474352 (Exim 4.92) (envelope-from ) id 1nMuNB-0007Ch-9N; Wed, 23 Feb 2022 16:20:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277640.474352; Wed, 23 Feb 2022 16:20:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNB-0007CZ-60; Wed, 23 Feb 2022 16:20:13 +0000 Received: by outflank-mailman (input) for mailman id 277640; Wed, 23 Feb 2022 16:20:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuN9-0007CH-KI for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuN9-0005O6-JZ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuN9-0004FJ-Iu for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q5goSxfinHKK6h5QIaO98cfxnwobD9BfuT7zUKcoEpc=; b=VUSRE0BUWLKQDSXtlUgYdD8w9C kSX01iNNa2oh04F/Ocd+xBVsObpQ6VVfNcDDTRNH3p8zSUCIbO/LN5ajKXQSdlHFx9nCmvtU1E34N leZmOJOM9AltVlUZayU64i7EeoUi5Tk3YCFhifj/eZq9Dc1KHwadWq5Cb9kOHjJVR7BE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/time: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:20:11 +0000 commit 031ea741c27e3534dd8b7eb6283234d0af6a7d3f Author: Andrew Cooper AuthorDate: Fri Oct 29 17:40:17 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/time: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hpet.c | 8 ++++---- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 33 +++++++++++++++++---------------- 3 files changed, 23 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 19cab52587..bc164dd82c 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -193,7 +193,7 @@ static void evt_do_broadcast(cpumask_t *mask) cpumask_raise_softirq(mask, TIMER_SOFTIRQ); } -static void handle_hpet_broadcast(struct hpet_event_channel *ch) +static void cf_check handle_hpet_broadcast(struct hpet_event_channel *ch) { cpumask_t mask; s_time_t now, next_event; @@ -550,7 +550,7 @@ static void hpet_detach_channel(unsigned int cpu, void (*__read_mostly pv_rtc_handler)(uint8_t index, uint8_t value); -static void handle_rtc_once(uint8_t index, uint8_t value) +static void cf_check handle_rtc_once(uint8_t index, uint8_t value) { if ( index != RTC_REG_B ) return; @@ -563,7 +563,7 @@ static void handle_rtc_once(uint8_t index, uint8_t value) } } -void __init hpet_broadcast_init(void) +void __init cf_check hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void hpet_broadcast_resume(void) +void cf_check hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index f343fe4740..9919f74730 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void hpet_broadcast_init(void); -void hpet_broadcast_resume(void); +void cf_check hpet_broadcast_init(void); +void cf_check hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index d5ec58a360..c005388e32 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -309,7 +309,7 @@ static uint64_t adjust_elapsed(uint64_t elapsed, uint32_t actual, * PLATFORM TIMER 1: PROGRAMMABLE INTERVAL TIMER (LEGACY PIT) */ -static u64 read_pit_count(void) +static u64 cf_check read_pit_count(void) { u16 count16; u32 count32; @@ -328,7 +328,7 @@ static u64 read_pit_count(void) return count32; } -static s64 __init init_pit(struct platform_timesource *pts) +static s64 __init cf_check init_pit(struct platform_timesource *pts) { u8 portb = inb(0x61); u64 start, end; @@ -366,7 +366,7 @@ static s64 __init init_pit(struct platform_timesource *pts) return (end - start) * CALIBRATE_FRAC; } -static void resume_pit(struct platform_timesource *pts) +static void cf_check resume_pit(struct platform_timesource *pts) { /* Set CTC channel 2 to mode 0 again; initial value does not matter. */ outb(0xb0, PIT_MODE); /* binary, mode 0, LSB/MSB, Ch 2 */ @@ -389,12 +389,12 @@ static struct platform_timesource __initdata plt_pit = * PLATFORM TIMER 2: HIGH PRECISION EVENT TIMER (HPET) */ -static u64 read_hpet_count(void) +static u64 cf_check read_hpet_count(void) { return hpet_read32(HPET_COUNTER); } -static int64_t __init init_hpet(struct platform_timesource *pts) +static int64_t __init cf_check init_hpet(struct platform_timesource *pts) { uint64_t hpet_rate, start; uint32_t count, target, elapsed; @@ -477,7 +477,7 @@ static int64_t __init init_hpet(struct platform_timesource *pts) return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); } -static void resume_hpet(struct platform_timesource *pts) +static void cf_check resume_hpet(struct platform_timesource *pts) { hpet_resume(NULL); } @@ -502,12 +502,12 @@ unsigned int __initdata pmtmr_width; /* ACPI PM timer ticks at 3.579545 MHz. */ #define ACPI_PM_FREQUENCY 3579545 -static u64 read_pmtimer_count(void) +static u64 cf_check read_pmtimer_count(void) { return inl(pmtmr_ioport); } -static s64 __init init_pmtimer(struct platform_timesource *pts) +static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) { uint64_t start; uint32_t count, target, mask, elapsed; @@ -562,7 +562,7 @@ static unsigned int __initdata tsc_flags; * Called in verify_tsc_reliability() under reliable TSC conditions * thus reusing all the checks already performed there. */ -static s64 __init init_tsc(struct platform_timesource *pts) +static s64 __init cf_check init_tsc(struct platform_timesource *pts) { u64 ret = pts->frequency; @@ -584,7 +584,7 @@ static s64 __init init_tsc(struct platform_timesource *pts) return ret; } -static u64 read_tsc(void) +static u64 cf_check read_tsc(void) { return rdtsc_ordered(); } @@ -625,7 +625,7 @@ static uint64_t xen_timer_cpu_frequency(void) return freq; } -static int64_t __init init_xen_timer(struct platform_timesource *pts) +static int64_t __init cf_check init_xen_timer(struct platform_timesource *pts) { if ( !xen_guest ) return 0; @@ -646,7 +646,7 @@ static always_inline uint64_t read_cycle(const struct vcpu_time_info *info, return info->system_time + offset; } -static uint64_t read_xen_timer(void) +static uint64_t cf_check read_xen_timer(void) { struct vcpu_time_info *info = &this_cpu(vcpu_info)->time; uint32_t version; @@ -675,7 +675,7 @@ static uint64_t read_xen_timer(void) return ret; } -static void resume_xen_timer(struct platform_timesource *pts) +static void cf_check resume_xen_timer(struct platform_timesource *pts) { write_atomic(&xen_timer_last, 0); } @@ -701,7 +701,8 @@ static struct platform_timesource __initdata plt_xen_timer = static struct ms_hyperv_tsc_page *hyperv_tsc; static struct page_info *hyperv_tsc_page; -static int64_t __init init_hyperv_timer(struct platform_timesource *pts) +static int64_t __init cf_check init_hyperv_timer( + struct platform_timesource *pts) { paddr_t maddr; uint64_t tsc_msr, freq; @@ -744,7 +745,7 @@ static int64_t __init init_hyperv_timer(struct platform_timesource *pts) return freq; } -static uint64_t read_hyperv_timer(void) +static uint64_t cf_check read_hyperv_timer(void) { uint64_t scale, ret, tsc; int64_t offset; @@ -1720,7 +1721,7 @@ time_calibration_rendezvous_tail(const struct calibration_rendezvous *r, * Keep TSCs in sync when they run at the same rate, but may stop in * deep-sleep C states. */ -static void time_calibration_tsc_rendezvous(void *_r) +static void cf_check time_calibration_tsc_rendezvous(void *_r) { int i; struct calibration_rendezvous *r = _r; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277641.474356 (Exim 4.92) (envelope-from ) id 1nMuNL-0007G2-C2; Wed, 23 Feb 2022 16:20:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277641.474356; Wed, 23 Feb 2022 16:20:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNL-0007Fu-94; Wed, 23 Feb 2022 16:20:23 +0000 Received: by outflank-mailman (input) for mailman id 277641; Wed, 23 Feb 2022 16:20:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNJ-0007FV-NV for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNJ-0005OB-Mo for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuNJ-0004Fs-M3 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jwuVX3b0QLIAM9zYMZEMLAhCV2TvNg+PDLqkW0RY+N4=; b=cRrziUWShXlXpk0ouovvBdT6af w5AObigfrMO+JOjIszdVHY0bglmJ8RKg7062j9ERx6SOxE9bpDofWSF11Kruxrp6BYeCXr1Cqpc8r rB4KXi6QfxQEnaOHZFwG5zm/EtCr+nyM0qyrsrWc16bpsLu3kCiSbwnR9SHPrEpabDSY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/misc: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:20:21 +0000 commit 07d6c4fa3e329a91767d0230f21da53a4ec84a95 Author: Andrew Cooper AuthorDate: Thu Oct 28 12:31:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/misc: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/extable.c | 4 ++-- xen/common/efi/boot.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 51ef863d78..4d1875585f 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -23,7 +23,7 @@ static inline unsigned long ex_cont(const struct exception_table_entry *x) return EX_FIELD(x, cont); } -static int init_or_livepatch cmp_ex(const void *a, const void *b) +static int init_or_livepatch cf_check cmp_ex(const void *a, const void *b) { const struct exception_table_entry *l = a, *r = b; unsigned long lip = ex_addr(l); @@ -37,7 +37,7 @@ static int init_or_livepatch cmp_ex(const void *a, const void *b) return 0; } -static void init_or_livepatch swap_ex(void *a, void *b, size_t size) +static void init_or_livepatch cf_check swap_ex(void *a, void *b, size_t size) { struct exception_table_entry *l = a, *r = b, tmp; long delta = b - a; diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index f31f68fd4c..4dd5ea6a06 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1497,7 +1497,7 @@ static __init void copy_mapping(unsigned long mfn, unsigned long end, unmap_domain_page(l3dst); } -static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check ram_range_valid(unsigned long smfn, unsigned long emfn) { unsigned long sz = pfn_to_pdx(emfn - 1) / PDX_GROUP_COUNT + 1; @@ -1506,7 +1506,7 @@ static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) pfn_to_pdx(smfn) / PDX_GROUP_COUNT) < sz; } -static bool __init rt_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check rt_range_valid(unsigned long smfn, unsigned long emfn) { return true; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277642.474360 (Exim 4.92) (envelope-from ) id 1nMuNV-0007JA-DM; Wed, 23 Feb 2022 16:20:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277642.474360; Wed, 23 Feb 2022 16:20:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNV-0007J2-AV; Wed, 23 Feb 2022 16:20:33 +0000 Received: by outflank-mailman (input) for mailman id 277642; Wed, 23 Feb 2022 16:20:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNT-0007IZ-RI for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNT-0005ON-Qa for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuNT-0004GM-Pq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jhZRnIvL9uSfdASS6R+dgn3XDqQgM91hf5knSMa8Kfw=; b=RIz4Hgv33UUMTJYtqYo5B9nWIy nT05NG7n3t9BbXDKi2KCIJ3GeWWgSL69JnLr1HGuIbu6233lLcJZh0eAYVyeffOq5gSPM0lk03lDb vEvYxF4kTc61ipJVM5/8nZvcTbq0rDQ8QpPXyhTeM85NxOI2sba2dxJUCJJKoCNTi+aI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/stack: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:20:31 +0000 commit 954bb07fdb5fadf7e341f84c90e950ae9dbbabbf Author: Andrew Cooper AuthorDate: Fri Oct 29 18:04:02 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/stack: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The function typecheck in switch_stack_and_jump() is incompatible with control flow typechecking. It's ok for reset_stack_and_jump_ind(), but for reset_stack_and_jump(), it would force us to endbr64 the targets which are branched to directly. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/domain.c | 6 +++--- xen/arch/x86/hvm/svm/svm.c | 6 +++--- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 8 ++++---- xen/arch/x86/include/asm/current.h | 6 ++++-- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 2 +- xen/arch/x86/include/asm/pv/domain.h | 4 ++-- xen/arch/x86/pv/domain.c | 2 +- xen/arch/x86/x86_64/entry.S | 1 + 9 files changed, 20 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 55df2a23f8..a5048ed654 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -132,7 +132,7 @@ void play_dead(void) dead_idle(); } -static void noreturn idle_loop(void) +static void noreturn cf_check idle_loop(void) { unsigned int cpu = smp_processor_id(); /* @@ -1791,7 +1791,7 @@ static void save_segments(struct vcpu *v) } } -void paravirt_ctxt_switch_from(struct vcpu *v) +void cf_check paravirt_ctxt_switch_from(struct vcpu *v) { save_segments(v); @@ -1805,7 +1805,7 @@ void paravirt_ctxt_switch_from(struct vcpu *v) write_debugreg(7, 0); } -void paravirt_ctxt_switch_to(struct vcpu *v) +void cf_check paravirt_ctxt_switch_to(struct vcpu *v) { root_pgentry_t *root_pgt = this_cpu(root_pgt); diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index dedb2848e6..63535a74b5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -944,7 +944,7 @@ static inline void svm_tsc_ratio_load(struct vcpu *v) wrmsrl(MSR_AMD64_TSC_RATIO, hvm_tsc_scaling_ratio(v->domain)); } -static void svm_ctxt_switch_from(struct vcpu *v) +static void cf_check svm_ctxt_switch_from(struct vcpu *v) { int cpu = smp_processor_id(); @@ -969,7 +969,7 @@ static void svm_ctxt_switch_from(struct vcpu *v) enable_each_ist(idt_tables[cpu]); } -static void svm_ctxt_switch_to(struct vcpu *v) +static void cf_check svm_ctxt_switch_to(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; int cpu = smp_processor_id(); @@ -996,7 +996,7 @@ static void svm_ctxt_switch_to(struct vcpu *v) wrmsr_tsc_aux(v->arch.msrs->tsc_aux); } -static void noreturn svm_do_resume(void) +static void noreturn cf_check svm_do_resume(void) { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 60b506ac3f..e1e1fa14e6 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1865,7 +1865,7 @@ void vmx_vmentry_failure(void) void noreturn vmx_asm_do_vmentry(void); -void vmx_do_resume(void) +void cf_check vmx_do_resume(void) { struct vcpu *v = current; bool_t debug_state; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 2c4804f9b8..41db538a9e 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -63,8 +63,8 @@ static bool_t __initdata opt_force_ept; boolean_param("force-ept", opt_force_ept); -static void vmx_ctxt_switch_from(struct vcpu *v); -static void vmx_ctxt_switch_to(struct vcpu *v); +static void cf_check vmx_ctxt_switch_from(struct vcpu *v); +static void cf_check vmx_ctxt_switch_to(struct vcpu *v); static int alloc_vlapic_mapping(void); static void vmx_install_vlapic_mapping(struct vcpu *v); @@ -907,7 +907,7 @@ static void cf_check vmx_fpu_leave(struct vcpu *v) } } -static void vmx_ctxt_switch_from(struct vcpu *v) +static void cf_check vmx_ctxt_switch_from(struct vcpu *v) { /* * Return early if trying to do a context switch without VMX enabled, @@ -939,7 +939,7 @@ static void vmx_ctxt_switch_from(struct vcpu *v) vmx_pi_switch_from(v); } -static void vmx_ctxt_switch_to(struct vcpu *v) +static void cf_check vmx_ctxt_switch_to(struct vcpu *v) { vmx_restore_guest_msrs(v); vmx_restore_dr(v); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index dc0edd9ed0..da5e152a10 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -173,7 +173,6 @@ unsigned long get_stack_dump_bottom (unsigned long sp); #define switch_stack_and_jump(fn, instr, constr) \ ({ \ unsigned int tmp; \ - (void)((fn) == (void (*)(void))NULL); \ BUILD_BUG_ON(!ssaj_has_attr_noreturn(fn)); \ __asm__ __volatile__ ( \ SHADOW_STACK_WORK \ @@ -198,7 +197,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); /* The constraint may only specify non-call-clobbered registers. */ #define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") + ({ \ + (void)((fn) == (void (*)(void))NULL); \ + switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + }) /* * Which VCPU's state is currently running on each CPU? diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 5284fe931f..c2ebdd6864 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -93,7 +93,7 @@ typedef enum { void vmx_asm_vmexit_handler(struct cpu_user_regs); void vmx_intr_assist(void); -void noreturn vmx_do_resume(void); +void noreturn cf_check vmx_do_resume(void); void vmx_vlapic_msr_changed(struct vcpu *v); struct hvm_emulate_ctxt; void vmx_realmode_emulate_one(struct hvm_emulate_ctxt *hvmemul_ctxt); diff --git a/xen/arch/x86/include/asm/pv/domain.h b/xen/arch/x86/include/asm/pv/domain.h index 6b16da9d18..924508bbb4 100644 --- a/xen/arch/x86/include/asm/pv/domain.h +++ b/xen/arch/x86/include/asm/pv/domain.h @@ -118,8 +118,8 @@ static inline void pv_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #endif /* CONFIG_PV */ -void paravirt_ctxt_switch_from(struct vcpu *v); -void paravirt_ctxt_switch_to(struct vcpu *v); +void cf_check paravirt_ctxt_switch_from(struct vcpu *v); +void cf_check paravirt_ctxt_switch_to(struct vcpu *v); #endif /* __X86_PV_DOMAIN_H__ */ diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 55146c15c8..f94f28c8e2 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -351,7 +351,7 @@ void pv_domain_destroy(struct domain *d) FREE_XENHEAP_PAGE(d->arch.pv.gdt_ldt_l1tab); } -void noreturn continue_pv_domain(void); +void noreturn cf_check continue_pv_domain(void); int pv_domain_initialise(struct domain *d) { diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 3eaf0e67b2..8494b97a54 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -625,6 +625,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277643.474364 (Exim 4.92) (envelope-from ) id 1nMuNe-0007Ls-Eu; Wed, 23 Feb 2022 16:20:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277643.474364; Wed, 23 Feb 2022 16:20:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNe-0007Lj-Bx; Wed, 23 Feb 2022 16:20:42 +0000 Received: by outflank-mailman (input) for mailman id 277643; Wed, 23 Feb 2022 16:20:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNd-0007Ld-UU for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNd-0005OR-Tq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuNd-0004HY-T4 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DK3n/WMwWG7S5uYxkkLlUVAQaPFrn8iQQ6ylfazkKv8=; b=LVDJSegRIoc/JBqJ719kNmfTOj d3quJqSoa6dfHvWbKZP25xLfVG3KVEJkK6AxOIhJdvmQKtRsG8xxEAe1EXSUiS/dTjOP9FzfU56Sp D443ntAJaSFRTXrHsHwoV7z/6tyJNxk8wGaLg6W4r+CbhALI/owEryNuQ/9EIt8yf/Ho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/bugframe: CFI hardening Message-Id: Date: Wed, 23 Feb 2022 16:20:41 +0000 commit 640ce8af9cd09a13c68fa3472f498de022606df3 Author: Andrew Cooper AuthorDate: Tue Nov 2 20:58:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/bugframe: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. run_in_exception_handler() managed to escape typechecking, as the compiler can't see where function pointer gets called. After adding some ad-hoc typechecking, it turns out that dump_execution_state() alone differs in const-ness from the other users of run_in_exception_handler(). Introduce a new show_execution_state_nonconst() to make the typechecking happy. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/bug.h | 10 +++++++++- xen/arch/x86/include/asm/processor.h | 4 +++- xen/arch/x86/traps.c | 5 +++++ xen/common/keyhandler.c | 4 ++-- xen/drivers/char/ehci-dbgp.c | 2 +- xen/drivers/char/ns16550.c | 2 +- xen/include/xen/lib.h | 2 +- 7 files changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/bug.h b/xen/arch/x86/include/asm/bug.h index 9bb4a19420..b7265bdfbe 100644 --- a/xen/arch/x86/include/asm/bug.h +++ b/xen/arch/x86/include/asm/bug.h @@ -65,7 +65,15 @@ struct bug_frame { unreachable(); \ } while (0) -#define run_in_exception_handler(fn) BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL) +/* + * TODO: untangle header dependences, break BUILD_BUG_ON() out of xen/lib.h, + * and use a real static inline here to get proper type checking of fn(). + */ +#define run_in_exception_handler(fn) \ + do { \ + (void)((fn) == (void (*)(struct cpu_user_regs *))NULL); \ + BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL); \ + } while ( 0 ) #define assert_failed(msg) do { \ BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \ diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index 23639d5479..8e2816fae9 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -496,7 +496,9 @@ void show_code(const struct cpu_user_regs *regs); void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs); void show_registers(const struct cpu_user_regs *regs); void show_execution_state(const struct cpu_user_regs *regs); -#define dump_execution_state() run_in_exception_handler(show_execution_state) +void cf_check show_execution_state_nonconst(struct cpu_user_regs *regs); +#define dump_execution_state() \ + run_in_exception_handler(show_execution_state_nonconst) void show_page_walk(unsigned long addr); void noreturn fatal_trap(const struct cpu_user_regs *regs, bool_t show_remote); diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 7b95710193..a2278d9499 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -681,6 +681,11 @@ void show_execution_state(const struct cpu_user_regs *regs) console_unlock_recursive_irqrestore(flags); } +void cf_check show_execution_state_nonconst(struct cpu_user_regs *regs) +{ + show_execution_state(regs); +} + void vcpu_show_execution_state(struct vcpu *v) { unsigned long flags = 0; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 5dc650a37c..b6e22d8120 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -138,7 +138,7 @@ static void cf_check show_handlers(unsigned char key) static cpumask_t dump_execstate_mask; -void dump_execstate(struct cpu_user_regs *regs) +void cf_check dump_execstate(struct cpu_user_regs *regs) { unsigned int cpu = smp_processor_id(); @@ -490,7 +490,7 @@ static void cf_check run_all_keyhandlers( tasklet_schedule(&run_all_keyhandlers_tasklet); } -static void do_debugger_trap_fatal(struct cpu_user_regs *regs) +static void cf_check do_debugger_trap_fatal(struct cpu_user_regs *regs) { (void)debugger_trap_fatal(0xf001, regs); diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index e205c0da6a..16c8ff394d 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1247,7 +1247,7 @@ static int cf_check ehci_dbgp_getc(struct serial_port *port, char *pc) /* Safe: ehci_dbgp_poll() runs as timer handler, so not reentrant. */ static struct serial_port *poll_port; -static void _ehci_dbgp_poll(struct cpu_user_regs *regs) +static void cf_check _ehci_dbgp_poll(struct cpu_user_regs *regs) { struct serial_port *port = poll_port; struct ehci_dbgp *dbgp = port->uart; diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 8df1ee4d5c..e5b4a90855 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -206,7 +206,7 @@ static void cf_check ns16550_interrupt( /* Safe: ns16550_poll() runs as softirq so not reentrant on a given CPU. */ static DEFINE_PER_CPU(struct serial_port *, poll_port); -static void __ns16550_poll(struct cpu_user_regs *regs) +static void cf_check __ns16550_poll(struct cpu_user_regs *regs) { struct serial_port *port = this_cpu(poll_port); struct ns16550 *uart = port->uart; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index aea60d2927..bf6470a2e7 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -199,7 +199,7 @@ extern char *print_tainted(char *str); extern void add_taint(unsigned int taint); struct cpu_user_regs; -void dump_execstate(struct cpu_user_regs *); +void cf_check dump_execstate(struct cpu_user_regs *); void init_constructors(void); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:20:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:20:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277644.474368 (Exim 4.92) (envelope-from ) id 1nMuNo-0007Og-GJ; Wed, 23 Feb 2022 16:20:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277644.474368; Wed, 23 Feb 2022 16:20:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNo-0007OY-DR; Wed, 23 Feb 2022 16:20:52 +0000 Received: by outflank-mailman (input) for mailman id 277644; Wed, 23 Feb 2022 16:20:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNo-0007OS-1H for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNo-0005Or-0a for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuNn-0004ID-WB for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:20:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6arigvw/vQO4IlcS+P///d7XQM2I7KBafodYF5Knrbk=; b=BnAr2aGGQqNujjM9gZ/Bjmbh2s BYtPrFOOEySWhRq9EtFix1xE/O0JQYmQrz8a40BHLYSJtZURuN1Z3Hfy1SfY072YAyMTyxcZcJZMO HGxdjro6wXn2zzHvtEIgYXdCP/aLiuBtNx0PURakKdJKA9/ERDNswKraNByzSeo9EnXA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Use control flow typechecking where possible Message-Id: Date: Wed, 23 Feb 2022 16:20:51 +0000 commit 5d59421815d57f437fccea6ac516c2d23a35bbdb Author: Andrew Cooper AuthorDate: Thu Nov 11 13:09:19 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Use control flow typechecking where possible Now all indirect branch targets have been annotated, turn on typechecking to catch issues in the future. This extension isn't in a released version of GCC yet, so provide a container to use with the extension included, and add it to CI. RANDCONFIG is necessary because some stubs for compiled-out subsystems are used as function pointer targets. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- automation/build/debian/buster-gcc-ibt.dockerfile | 66 +++++++++++++++++++++++ automation/gitlab-ci/build.yaml | 6 +++ automation/scripts/containerize | 1 + xen/arch/x86/arch.mk | 1 + 4 files changed, 74 insertions(+) diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile b/automation/build/debian/buster-gcc-ibt.dockerfile new file mode 100644 index 0000000000..441d9a9ab3 --- /dev/null +++ b/automation/build/debian/buster-gcc-ibt.dockerfile @@ -0,0 +1,66 @@ +FROM debian:buster-slim AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + build-essential \ + flex \ + libc6-dev-i386 \ + libgmp-dev \ + libisl-dev \ + libmpc-dev \ + libmpfr-dev \ + patch \ + wget + +RUN mkdir /build +WORKDIR /build + +RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz -O - | tar xJ --strip=1 +RUN wget -q https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch -O - | patch -p1 +RUN ./configure \ + --prefix=/opt/gcc-11-ibt \ + --enable-languages=c \ + --disable-nls \ + --disable-threads \ + --disable-bootstrap \ + --disable-shared \ + --disable-libmudflap \ + --disable-libssp \ + --disable-libgomp \ + --disable-decimal-float \ + --disable-libquadmath \ + --disable-libatomic \ + --disable-libcc1 \ + --disable-libmpx +RUN make -j`nproc` && make -j`nproc` install + + +FROM debian:buster-slim +COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt + +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV PATH="/opt/gcc-11-ibt/bin:${PATH}" + +RUN mkdir /build +WORKDIR /build + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + checkpolicy \ + flex \ + gawk \ + make \ + python3 \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index fdd5c76582..cc36428cf5 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -294,6 +294,12 @@ debian-stretch-32-gcc-debug: variables: CONTAINER: debian:stretch-i386 +debian-buster-gcc-ibt: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:buster-gcc-ibt + RANDCONFIG: y + debian-unstable-clang: extends: .clang-x86-64-build variables: diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 7682ccd347..8992c67278 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -33,6 +33,7 @@ case "_${CONTAINER}" in _focal) CONTAINER="${BASE}/ubuntu:focal" ;; _jessie) CONTAINER="${BASE}/debian:jessie" ;; _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; + _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;; _unstable|_) CONTAINER="${BASE}/debian:unstable" ;; _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;; _xenial) CONTAINER="${BASE}/ubuntu:xenial" ;; diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f780c912a9..92fd198110 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -54,6 +54,7 @@ endif ifdef CONFIG_XEN_IBT CFLAGS += -fcf-protection=branch -mmanual-endbr +$(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:02 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:02 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277645.474372 (Exim 4.92) (envelope-from ) id 1nMuNy-0007RU-Hz; Wed, 23 Feb 2022 16:21:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277645.474372; Wed, 23 Feb 2022 16:21:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNy-0007RM-F0; Wed, 23 Feb 2022 16:21:02 +0000 Received: by outflank-mailman (input) for mailman id 277645; Wed, 23 Feb 2022 16:21:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNy-0007RF-4C for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuNy-0005PE-3U for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuNy-0004JH-2m for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UbwonRUqfxcTOycGYKZNwXThuYexzayW0Aw068KL/eQ=; b=cQuUtKMwQqyHValn6sDXzKtb/2 mwEfpzwPfGTIgUR9jj9NlWScjrkqfHxPpqObPbHKeBNs0DrRZ/ZabgzFYTKOsDR/LpbKUpUiaXDag ZVZZ/tucEqCn4NO92QW9/TnMu4/vSyfHlU1I2hKPxwW4ro4s3IePCo7srkLSwq1e0hzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Build check for embedded endbr64 instructions Message-Id: Date: Wed, 23 Feb 2022 16:21:02 +0000 commit 4d037425dccf6c5109d4939a6cd224d846827907 Author: Marek Marczykowski-Górecki AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Build check for embedded endbr64 instructions An interesting corner case occurs when the byte sequence making up endbr64 ends up on a non-instruction boundary. Such embedded instructions mark legal indirect branch targets as far as the CPU is concerned, which aren't legal as far as the logic is concerned. When CET-IBT is active, check for embedded byte sequences. Example failures look like: check-endbr.sh xen-syms Fail: Found 2 embedded endbr64 instructions 0xffff82d040325677: test_endbr64 at /local/xen.git/xen/arch/x86/x86_64/entry.S:28 0xffff82d040352da6: init_done at /local/xen.git/xen/arch/x86/setup.c:675 Signed-off-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- README | 1 + xen/arch/x86/Makefile | 6 ++++ xen/tools/check-endbr.sh | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/README b/README index 562b808080..5e55047ffd 100644 --- a/README +++ b/README @@ -68,6 +68,7 @@ provided by your OS distributor: In addition to the above there are a number of optional build prerequisites. Omitting these will cause the related features to be disabled at compile time: + * Binary-search capable grep (if building Xen with CET support) * Development install of Ocaml (e.g. ocaml-nox and ocaml-findlib). Required to build ocaml components which includes the alternative ocaml xenstored. diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index db97ae8c07..b90146b756 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -142,6 +142,9 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* +ifeq ($(CONFIG_XEN_IBT),y) + $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ +endif $(obj)/note.o: $(TARGET)-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin @@ -212,6 +215,9 @@ endif $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* +ifeq ($(CONFIG_XEN_IBT),y) + $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ +endif else $(TARGET).efi: FORCE rm -f $@ diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh new file mode 100755 index 0000000000..7fbb181b3c --- /dev/null +++ b/xen/tools/check-endbr.sh @@ -0,0 +1,86 @@ +#!/bin/sh +# +# Usage ./$0 xen-syms +# +set -e + +# Pretty-print parameters a little for message +MSG_PFX="${0##*/} ${1##*/}" + +OBJCOPY="${OBJCOPY:-objcopy}" +OBJDUMP="${OBJDUMP:-objdump}" +ADDR2LINE="${ADDR2LINE:-addr2line}" + +D=$(mktemp -d) +trap "rm -rf $D" EXIT + +TEXT_BIN=$D/xen-syms.text +VALID=$D/valid-addrs +ALL=$D/all-addrs +BAD=$D/bad-addrs + +# Check that grep can do binary searches. Some, e.g. busybox, can't. Leave a +# warning but don't fail the build. +echo "X" | grep -aob "X" -q 2>/dev/null || + { echo "$MSG_PFX Warning: grep can't do binary searches" >&2; exit 0; } + +# +# First, look for all the valid endbr64 instructions. +# A worst-case disassembly, viewed through cat -A, may look like: +# +# ffff82d040337bd4 :$ +# ffff82d040337bd4:^If3 0f 1e fa ^Iendbr64 $ +# ffff82d040337bd8:^Ieb fe ^Ijmp ffff82d040337bd8 $ +# ffff82d040337bda:^Ib8 f3 0f 1e fa ^Imov $0xfa1e0ff3,%eax$ +# +# Want to grab the address of endbr64 instructions only, ignoring function +# names/jump labels/etc, so look for 'endbr64' preceded by a tab and with any +# number of trailing spaces before the end of the line. +# +${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & + +# +# Second, look for any endbr64 byte sequence +# This has a couple of complications: +# +# 1) Grep binary search isn't VMA aware. Copy .text out as binary, causing +# the grep offset to be from the start of .text. +# +# 2) dash's printf doesn't understand hex escapes, hence the use of octal. +# +# 3) AWK can't add 64bit integers, because internally all numbers are doubles. +# When the upper bits are set, the exponents worth of precision is lost in +# the lower bits, rounding integers to the nearest 4k. +# +# Instead, use the fact that Xen's .text is within a 1G aligned region, and +# split the VMA in half so AWK's numeric addition is only working on 32 bit +# numbers, which don't lose precision. +# +eval $(${OBJDUMP} -j .text $1 -h | + awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + +${OBJCOPY} -j .text $1 -O binary $TEXT_BIN +grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN | + awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL + +# Wait for $VALID to become complete +wait + +# Sanity check $VALID and $ALL, in case the string parsing bitrots +val_sz=$(stat -c '%s' $VALID) +all_sz=$(stat -c '%s' $ALL) +[ "$val_sz" -eq 0 ] && { echo "$MSG_PFX Error: Empty valid-addrs" >&2; exit 1; } +[ "$all_sz" -eq 0 ] && { echo "$MSG_PFX Error: Empty all-addrs" >&2; exit 1; } +[ "$all_sz" -lt "$val_sz" ] && { echo "$MSG_PFX Error: More valid-addrs than all-addrs" >&2; exit 1; } + +# $BAD = $ALL - $VALID +sort $VALID $ALL | uniq -u > $BAD +nr_bad=$(wc -l < $BAD) + +# Success +[ "$nr_bad" -eq 0 ] && exit 0 + +# Failure +echo "$MSG_PFX Fail: Found ${nr_bad} embedded endbr64 instructions" >&2 +${ADDR2LINE} -afip -e $1 < $BAD >&2 +exit 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277646.474375 (Exim 4.92) (envelope-from ) id 1nMuO9-0007Uf-L4; Wed, 23 Feb 2022 16:21:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277646.474375; Wed, 23 Feb 2022 16:21:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuO9-0007UX-Hx; Wed, 23 Feb 2022 16:21:13 +0000 Received: by outflank-mailman (input) for mailman id 277646; Wed, 23 Feb 2022 16:21:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuO8-0007UK-AJ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuO8-0005PI-6T for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuO8-0004Jk-5j for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=C6NigdwZgCYDXd/jR1Ivy3d//afz6WiZ5InpsjXlthU=; b=IdxuhTteEE9BQ4LmL3dNkz9RQA Spa3OLzbYeFUbMg5xML1r0DJA8pzXOmKoUt7X0WAFvppXmwFeh/ORx+esliSj66H5lpOqI/WHLCp0 HUbAZ96V1GfUSmMPIhBxDBCbgyhzrDDsfHYtliQkMCMvjFW/8pnXXdROSI3TwJLfaD1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Wed, 23 Feb 2022 16:21:12 +0000 commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a9a371336b..f70b326553 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -888,6 +888,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -934,9 +937,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277647.474380 (Exim 4.92) (envelope-from ) id 1nMuOJ-0007XT-MV; Wed, 23 Feb 2022 16:21:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277647.474380; Wed, 23 Feb 2022 16:21:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOJ-0007XL-JY; Wed, 23 Feb 2022 16:21:23 +0000 Received: by outflank-mailman (input) for mailman id 277647; Wed, 23 Feb 2022 16:21:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOI-0007X9-AP for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOI-0005PM-9i for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuOI-0004KM-8t for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jX8GeJSbt0va4fsyy5fisIsP1UH4DERCLZHaF3hoo20=; b=n05pFD/3vjF2qVnBY/aWGUferl Rymtj72tkwfQWLKL3G/eTqIWk+05MtgB3pMBbEIgmIcbLN4cAEjoyYxAT0dOVKa2jQ3ChFOg3VMxS K3upQZFpzKqJwLrnemKOLJSSrjrvNgDbguaPc5GSKi2Ka8St0ZOTUcTr7cY11CsG2VYM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Wed, 23 Feb 2022 16:21:22 +0000 commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 436047abe0..ec24692e95 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -333,9 +333,13 @@ static int __init cf_check nmi_apply_alternatives( */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -345,6 +349,9 @@ static int __init cf_check nmi_apply_alternatives( write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277648.474385 (Exim 4.92) (envelope-from ) id 1nMuOT-0007af-OH; Wed, 23 Feb 2022 16:21:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277648.474385; Wed, 23 Feb 2022 16:21:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOT-0007aV-Kz; Wed, 23 Feb 2022 16:21:33 +0000 Received: by outflank-mailman (input) for mailman id 277648; Wed, 23 Feb 2022 16:21:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOS-0007aH-DJ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOS-0005PW-Cg for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuOS-0004Ky-Bz for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nJXKSl35J8ZG0XfSV4618bf8WVydTEj/N9WDXQ66oL0=; b=aNljf9qrW0mRoykewPehW5XlqK z2HL5/B95cCnuMIvB7zl4yGk5uwy0tFCgUyDCsbMOScFIP80Pg5TThgS2KDNBEzELe3JZwnmVghut CU2gblVAJ5P3zUoQi7bLjRnkgPNeJ6j/H1COX3pwSoO0GIEic/PvfZSrQOdCtXwrc/rs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Wed, 23 Feb 2022 16:21:32 +0000 commit 809beac3e7fdfd20000386453c64a1e2a3d93075 Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index d661d7ffca..edc6820b85 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -293,30 +293,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277649.474387 (Exim 4.92) (envelope-from ) id 1nMuOd-0007dP-PF; Wed, 23 Feb 2022 16:21:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277649.474387; Wed, 23 Feb 2022 16:21:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOd-0007dI-MQ; Wed, 23 Feb 2022 16:21:43 +0000 Received: by outflank-mailman (input) for mailman id 277649; Wed, 23 Feb 2022 16:21:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOc-0007d6-G6 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOc-0005Pg-FT for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuOc-0004LP-Eq for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e7G7VMBfW74DXNCCOJjO7JFNh67g/aWqntNPzaEpJro=; b=N4HyNVv1NXfnzAPqJ6pPiJ42np t8LS4Na6YjYEourbj4A4PfDpRIdRATm05xP5tVw3dVpWsAUjHRaAIe8/yG2tiuJI7gE8XUylb1V7v 66l3tNMUZOeIVdZCG+PtFjWFLNR7Jtckv/EyEEyPLy7ci2yp4sDB4twrl4ffv1A3AzJA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Wed, 23 Feb 2022 16:21:42 +0000 commit 4046ba97446e3974a4411db227263a9f11e0aeb4 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/endbr.h | 55 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/arch/x86/include/asm/endbr.h b/xen/arch/x86/include/asm/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/arch/x86/include/asm/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:21:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:21:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277650.474392 (Exim 4.92) (envelope-from ) id 1nMuOn-0007gD-Qv; Wed, 23 Feb 2022 16:21:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277650.474392; Wed, 23 Feb 2022 16:21:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOn-0007g5-Ny; Wed, 23 Feb 2022 16:21:53 +0000 Received: by outflank-mailman (input) for mailman id 277650; Wed, 23 Feb 2022 16:21:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOm-0007fv-JA for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOm-0005Q6-IT for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuOm-0004Lw-Hi for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:21:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yyDlL34cNVl1qwIppd+JK0lPbfzO732KqyS766wd7eg=; b=X737ij0yFxiLfp3wHR2HgQMlWo NOqT36Onmgp4Csr1GWfjAjghumijVrIBTUUBHARx2g97IhQlDc8WAj1ubxaCZmhv94rD+SheqgnNW 9/T0w82T6wm9MrkBEtbBFi6vuO+8X4nYP2557JODPyZa/tO5Ncr778XTJPiDjacPtdGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Wed, 23 Feb 2022 16:21:52 +0000 commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 4d1875585f..4913c4a6dd 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -129,20 +129,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init cf_check stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index c46c072f93..22b10dec2a 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -111,6 +112,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 60191a94dc..720740f29b 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277651.474396 (Exim 4.92) (envelope-from ) id 1nMuOx-0007j1-Se; Wed, 23 Feb 2022 16:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277651.474396; Wed, 23 Feb 2022 16:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOx-0007it-PW; Wed, 23 Feb 2022 16:22:03 +0000 Received: by outflank-mailman (input) for mailman id 277651; Wed, 23 Feb 2022 16:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOw-0007ih-ME for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuOw-0005QQ-LO for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuOw-0004Mm-Kk for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5mmDvbXuT07ppiCwTuvUnvhMJXgXXgmFiT1GeV21Jps=; b=VFQBs8MVtwMVYa+1e0BSYTnnfe veVTEumMrp1HSpz2LBVQCVl7/zKmY50megLGvEBfSCSxmAJ2O48PeTDtXQGbKjq8U+TwmzDz8jmb3 /B/nRZ4fgQ4iBVbAqhNBWw6L2CunljQ7Jk5k/4Np7O3Ba+Z6osbzDGiyIQ1FtJAHvFoY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Wed, 23 Feb 2022 16:22:02 +0000 commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/entry.S | 18 +++++++++--------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 8494b97a54..9abcf95bd0 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -288,9 +287,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp), %rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 @@ -323,6 +322,7 @@ ENTRY(cstar_enter) jmp switch_to_kernel ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index edc6820b85..fccfb7c172 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -295,6 +296,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -315,10 +322,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277652.474400 (Exim 4.92) (envelope-from ) id 1nMuP7-0007lr-U5; Wed, 23 Feb 2022 16:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277652.474400; Wed, 23 Feb 2022 16:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuP7-0007lj-R5; Wed, 23 Feb 2022 16:22:13 +0000 Received: by outflank-mailman (input) for mailman id 277652; Wed, 23 Feb 2022 16:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuP6-0007la-Pa for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuP6-0005QZ-On for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuP6-0004NO-Nw for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eg/Ukt9vFlHOM7Dpwczuast9HBPAgII3HjTRnRcXuts=; b=5fnhN+YGPD4zZbHhdW2ECv37Bn MJP7krHHKuljcZFxfqIoH4ED0CWBacf5KEKzAdx2VIN7aTh6U533yfMciVT7ROi5ejlTGAequ2XUe TxGSbdVULoyNyF7BtOjyNkAUDL+BXwxDF0Av3vWOaHDAct2CvZKU3ZXsObllwAj527XI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Wed, 23 Feb 2022 16:22:12 +0000 commit e702e36d1d519f4b66086650c1c47d6bac96d4b9 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 30 ++++++++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c84ff7ea64..5fd6dbbd45 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9abcf95bd0..ea6f0afbc2 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -386,6 +386,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -698,6 +699,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -872,75 +874,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -966,6 +984,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -974,6 +993,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -1102,12 +1122,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1136,7 +1158,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1146,7 +1170,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277653.474405 (Exim 4.92) (envelope-from ) id 1nMuPI-0007p4-0w; Wed, 23 Feb 2022 16:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277653.474405; Wed, 23 Feb 2022 16:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPH-0007ow-U0; Wed, 23 Feb 2022 16:22:23 +0000 Received: by outflank-mailman (input) for mailman id 277653; Wed, 23 Feb 2022 16:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPG-0007om-Sl for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPG-0005Qd-S2 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuPG-0004Nt-RG for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=noRLtUeJQFZDSPRfYtthcP6j+sLkLbXWo8qln55d6Ek=; b=Gskn4tfS5o4whKXjksxEXtIqx5 0NU3YJcqtPd6arI4rO9JbD6KB/hkK0ia95FVyO+NoPrIj1kfjy0ygUm+aESARqwQJ9SLNEu0/XTv9 eLT1i40IC9cPqV6rrf7xiMVP+Fpi9fFOcDwEPrwMgtSOwtWo/grnZIge2zwoHKUSBV+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Wed, 23 Feb 2022 16:22:22 +0000 commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/wakeup_prot.S | 38 ++++++++++++++++++++++-------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/include/asm/msr-index.h | 1 + xen/arch/x86/setup.c | 17 +++++++++++++++- 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 27f52e7a77..fa41990dde 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index c383f718f5..003222c0f1 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -190,8 +190,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 9df1959fe5..3e038db618 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -117,6 +117,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index f70b326553..bc11be5ba7 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -670,6 +670,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -693,7 +708,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277654.474408 (Exim 4.92) (envelope-from ) id 1nMuPS-0007sK-2X; Wed, 23 Feb 2022 16:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277654.474408; Wed, 23 Feb 2022 16:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPR-0007sC-VT; Wed, 23 Feb 2022 16:22:33 +0000 Received: by outflank-mailman (input) for mailman id 277654; Wed, 23 Feb 2022 16:22:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPQ-0007s2-Vl for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPQ-0005Qh-V6 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuPQ-0004Oc-UI for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ObyZlH9O7r6N3g0L7Wtr6lkMrt/CjKvp2aP45AWWwwg=; b=A9BceyJe86oNpU8JsobMkQhi/S L/lZ26hQcB4n6VgrNuZVuutOz4tt+3kwSC9pIR158Eb99+gmkyd2ePhahLHzwK/84tnRoXiW2o/kU prmjWfkmFRpgFRPTHGAJtRR+vnIBjqbvHIyQIZfw9V06bF4Fr9vdZK8nOTLLm2/mfN3I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Wed, 23 Feb 2022 16:22:32 +0000 commit d37a8a067e62e3b6709d224c22f740fdda9d0078 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index e3ce85d118..13b0975866 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(mfn_to_maddr(efi_l4_mfn), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277655.474412 (Exim 4.92) (envelope-from ) id 1nMuPc-0007v8-3q; Wed, 23 Feb 2022 16:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277655.474412; Wed, 23 Feb 2022 16:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPc-0007v0-0j; Wed, 23 Feb 2022 16:22:44 +0000 Received: by outflank-mailman (input) for mailman id 277655; Wed, 23 Feb 2022 16:22:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPb-0007us-2d for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPb-0005Ql-1v for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuPb-0004P3-1K for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2hTVLAZ8Vby8A3W6lKo8hs1adG+gxZzsWhCmyA3pyEo=; b=WtmLctC/t7BqR0KQkdnf+H+CGG LrPY7sCr0X2h5xG/JgBpF//PPsgcnyIzeDbZyp81Z0YA72sUT/VVKNcr6Kx8LT+gJE1NQbuqzd88t /xKO1wq+usyUBTT3vcMgnXGhUuaCiKwSFHqAtkSI00hcUZYzCUfUy/z2oB9oYd/W9OGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Wed, 23 Feb 2022 16:22:43 +0000 commit cdbe2b0a1aecae946639ee080f14831429b184b6 Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 321a9abfc1..efda335652 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 2429818e60..bfedc99b92 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -348,6 +348,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index bc11be5ba7..22a9885dee 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -102,6 +102,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init cf_check parse_cet(const char *s) { const char *ss; @@ -118,6 +124,14 @@ static int __init cf_check parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1118,11 +1132,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1847,10 +1883,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:22:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277656.474416 (Exim 4.92) (envelope-from ) id 1nMuPm-0007xv-5Z; Wed, 23 Feb 2022 16:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277656.474416; Wed, 23 Feb 2022 16:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPm-0007xn-2K; Wed, 23 Feb 2022 16:22:54 +0000 Received: by outflank-mailman (input) for mailman id 277656; Wed, 23 Feb 2022 16:22:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPl-0007xc-5S for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPl-0005R8-4h for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuPl-0004Pa-44 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:22:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=A9KqdJY4FVUDeSY+V0902v8lU7muhl1051cHRlbFmqs=; b=6E79XMiGt5OiGpNCtJ4heYd2f9 ECIc5yhW8oWt6yrOXTfDo8jXEmv4w/T7dXZ5F1HtsRfSAriYPqnM7Qe6vyUzAUmitrZQqC29227LN GZv8E2Aj7bAzPWyfF+3oXWgTJRuSWfZ3KHwm7UT0vr9M+ozwIBMvOMCs7IySunp06nYQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/altcall: Use __ro_after_init now that it exists Message-Id: Date: Wed, 23 Feb 2022 16:22:53 +0000 commit a0d8a94360a6337efcb5048293d527274fea1c96 Author: Andrew Cooper AuthorDate: Fri Feb 11 16:38:47 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/altcall: Use __ro_after_init now that it exists For the !CONFIG_ALTERNATIVE_CALL case, the use of __read_mostly was only a stopgap while nothing better existed. __ro_after_init now does, so it use. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/include/xen/alternative-call.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index c2d3b70e31..5c6b9a562b 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -57,7 +57,7 @@ #define alternative_call(func, args...) (func)(args) #define alternative_vcall(func, args...) (func)(args) -#define __alt_call_maybe_initdata __read_mostly +#define __alt_call_maybe_initdata __ro_after_init #endif /* !CONFIG_ALTERNATIVE_CALL */ #endif /* XEN_ALTERNATIVE_CALL */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277657.474420 (Exim 4.92) (envelope-from ) id 1nMuPw-00080g-75; Wed, 23 Feb 2022 16:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277657.474420; Wed, 23 Feb 2022 16:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPw-00080Y-3z; Wed, 23 Feb 2022 16:23:04 +0000 Received: by outflank-mailman (input) for mailman id 277657; Wed, 23 Feb 2022 16:23:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPv-00080Q-8b for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuPv-0005RS-7q for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuPv-0004QI-71 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wdRAFZ1Y+Ll+/nOojH4I/a2+4KfWjKOuna4dwaSelr8=; b=KEa+G8SLPwLdBPcW1+X+iuprjf cC41W9vFjtwZaBFCrwTBweLrDHkEoDQlzYr1zMLFFg1YOi9Q2VKgHyQ8COhfiVyjNlE2hyPpHw9Ai ZOSa2s+i9u5dHUb5i7AaaX5yVhTSzqrpMW4QXF8nw84mPiWwrP4Hrw8JPPmZixVjGDOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/altcall: Check and optimise altcall targets Message-Id: Date: Wed, 23 Feb 2022 16:23:03 +0000 commit 12e3410e071e284398e49d125e7d9cec076d00e5 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:42:48 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/altcall: Check and optimise altcall targets When converting indirect to direct calls, there is no need to execute endbr64 instructions. Detect and optimise this case, leaving a warning in the case that no endbr64 was found, as it likely indicates a build error. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index ec24692e95..ae7e646074 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -279,6 +280,28 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, if ( dest ) { + /* + * When building for CET-IBT, all function pointer targets + * should have an endbr64 instruction. + * + * If this is not the case, leave a warning because + * something is probably wrong with the build. A CET-IBT + * enabled system might have exploded already. + * + * Otherwise, skip the endbr64 instruction. This is a + * marginal perf improvement which saves on instruction + * decode bandwidth. + */ + if ( IS_ENABLED(CONFIG_HAS_CC_CET_IBT) ) + { + if ( is_endbr64(dest) ) + dest += ENDBR64_LEN; + else + printk(XENLOG_WARNING + "altcall %ps dest %ps has no endbr64\n", + orig, dest); + } + disp = dest - (orig + 5); ASSERT(disp == (int32_t)disp); *(int32_t *)(buf + 1) = disp; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277658.474424 (Exim 4.92) (envelope-from ) id 1nMuQ6-00083U-8t; Wed, 23 Feb 2022 16:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277658.474424; Wed, 23 Feb 2022 16:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQ6-00083M-5c; Wed, 23 Feb 2022 16:23:14 +0000 Received: by outflank-mailman (input) for mailman id 277658; Wed, 23 Feb 2022 16:23:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQ5-00083F-Br for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQ5-0005RW-B7 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQ5-0004Ql-AA for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dFdoL0pzPgEqYUxs1R9mTdsQNdJ+CpT/bcQJ+nFdiwI=; b=Nc+HJSkhQ3abQzmWHe+s5tjWZ4 a8hAln4afez7GDXJZbFVWi/hFskgd0/XIkXjPsgb9Qnf6TZr88luRrPfpq1R4UzJoCCsfHJhu1No/ jSxtn+U1RoK0CcKlkuQYJJzPbtI5QxtzMLqQlRW6ZwjWaanDDEqrBRVO/IwYt50v3bEM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/altcall: Optimise away endbr64 instruction where possible Message-Id: Date: Wed, 23 Feb 2022 16:23:13 +0000 commit 37ed5da851b867ae7133720dba3cf96e83bef2e1 Author: Andrew Cooper AuthorDate: Thu Nov 4 19:36:23 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/altcall: Optimise away endbr64 instruction where possible With altcall, we convert indirect branches into direct ones. With that complete, none of the potential targets need an endbr64 instruction. Furthermore, removing the endbr64 instructions is a security defence-in-depth improvement, because it limits the options available to an attacker who has managed to hijack a function pointer. Introduce new .init.{ro,}data.cf_clobber sections. Have _apply_alternatives() walk over this, looking for any pointers into .text, and clobber an endbr64 instruction if found. This is some minor structure (ab)use but it works alarmingly well. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 38 ++++++++++++++++++++++++++++++++++++++ xen/arch/x86/xen.lds.S | 6 ++++++ xen/include/xen/init.h | 3 +++ 3 files changed, 47 insertions(+) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index ae7e646074..e19dfc6b36 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -173,6 +173,9 @@ text_poke(void *addr, const void *opcode, size_t len) return memcpy(addr, opcode, len); } +extern void *const __initdata_cf_clobber_start[]; +extern void *const __initdata_cf_clobber_end[]; + /* * Replace instructions with better alternatives for this CPU type. * This runs before SMP is initialized to avoid SMP problems with @@ -330,6 +333,41 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, add_nops(buf + a->repl_len, total_len - a->repl_len); text_poke(orig, buf, total_len); } + + /* + * Clobber endbr64 instructions now that altcall has finished optimising + * all indirect branches to direct ones. + */ + if ( force && cpu_has_xen_ibt ) + { + void *const *val; + unsigned int clobbered = 0; + + /* + * This is some minor structure (ab)use. We walk the entire contents + * of .init.{ro,}data.cf_clobber as if it were an array of pointers. + * + * If the pointer points into .text, and at an endbr64 instruction, + * nop out the endbr64. This causes the pointer to no longer be a + * legal indirect branch target under CET-IBT. This is a + * defence-in-depth measure, to reduce the options available to an + * adversary who has managed to hijack a function pointer. + */ + for ( val = __initdata_cf_clobber_start; + val < __initdata_cf_clobber_end; + val++ ) + { + void *ptr = *val; + + if ( !is_kernel_text(ptr) || !is_endbr64(ptr) ) + continue; + + add_nops(ptr, ENDBR64_LEN); + clobbered++; + } + + printk("altcall: Optimised away %u endbr64 instructions\n", clobbered); + } } void init_or_livepatch apply_alternatives(struct alt_instr *start, diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7ffecd4630..7b655df63f 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -223,6 +223,12 @@ SECTIONS *(.initcall1.init) __initcall_end = .; + . = ALIGN(POINTER_ALIGN); + __initdata_cf_clobber_start = .; + *(.init.data.cf_clobber) + *(.init.rodata.cf_clobber) + __initdata_cf_clobber_end = .; + *(.init.data) *(.init.data.rel) *(.init.data.rel.*) diff --git a/xen/include/xen/init.h b/xen/include/xen/init.h index bfe789e93f..0af0e234ec 100644 --- a/xen/include/xen/init.h +++ b/xen/include/xen/init.h @@ -18,6 +18,9 @@ #define __init_call(lvl) __used_section(".initcall" lvl ".init") #define __exit_call __used_section(".exitcall.exit") +#define __initdata_cf_clobber __section(".init.data.cf_clobber") +#define __initconst_cf_clobber __section(".init.rodata.cf_clobber") + /* These macros are used to mark some functions or * initialized data (doesn't apply to uninitialized data) * as `initialization' functions. The kernel can take this -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277659.474428 (Exim 4.92) (envelope-from ) id 1nMuQG-00086p-Bh; Wed, 23 Feb 2022 16:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277659.474428; Wed, 23 Feb 2022 16:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQG-00086h-8q; Wed, 23 Feb 2022 16:23:24 +0000 Received: by outflank-mailman (input) for mailman id 277659; Wed, 23 Feb 2022 16:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQF-00086T-Ey for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQF-0005Ra-EJ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQF-0004RP-DR for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lPZMm1Ij4i2JnBzF739oykm3k5GWrH+fu7Xy88YP4s0=; b=pXXOwTVlhbseRrvAR5AwOGld8q 1Z7yXsdnaONhA6hPo95NvUQCLDDQlrRF5h6JgAbx01zeayfgDmQx/zuf7/ZGQcbvTRXlmG7Hfd9XF VppC53a2fbOhv2M6hHBAtC5FHAvFv44SO9bX7uS+ii6k9r76zK3TqhrYabm3Ny4hRkM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xsm: Use __initconst_cf_clobber for xsm_ops Message-Id: Date: Wed, 23 Feb 2022 16:23:23 +0000 commit 7a7b2be4132d3b96833690ccdb637e339aea6d2e Author: Andrew Cooper AuthorDate: Thu Nov 4 19:36:23 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm: Use __initconst_cf_clobber for xsm_ops All calls through xsm_ops are fully altcall'd. Harden all function pointer targets. This yields: (XEN) altcall: Optimised away 197 endbr64 instructions of 1655 on an everything-enabled build of Xen, which is ~12%. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith --- xen/xsm/dummy.c | 2 +- xen/xsm/flask/hooks.c | 2 +- xen/xsm/silo.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 4d29a9aa5b..8c044ef615 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -13,7 +13,7 @@ #define XSM_NO_WRAPPERS #include -static const struct xsm_ops __initconstrel dummy_ops = { +static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 63484e323c..0bf63ffa84 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1765,7 +1765,7 @@ static int cf_check flask_argo_send( #endif -static const struct xsm_ops __initconstrel flask_ops = { +static const struct xsm_ops __initconst_cf_clobber flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 4d5fc98e7e..b89b364287 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -102,7 +102,7 @@ static int cf_check silo_argo_send( #endif -static const struct xsm_ops __initconstrel silo_xsm_ops = { +static const struct xsm_ops __initconst_cf_clobber silo_xsm_ops = { .evtchn_unbound = silo_evtchn_unbound, .evtchn_interdomain = silo_evtchn_interdomain, .grant_mapref = silo_grant_mapref, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277660.474432 (Exim 4.92) (envelope-from ) id 1nMuQR-00089r-D5; Wed, 23 Feb 2022 16:23:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277660.474432; Wed, 23 Feb 2022 16:23:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQR-00089j-AI; Wed, 23 Feb 2022 16:23:35 +0000 Received: by outflank-mailman (input) for mailman id 277660; Wed, 23 Feb 2022 16:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQP-00089Z-IK for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQP-0005Rf-Hc for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQP-0004S1-Gy for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U+5mVU9Zn1ghJH8sMEdx1VMmjixiK4DMwQzpe4hHIcI=; b=J4yqBT9L0AzETGt/5T4VPpjhIH sVB563nAYbJMze6RO0CIWJmH2xKXcQIXH/ptsJ5OEptUuNgn2TGCY7C2ytdkWl46UVZRuOmE/ZdA5 bC+axIWFwWU/hn+JolxTppTqrOw32h5pp7BubeYeKRiFEVKF+5OTkUw1OZcDBfmION5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Use __initdata_cf_clobber for hvm_funcs Message-Id: Date: Wed, 23 Feb 2022 16:23:33 +0000 commit 8bf7240842c765b6fa13095572aa77c38ff27acf Author: Andrew Cooper AuthorDate: Mon Feb 14 12:12:13 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: Use __initdata_cf_clobber for hvm_funcs Now that all calls through hvm_funcs are fully altcall'd, harden all the svm and vmx function pointer targets. This drops 106 endbr64 instructions. Clobbering does come with a theoretical risk. The non-pointer fields of {svm,vmx}_function_table can in theory happen to form a bit pattern matching a pointer into .text at a legal endbr64 instruction, but this is expected to be implausible for anything liable to pass code review. While at it, move hvm_funcs into __ro_after_init now that this exists. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index cdd1529014..709a4191ef 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -88,7 +88,7 @@ unsigned int opt_hvm_debug_level __read_mostly; integer_param("hvm_debug", opt_hvm_debug_level); #endif -struct hvm_function_table hvm_funcs __read_mostly; +struct hvm_function_table __ro_after_init hvm_funcs; /* * The I/O permission bitmap is globally shared by all HVM guests except diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 63535a74b5..b80d4af6cb 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2513,7 +2513,7 @@ static void cf_check svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) } } -static struct hvm_function_table __initdata svm_function_table = { +static struct hvm_function_table __initdata_cf_clobber svm_function_table = { .name = "SVM", .cpu_up_prepare = svm_cpu_up_prepare, .cpu_dead = svm_cpu_dead, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 41db538a9e..758df33218 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2473,7 +2473,7 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_exit(v); } -static struct hvm_function_table __initdata vmx_function_table = { +static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, .cpu_dead = vmx_cpu_dead, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277661.474436 (Exim 4.92) (envelope-from ) id 1nMuQb-0008Cb-EX; Wed, 23 Feb 2022 16:23:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277661.474436; Wed, 23 Feb 2022 16:23:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQb-0008CT-Bi; Wed, 23 Feb 2022 16:23:45 +0000 Received: by outflank-mailman (input) for mailman id 277661; Wed, 23 Feb 2022 16:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQZ-0008CG-LI for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQZ-0005Rm-Kf for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQZ-0004ST-Jt for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NSXQkGUs7Nr9dsNyIeaIQXjtm/j2iFVld+DddhLWxf8=; b=v8cBkUGV1opWrAEn6XAFvGGlJR l4AfYxNKZZpDpmDP1wC1st8ZxyAJD1jYjjWMPf2JCfAagYmpX8N2r6VoigY0gFTlNHsxBsnEltrjf 1zAzncs6V1iwOqRMsvUcy4E2U0shhsCPrMIYIWJz7hsf5UWXzPtpG08kgS91OjcwxmAQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ucode: Use altcall, and __initconst_cf_clobber Message-Id: Date: Wed, 23 Feb 2022 16:23:43 +0000 commit 8f473f92e531d1189b03a2e4acdf87ff0f029f30 Author: Andrew Cooper AuthorDate: Sun Nov 7 11:35:50 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/ucode: Use altcall, and __initconst_cf_clobber Microcode loading is not a fastpath, but there are control flow integrity hardening benefits from using altcall, because it allows us to clobber the endbr64 instructions on all function pointer targets. Convert the existing microcode_ops pointer into an __ro_after_init structure, and move {amd,intel}_ucode_ops into __initconst_cf_clobber. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 38 ++++++++++++++++++++------------------ xen/arch/x86/cpu/microcode/intel.c | 2 +- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index 0afa2192bf..8195707ee1 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -422,7 +422,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops amd_ucode_ops = { +const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index f84dafa826..452a7ca773 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -21,6 +21,7 @@ * 2 of the License, or (at your option) any later version. */ +#include #include #include #include @@ -214,7 +215,7 @@ scan: microcode_scan_module(module_map, mbi); } -static const struct microcode_ops __read_mostly *microcode_ops; +static struct microcode_ops __ro_after_init ucode_ops; static DEFINE_SPINLOCK(microcode_mutex); @@ -241,9 +242,9 @@ static const struct microcode_patch *nmi_patch = ZERO_BLOCK_PTR; */ static struct microcode_patch *parse_blob(const char *buf, size_t len) { - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); - return microcode_ops->cpu_request_microcode(buf, len); + return alternative_call(ucode_ops.cpu_request_microcode, buf, len); } static void microcode_free_patch(struct microcode_patch *patch) @@ -258,8 +259,8 @@ static bool microcode_update_cache(struct microcode_patch *patch) if ( !microcode_cache ) microcode_cache = patch; - else if ( microcode_ops->compare_patch(patch, - microcode_cache) == NEW_UCODE ) + else if ( alternative_call(ucode_ops.compare_patch, + patch, microcode_cache) == NEW_UCODE ) { microcode_free_patch(microcode_cache); microcode_cache = patch; @@ -311,14 +312,14 @@ static int microcode_update_cpu(const struct microcode_patch *patch) { int err; - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); spin_lock(µcode_mutex); if ( patch ) - err = microcode_ops->apply_microcode(patch); + err = alternative_call(ucode_ops.apply_microcode, patch); else if ( microcode_cache ) { - err = microcode_ops->apply_microcode(microcode_cache); + err = alternative_call(ucode_ops.apply_microcode, microcode_cache); if ( err == -EIO ) { microcode_free_patch(microcode_cache); @@ -368,7 +369,7 @@ static int primary_thread_work(const struct microcode_patch *patch) if ( !wait_for_state(LOADING_ENTER) ) return -EBUSY; - ret = microcode_ops->apply_microcode(patch); + ret = alternative_call(ucode_ops.apply_microcode, patch); if ( !ret ) atomic_inc(&cpu_updated); atomic_inc(&cpu_out); @@ -481,7 +482,7 @@ static int control_thread_fn(const struct microcode_patch *patch) } /* Control thread loads ucode first while others are in NMI handler. */ - ret = microcode_ops->apply_microcode(patch); + ret = alternative_call(ucode_ops.apply_microcode, patch); if ( !ret ) atomic_inc(&cpu_updated); atomic_inc(&cpu_out); @@ -610,7 +611,8 @@ static long cf_check microcode_update_helper(void *data) */ spin_lock(µcode_mutex); if ( microcode_cache && - microcode_ops->compare_patch(patch, microcode_cache) != NEW_UCODE ) + alternative_call(ucode_ops.compare_patch, + patch, microcode_cache) != NEW_UCODE ) { spin_unlock(µcode_mutex); printk(XENLOG_WARNING "microcode: couldn't find any newer revision " @@ -678,7 +680,7 @@ int microcode_update(XEN_GUEST_HANDLE(const_void) buf, unsigned long len) if ( len != (uint32_t)len ) return -E2BIG; - if ( microcode_ops == NULL ) + if ( !ucode_ops.apply_microcode ) return -EINVAL; buffer = xmalloc_flex_struct(struct ucode_buf, buffer, len); @@ -722,10 +724,10 @@ __initcall(microcode_init); /* Load a cached update to current cpu */ int microcode_update_one(void) { - if ( !microcode_ops ) + if ( !ucode_ops.apply_microcode ) return -EOPNOTSUPP; - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); return microcode_update_cpu(NULL); } @@ -780,22 +782,22 @@ int __init early_microcode_init(void) { case X86_VENDOR_AMD: if ( c->x86 >= 0x10 ) - microcode_ops = &amd_ucode_ops; + ucode_ops = amd_ucode_ops; break; case X86_VENDOR_INTEL: if ( c->x86 >= 6 ) - microcode_ops = &intel_ucode_ops; + ucode_ops = intel_ucode_ops; break; } - if ( !microcode_ops ) + if ( !ucode_ops.apply_microcode ) { printk(XENLOG_WARNING "Microcode loading not available\n"); return -ENODEV; } - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); if ( ucode_mod.mod_end || ucode_blob.size ) rc = early_microcode_update_cpu(); diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index d3864b5ab0..f5ba6d76d7 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -376,7 +376,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops intel_ucode_ops = { +const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:23:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:23:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277662.474440 (Exim 4.92) (envelope-from ) id 1nMuQl-0008FW-G4; Wed, 23 Feb 2022 16:23:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277662.474440; Wed, 23 Feb 2022 16:23:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQl-0008FN-DJ; Wed, 23 Feb 2022 16:23:55 +0000 Received: by outflank-mailman (input) for mailman id 277662; Wed, 23 Feb 2022 16:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQj-0008FB-Od for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQj-0005SD-Nx for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQj-0004Uh-My for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L1EU/r7v3D4CGvDkO4E2S/a09ABaUmk9YY5oizxgFIg=; b=thYzkNUpgesGfHO5v/uNpt9zbE ErTcGgR4uZXw6KMvnFygEJNUTkCdHFLuOCefaknsegYA/5E7qs9hkgu9xepHFDv6wgIWCmWqI379X /3R/0GZa3eI089W4Tj/vuaMFKeG2ZSqSYBl08COUA9lvWAG1935MOboRwx5VreIrScsg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vpmu: Harden indirect branches Message-Id: Date: Wed, 23 Feb 2022 16:23:53 +0000 commit e826cf735171ad032901abdc4a1c46ecca401562 Author: Andrew Cooper AuthorDate: Tue Nov 30 21:31:55 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/vpmu: Harden indirect branches As all function pointer calls are resolved to direct calls on boot, clobber the endbr64 instructions too to make life harder for an attacker which has managed to hijack a function pointer. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/vpmu_amd.c | 2 +- xen/arch/x86/cpu/vpmu_intel.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 5963ce9015..9bacc02ec1 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -518,7 +518,7 @@ static int cf_check svm_vpmu_initialise(struct vcpu *v) return 0; } -static const struct arch_vpmu_ops __initconstrel amd_vpmu_ops = { +static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .initialise = svm_vpmu_initialise, .do_wrmsr = amd_vpmu_do_wrmsr, .do_rdmsr = amd_vpmu_do_rdmsr, diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 48b81ab6f0..8612f46973 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -880,7 +880,7 @@ static int cf_check vmx_vpmu_initialise(struct vcpu *v) return 0; } -static const struct arch_vpmu_ops __initconstrel core2_vpmu_ops = { +static const struct arch_vpmu_ops __initconst_cf_clobber core2_vpmu_ops = { .initialise = vmx_vpmu_initialise, .do_wrmsr = core2_vpmu_do_wrmsr, .do_rdmsr = core2_vpmu_do_rdmsr, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 16:24:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 16:24:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277663.474443 (Exim 4.92) (envelope-from ) id 1nMuQv-0008IM-Hg; Wed, 23 Feb 2022 16:24:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277663.474443; Wed, 23 Feb 2022 16:24:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQv-0008IF-Eq; Wed, 23 Feb 2022 16:24:05 +0000 Received: by outflank-mailman (input) for mailman id 277663; Wed, 23 Feb 2022 16:24:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQt-0008Hz-S4 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:24:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMuQt-0005Sa-RP for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:24:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMuQt-0004VR-QZ for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 16:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ovnW19tIchiTJHndeUfiTWw7CQM500PCRkguI0Gnwdg=; b=Msp3gB/737yfEk4dhSQgYpuail XoGPFguRdHFc4ynceH2cgbsszv0ds/tU2rYeR/ZV/A4MZ5EEUNte9uZEgpI+hlQKW96lgtjr6vvBA YrLYCbmVYMdQ2UxSaOb87uJ273NPCneRCm9WrzEOP5XgbSNnAjAjRvQ18mUypEG3fMqk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/IOMMU: Use altcall, and __initconst_cf_clobber Message-Id: Date: Wed, 23 Feb 2022 16:24:03 +0000 commit f04231775c179b3424fca45d64f29e226a41a610 Author: Andrew Cooper AuthorDate: Mon Feb 21 17:09:15 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/IOMMU: Use altcall, and __initconst_cf_clobber Most IOMMU hooks are already altcall for performance reasons. Convert the rest of them so we can harden all the hooks in Control Flow Integrity configurations. This necessitates the use of iommu_{v,}call() in debug builds too. Switch to using an ASSERT() as all forms should resolve to &iommu_ops. Move the root iommu_ops from __read_mostly to __ro_after_init now that the latter exists. Since c/s 3330013e6739 ("VT-d / x86: re-arrange cache syncing"), vtd_ops is not modified and doesn't need a forward declaration, so we can use __initconst_cf_clobber for both VT-d and AMD. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/iommu.h | 10 ++++------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/iommu.c | 3 +-- xen/drivers/passthrough/x86/iommu.c | 4 ++-- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 8a96ba1f09..d38c334087 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -72,18 +72,16 @@ struct arch_iommu extern struct iommu_ops iommu_ops; -#ifdef NDEBUG # include # define iommu_call(ops, fn, args...) ({ \ - (void)(ops); \ + ASSERT((ops) == &iommu_ops); \ alternative_call(iommu_ops.fn, ## args); \ }) # define iommu_vcall(ops, fn, args...) ({ \ - (void)(ops); \ + ASSERT((ops) == &iommu_ops); \ alternative_vcall(iommu_ops.fn, ## args); \ }) -#endif static inline const struct iommu_ops *iommu_get_ops(void) { @@ -106,7 +104,7 @@ int iommu_setup_hpet_msi(struct msi_desc *); static inline int iommu_adjust_irq_affinities(void) { return iommu_ops.adjust_irq_affinities - ? iommu_ops.adjust_irq_affinities() + ? iommu_call(&iommu_ops, adjust_irq_affinities) : 0; } @@ -122,7 +120,7 @@ int iommu_enable_x2apic(void); static inline void iommu_disable_x2apic(void) { if ( x2apic_enabled && iommu_ops.disable_x2apic ) - iommu_ops.disable_x2apic(); + iommu_vcall(&iommu_ops, disable_x2apic); } int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e57f555d00..4b59a4efe9 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -628,7 +628,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) hd->arch.amd.paging_mode, 0, 0); } -static const struct iommu_ops __initconstrel _iommu_ops = { +static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index e220fea72c..c6b2c384d1 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -540,7 +540,7 @@ int __init iommu_setup(void) int iommu_suspend() { if ( iommu_enabled ) - return iommu_get_ops()->suspend(); + return iommu_call(iommu_get_ops(), suspend); return 0; } @@ -548,7 +548,7 @@ int iommu_suspend() void iommu_resume() { if ( iommu_enabled ) - iommu_get_ops()->resume(); + iommu_vcall(iommu_get_ops(), resume); } int iommu_do_domctl( @@ -578,7 +578,8 @@ void iommu_crash_shutdown(void) return; if ( iommu_enabled ) - iommu_get_ops()->crash_shutdown(); + iommu_vcall(iommu_get_ops(), crash_shutdown); + iommu_enabled = false; #ifndef iommu_intremap iommu_intremap = iommu_intremap_off; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 56968a06a1..6a65ba1d82 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -56,7 +56,6 @@ bool __read_mostly iommu_snoop = true; static unsigned int __read_mostly nr_iommus; -static struct iommu_ops vtd_ops; static struct tasklet vtd_fault_tasklet; static int cf_check setup_hwdom_device(u8 devfn, struct pci_dev *); @@ -2794,7 +2793,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) return rc; } -static struct iommu_ops __initdata vtd_ops = { +static const struct iommu_ops __initconst_cf_clobber vtd_ops = { .init = intel_iommu_domain_init, .hwdom_init = intel_iommu_hwdom_init, .quarantine_init = intel_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index ad5f44e13d..58a422fb5f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -27,7 +27,7 @@ #include const struct iommu_init_ops *__initdata iommu_init_ops; -struct iommu_ops __read_mostly iommu_ops; +struct iommu_ops __ro_after_init iommu_ops; bool __read_mostly iommu_non_coherent; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -129,7 +129,7 @@ int iommu_enable_x2apic(void) if ( !iommu_ops.enable_x2apic ) return -EOPNOTSUPP; - return iommu_ops.enable_x2apic(); + return iommu_call(&iommu_ops, enable_x2apic); } void iommu_update_ire_from_apic( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Feb 23 18:00:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Feb 2022 18:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277682.474471 (Exim 4.92) (envelope-from ) id 1nMvvq-0001ZB-RG; Wed, 23 Feb 2022 18:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277682.474471; Wed, 23 Feb 2022 18:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMvvq-0001Z2-Mw; Wed, 23 Feb 2022 18:00:06 +0000 Received: by outflank-mailman (input) for mailman id 277682; Wed, 23 Feb 2022 18:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMvvp-0001N6-6f for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 18:00:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nMvvp-0007Et-44 for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 18:00:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nMvvp-0006tR-2z for xen-changelog@lists.xenproject.org; Wed, 23 Feb 2022 18:00:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FCL4XD1Cla6Xd1uMCz8gUNvFhEq2Tbq4d4e6Rar6sbc=; b=rQScKt4Of66vQcEkEB7shyMJLs pXGwLfUU8TANreMLbFICQp4qpfaDEnq8CqhL7IEmEkUmE0p0z2bpd4zN/7yCB+/SRivp5wL3P8+MV eWWcat2nMdd10KQgD32TbVo0mJ9qGrgP+UrVtZjlJWv9KCKGiQIq+x/YVOwukbfX0yao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Drop get_shadow_gs_base() hook and use hvm_get_reg() Message-Id: Date: Wed, 23 Feb 2022 18:00:05 +0000 commit fe60fab0424b93c6688d285bd7995226a96937d4 Author: Andrew Cooper AuthorDate: Fri Jan 21 03:47:05 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 17:54:30 2022 +0000 x86/hvm: Drop get_shadow_gs_base() hook and use hvm_get_reg() This is a trivial accessor for an MSR, so use hvm_get_reg() rather than a dedicated hook. In arch_get_info_guest(), rework the logic to read GS_SHADOW only once. get_hvm_registers() is called on current, meaning that diagnostics print a stale GS_SHADOW from the previous vcpu context switch. Adjust both implementations to obtain the correct value. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/domctl.c | 8 ++++++-- xen/arch/x86/hvm/svm/svm.c | 12 ++++++------ xen/arch/x86/hvm/vmx/vmx.c | 13 +++++++------ xen/arch/x86/include/asm/hvm/hvm.h | 7 ------- xen/arch/x86/x86_64/traps.c | 2 +- 5 files changed, 20 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 7d102e0647..e49f9e91b9 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1447,6 +1447,7 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c) if ( is_hvm_domain(d) ) { struct segment_register sreg; + unsigned long gs_shadow; c.nat->ctrlreg[0] = v->arch.hvm.guest_cr[0]; c.nat->ctrlreg[2] = v->arch.hvm.guest_cr[2]; @@ -1465,15 +1466,18 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c) c.nat->fs_base = sreg.base; hvm_get_segment_register(v, x86_seg_gs, &sreg); c.nat->user_regs.gs = sreg.sel; + + gs_shadow = hvm_get_reg(v, MSR_SHADOW_GS_BASE); + if ( ring_0(&c.nat->user_regs) ) { c.nat->gs_base_kernel = sreg.base; - c.nat->gs_base_user = hvm_get_shadow_gs_base(v); + c.nat->gs_base_user = gs_shadow; } else { c.nat->gs_base_user = sreg.base; - c.nat->gs_base_kernel = hvm_get_shadow_gs_base(v); + c.nat->gs_base_kernel = gs_shadow; } } else diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index b80d4af6cb..8869a5de62 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -756,11 +756,6 @@ static void cf_check svm_set_segment_register( } } -static unsigned long cf_check svm_get_shadow_gs_base(struct vcpu *v) -{ - return v->arch.hvm.svm.vmcb->kerngsbase; -} - static int cf_check svm_set_guest_pat(struct vcpu *v, u64 gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -2479,6 +2474,7 @@ static bool cf_check svm_get_pending_event( static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) { + struct vcpu *curr = current; const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; @@ -2487,6 +2483,11 @@ static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) case MSR_SPEC_CTRL: return vmcb->spec_ctrl; + case MSR_SHADOW_GS_BASE: + if ( v == curr ) + svm_sync_vmcb(v, vmcb_in_sync); + return vmcb->kerngsbase; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2530,7 +2531,6 @@ static struct hvm_function_table __initdata_cf_clobber svm_function_table = { .get_cpl = svm_get_cpl, .get_segment_register = svm_get_segment_register, .set_segment_register = svm_set_segment_register, - .get_shadow_gs_base = svm_get_shadow_gs_base, .update_guest_cr = svm_update_guest_cr, .update_guest_efer = svm_update_guest_efer, .cpuid_policy_changed = svm_cpuid_policy_changed, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 758df33218..c075370f64 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1176,11 +1176,6 @@ static void cf_check vmx_set_segment_register( vmx_vmcs_exit(v); } -static unsigned long cf_check vmx_get_shadow_gs_base(struct vcpu *v) -{ - return v->arch.hvm.vmx.shadow_gs; -} - static int cf_check vmx_set_guest_pat(struct vcpu *v, u64 gpat) { if ( !paging_mode_hap(v->domain) || @@ -2401,6 +2396,7 @@ static int cf_check vmtrace_reset(struct vcpu *v) static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) { + const struct vcpu *curr = current; struct domain *d = v->domain; uint64_t val = 0; int rc; @@ -2417,6 +2413,12 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + + case MSR_SHADOW_GS_BASE: + if ( v != curr ) + return v->arch.hvm.vmx.shadow_gs; + rdmsrl(MSR_SHADOW_GS_BASE, val); + return val; } /* Logic which maybe requires remote VMCS acquisition. */ @@ -2489,7 +2491,6 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .get_cpl = _vmx_get_cpl, .get_segment_register = vmx_get_segment_register, .set_segment_register = vmx_set_segment_register, - .get_shadow_gs_base = vmx_get_shadow_gs_base, .update_host_cr3 = vmx_update_host_cr3, .update_guest_cr = vmx_update_guest_cr, .update_guest_efer = vmx_update_guest_efer, diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index b44bbdeb21..5b7ec0cf69 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -128,7 +128,6 @@ struct hvm_function_table { struct segment_register *reg); void (*set_segment_register)(struct vcpu *v, enum x86_segment seg, struct segment_register *reg); - unsigned long (*get_shadow_gs_base)(struct vcpu *v); /* * Re-set the value of CR3 that Xen runs on when handling VM exits. @@ -469,11 +468,6 @@ hvm_get_cpl(struct vcpu *v) return alternative_call(hvm_funcs.get_cpl, v); } -static inline unsigned long hvm_get_shadow_gs_base(struct vcpu *v) -{ - return alternative_call(hvm_funcs.get_shadow_gs_base, v); -} - #define has_hvm_params(d) \ ((d)->arch.hvm.params != NULL) @@ -759,7 +753,6 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val); * needed because DCE will kick in. */ int hvm_guest_x86_mode(struct vcpu *v); -unsigned long hvm_get_shadow_gs_base(struct vcpu *v); void hvm_cpuid_policy_changed(struct vcpu *v); void hvm_set_tsc_offset(struct vcpu *v, uint64_t offset, uint64_t at_tsc); diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index fccfb7c172..9d7f1f818b 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -80,7 +80,7 @@ static void get_hvm_registers(struct vcpu *v, struct cpu_user_regs *regs, hvm_get_segment_register(v, x86_seg_ss, &sreg); regs->ss = sreg.sel; - crs[7] = hvm_get_shadow_gs_base(v); + crs[7] = hvm_get_reg(v, MSR_SHADOW_GS_BASE); } static void _show_registers( -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277957.474815 (Exim 4.92) (envelope-from ) id 1nN9jI-0002HM-ES; Thu, 24 Feb 2022 08:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277957.474815; Thu, 24 Feb 2022 08:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jI-0002HE-BS; Thu, 24 Feb 2022 08:44:04 +0000 Received: by outflank-mailman (input) for mailman id 277957; Thu, 24 Feb 2022 08:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jG-0002H5-Mi for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jG-0000qJ-IS for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9jG-00055r-H5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RUxTIg0BjctHLnXf45SqQZYSUqIW/mH9OCpI+40zEdg=; b=BN0SdVaC2b1vSIL+BAK3QocBVL /+FizEUuP9t2hYpXEklS6FCjI+a6VEGNgeYfSSjiO6OtG5gJpzDUCGlGklDnd70fRsRE0oDCcf6Gz 4zxxixta/eksEEfuHMi0XphMX6g/oa3V1MdlRTH0WhbQ2Oy1OYmQdfoKADwx0+EQW9W0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/sort: Switch to an extern inline implementation Message-Id: Date: Thu, 24 Feb 2022 08:44:02 +0000 commit 8cb0341a61fa8e6e27e8715e4c2db379f38e90ab Author: Andrew Cooper AuthorDate: Sat Oct 30 22:13:55 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen/sort: Switch to an extern inline implementation There are exactly 3 callers of sort() in the hypervisor. Callbacks in a tight loop like this are problematic for performance, especially with Spectre v2 protections, which is why extern inline is used commonly by libraries. Both ARM callers pass in NULL for the swap function, and while this might seem like an attractive option at first, it causes generic_swap() to be used, which forced a byte-wise copy. Provide real swap functions so the compiler can optimise properly, which is very important for ARM downstreams where milliseconds until the system is up matters. This is also important for Control Flow Integrity schemes (e.g. x86 CET-IBT, ARM BTI), because tagged function(s) performing an arbitrary length swap of two arbitrary pointers is a very valuable gadget for an attacker. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/bootfdt.c | 9 +++++- xen/arch/arm/io.c | 9 +++++- xen/include/xen/sort.h | 55 +++++++++++++++++++++++++++++++++- xen/lib/sort.c | 80 ++------------------------------------------------ 4 files changed, 72 insertions(+), 81 deletions(-) diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index afaa0e249b..e318ef9603 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -448,6 +448,13 @@ static int __init cmp_memory_node(const void *key, const void *elem) return 0; } +static void __init swap_memory_node(void *_a, void *_b, size_t size) +{ + struct membank *a = _a, *b = _b; + + SWAP(*a, *b); +} + /** * boot_fdt_info - initialize bootinfo from a DTB * @fdt: flattened device tree binary @@ -472,7 +479,7 @@ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) * the banks sorted in ascending order. So sort them through. */ sort(bootinfo.mem.bank, bootinfo.mem.nr_banks, sizeof(struct membank), - cmp_memory_node, NULL); + cmp_memory_node, swap_memory_node); early_print_info(); diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 729287e37c..1a066f9ae5 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -80,6 +80,13 @@ static int cmp_mmio_handler(const void *key, const void *elem) return 0; } +static void swap_mmio_handler(void *_a, void *_b, size_t size) +{ + struct mmio_handler *a = _a, *b = _b; + + SWAP(*a, *b); +} + static const struct mmio_handler *find_mmio_handler(struct domain *d, paddr_t gpa) { @@ -170,7 +177,7 @@ void register_mmio_handler(struct domain *d, /* Sort mmio handlers in ascending order based on base address */ sort(vmmio->handlers, vmmio->num_entries, sizeof(struct mmio_handler), - cmp_mmio_handler, NULL); + cmp_mmio_handler, swap_mmio_handler); write_unlock(&vmmio->lock); } diff --git a/xen/include/xen/sort.h b/xen/include/xen/sort.h index a403652948..2f52ff85b9 100644 --- a/xen/include/xen/sort.h +++ b/xen/include/xen/sort.h @@ -3,8 +3,61 @@ #include +/* + * sort - sort an array of elements + * @base: pointer to data to sort + * @num: number of elements + * @size: size of each element + * @cmp: pointer to comparison function + * @swap: pointer to swap function + * + * This function does a heapsort on the given array. You may provide a + * swap function optimized to your element type. + * + * Sorting time is O(n log n) both on average and worst-case. While + * qsort is about 20% faster on average, it suffers from exploitable + * O(n*n) worst-case behavior and extra memory requirements that make + * it less suitable for kernel use. + */ +#ifndef SORT_IMPLEMENTATION +extern gnu_inline +#endif void sort(void *base, size_t num, size_t size, int (*cmp)(const void *, const void *), - void (*swap)(void *, void *, size_t)); + void (*swap)(void *, void *, size_t)) +{ + /* pre-scale counters for performance */ + size_t i = (num / 2) * size, n = num * size, c, r; + + /* heapify */ + while ( i > 0 ) + { + for ( r = i -= size; r * 2 + size < n; r = c ) + { + c = r * 2 + size; + if ( (c < n - size) && (cmp(base + c, base + c + size) < 0) ) + c += size; + if ( cmp(base + r, base + c) >= 0 ) + break; + swap(base + r, base + c, size); + } + } + + /* sort */ + for ( i = n; i > 0; ) + { + i -= size; + swap(base, base + i, size); + for ( r = 0; r * 2 + size < i; r = c ) + { + c = r * 2 + size; + if ( (c < i - size) && (cmp(base + c, base + c + size) < 0) ) + c += size; + if ( cmp(base + r, base + c) >= 0 ) + break; + swap(base + r, base + c, size); + } + } +} #endif /* __XEN_SORT_H__ */ diff --git a/xen/lib/sort.c b/xen/lib/sort.c index 35ce0d7abd..b7e78cc0e8 100644 --- a/xen/lib/sort.c +++ b/xen/lib/sort.c @@ -4,81 +4,5 @@ * Jan 23 2005 Matt Mackall */ -#include - -static void u32_swap(void *a, void *b, size_t size) -{ - uint32_t t = *(uint32_t *)a; - - *(uint32_t *)a = *(uint32_t *)b; - *(uint32_t *)b = t; -} - -static void generic_swap(void *a, void *b, size_t size) -{ - char t; - - do { - t = *(char *)a; - *(char *)a++ = *(char *)b; - *(char *)b++ = t; - } while ( --size > 0 ); -} - -/* - * sort - sort an array of elements - * @base: pointer to data to sort - * @num: number of elements - * @size: size of each element - * @cmp: pointer to comparison function - * @swap: pointer to swap function or NULL - * - * This function does a heapsort on the given array. You may provide a - * swap function optimized to your element type. - * - * Sorting time is O(n log n) both on average and worst-case. While - * qsort is about 20% faster on average, it suffers from exploitable - * O(n*n) worst-case behavior and extra memory requirements that make - * it less suitable for kernel use. - */ - -void sort(void *base, size_t num, size_t size, - int (*cmp)(const void *, const void *), - void (*swap)(void *, void *, size_t size)) -{ - /* pre-scale counters for performance */ - size_t i = (num / 2) * size, n = num * size, c, r; - - if ( !swap ) - swap = (size == 4 ? u32_swap : generic_swap); - - /* heapify */ - while ( i > 0 ) - { - for ( r = i -= size; r * 2 + size < n; r = c ) - { - c = r * 2 + size; - if ( (c < n - size) && (cmp(base + c, base + c + size) < 0) ) - c += size; - if ( cmp(base + r, base + c) >= 0 ) - break; - swap(base + r, base + c, size); - } - } - - /* sort */ - for ( i = n; i > 0; ) - { - i -= size; - swap(base, base + i, size); - for ( r = 0; r * 2 + size < i; r = c ) - { - c = r * 2 + size; - if ( (c < i - size) && (cmp(base + c, base + c + size) < 0) ) - c += size; - if ( cmp(base + r, base + c) >= 0 ) - break; - swap(base + r, base + c, size); - } - } -} +#define SORT_IMPLEMENTATION +#include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277958.474819 (Exim 4.92) (envelope-from ) id 1nN9jS-0002JC-G4; Thu, 24 Feb 2022 08:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277958.474819; Thu, 24 Feb 2022 08:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jS-0002J4-D1; Thu, 24 Feb 2022 08:44:14 +0000 Received: by outflank-mailman (input) for mailman id 277958; Thu, 24 Feb 2022 08:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jQ-0002Iq-Md for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jQ-0000qQ-Lp for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9jQ-00056U-Kp for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1ANjAIkJBwc/5MrAgwu1UhieHMrXfou32NWOPMz4vrs=; b=TlaGhVGikcPRjHCHfA7Q74CD9E kSRa87shF+UNQuWJefNhXmYiXID/050bsDDfjWPMT/MgOIAcol5g2UvDJt81rj4XeS9ablsVz9+Gr /MW7G0dEX0LGuqg6DeON1ccLZFkCvtesO397xlonwM+nF1XcvElA5bqKZegOMtfcpJzo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/xsm: Move {do,compat}_flask_op() declarations into a header Message-Id: Date: Thu, 24 Feb 2022 08:44:12 +0000 commit 44d6b0758469cafff12be16d75b51f6d9217d22c Author: Andrew Cooper AuthorDate: Fri Oct 29 23:05:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen/xsm: Move {do,compat}_flask_op() declarations into a header Declaring sideways like this is unsafe, because the compiler can't check that the implementation in flask_op.c still has the same type. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/xsm/flask/flask_op.c | 1 + xen/xsm/flask/hooks.c | 4 +--- xen/xsm/flask/private.h | 9 +++++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 221ff00fd3..bb3bebc30e 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -21,6 +21,7 @@ #include #include #include +#include "private.h" #define ret_t long #define _copy_to_guest copy_to_guest diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 3b29f7fde3..6ff1be28e4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -36,6 +36,7 @@ #include #include #include +#include "private.h" static u32 domain_sid(const struct domain *dom) { @@ -1742,9 +1743,6 @@ static int flask_argo_send(const struct domain *d, const struct domain *t) #endif -long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); - static const struct xsm_ops __initconstrel flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h new file mode 100644 index 0000000000..73b0de8724 --- /dev/null +++ b/xen/xsm/flask/private.h @@ -0,0 +1,9 @@ +#ifndef XSM_FLASK_PRIVATE +#define XSM_FLASK_PRIVATE + +#include + +long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); + +#endif /* XSM_FLASK_PRIVATE */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277959.474823 (Exim 4.92) (envelope-from ) id 1nN9jc-0002M9-IX; Thu, 24 Feb 2022 08:44:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277959.474823; Thu, 24 Feb 2022 08:44:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jc-0002M1-Ef; Thu, 24 Feb 2022 08:44:24 +0000 Received: by outflank-mailman (input) for mailman id 277959; Thu, 24 Feb 2022 08:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ja-0002LV-QC for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ja-0000qp-PG for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ja-00057W-OR for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uGPbB67Rihlgzdio6DJcvNZXbS0f5dmGUnOCF1fo6Nw=; b=u4iRe2DGKjL+7/XsIsc7iPc4oe reFeAZX+TnV10FhhYvW7APZrOpCDH3s0328qbRpJaG8zdOQlcAY4+R2EwdSqgpM/pYeyC/hlHkAk+ SuCka+7LVbNynZ6l7T35tiE7R04nlh7ingnY0DHSEn5rdcsVkw1DHcXixxoIMO2Bskqo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pv-shim: Don't modify the hypercall table Message-Id: Date: Thu, 24 Feb 2022 08:44:22 +0000 commit e7db635f4428cabbb72ba33a6ec6e1465f2169cb Author: Juergen Gross AuthorDate: Mon Nov 1 16:20:09 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86/pv-shim: Don't modify the hypercall table When running as pv-shim the hypercall is modified today in order to replace the functions for __HYPERVISOR_event_channel_op and __HYPERVISOR_grant_table_op hypercalls. Change this to call the related functions from the normal handlers instead when running as shim. The performance implications are not really relevant, as a normal production hypervisor will not be configured to support shim mode, so the related calls will be dropped due to optimisation of the compiler. Note that for the CONFIG_PV_SHIM_EXCLUSIVE case there is a dummy wrapper do_grant_table_op() needed, as in this case grant_table.c isn't being built. Signed-off-by: Juergen Gross Split out of series. To compile in isolation, the compat_platform_op() prototype needs correcting, and header files need rearranging to avoid the compat_platform_op_t/multicall_entry_compat_t guest handles being declared multiple times. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hypercall.h | 4 ++- xen/arch/x86/include/asm/pv/shim.h | 3 ++ xen/arch/x86/pv/hypercall.c | 2 +- xen/arch/x86/pv/shim.c | 54 ++++++++++++++++---------------- xen/arch/x86/x86_64/platform_hypercall.c | 2 +- xen/common/compat/multicall.c | 3 +- xen/common/event_channel.c | 9 ++++++ xen/common/grant_table.c | 9 ++++++ 8 files changed, 54 insertions(+), 32 deletions(-) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 5d394d4923..f004824f16 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -145,6 +145,7 @@ do_set_segment_base( #include #include +#include extern int compat_physdev_op( @@ -161,8 +162,9 @@ extern int compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); +DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); extern int compat_platform_op( - XEN_GUEST_HANDLE_PARAM(void) u_xenpf_op); + XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); extern long compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); diff --git a/xen/arch/x86/include/asm/pv/shim.h b/xen/arch/x86/include/asm/pv/shim.h index 8a91f4f9df..6415f8068e 100644 --- a/xen/arch/x86/include/asm/pv/shim.h +++ b/xen/arch/x86/include/asm/pv/shim.h @@ -19,6 +19,7 @@ #ifndef __X86_PV_SHIM_H__ #define __X86_PV_SHIM_H__ +#include #include #if defined(CONFIG_PV_SHIM_EXCLUSIVE) @@ -45,6 +46,8 @@ domid_t get_initial_domain_id(void); uint64_t pv_shim_mem(uint64_t avail); void pv_shim_fixup_e820(struct e820map *e820); const struct platform_bad_page *pv_shim_reserved_pages(unsigned int *size); +typeof(do_event_channel_op) pv_shim_event_channel_op; +typeof(do_grant_table_op) pv_shim_grant_table_op; #else diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index ecdd58deea..50cd219c18 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -64,7 +64,7 @@ const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(xen_version), HYPERCALL(console_io), COMPAT_CALL(physdev_op_compat), -#ifdef CONFIG_GRANT_TABLE +#if defined(CONFIG_GRANT_TABLE) || defined(CONFIG_PV_SHIM) COMPAT_CALL(grant_table_op), #endif HYPERCALL(vm_assist), diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index d9704121a7..7e891fe2f7 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -56,11 +56,6 @@ static DEFINE_SPINLOCK(balloon_lock); static struct platform_bad_page __initdata reserved_pages[2]; -static long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -static long pv_shim_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count); - /* * By default give the shim 1MB of free memory slack. Some users may wish to * tune this constants for better memory utilization. This can be achieved @@ -203,7 +198,6 @@ void __init pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, start_info_t *si) { bool compat = is_pv_32bit_domain(d); - pv_hypercall_table_t *rw_pv_hypercall_table; uint64_t param = 0; long rc; @@ -249,23 +243,6 @@ void __init pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, consoled_set_ring_addr(page); } - /* - * Locate pv_hypercall_table[] (usually .rodata) in the directmap (which - * is writeable) and insert some shim-specific hypercall handlers. - */ - rw_pv_hypercall_table = __va(__pa(pv_hypercall_table)); - rw_pv_hypercall_table[__HYPERVISOR_event_channel_op].native = - (hypercall_fn_t *)pv_shim_event_channel_op; - rw_pv_hypercall_table[__HYPERVISOR_grant_table_op].native = - (hypercall_fn_t *)pv_shim_grant_table_op; - -#ifdef CONFIG_PV32 - rw_pv_hypercall_table[__HYPERVISOR_event_channel_op].compat = - (hypercall_fn_t *)pv_shim_event_channel_op; - rw_pv_hypercall_table[__HYPERVISOR_grant_table_op].compat = - (hypercall_fn_t *)pv_shim_grant_table_op; -#endif - guest = d; /* @@ -435,7 +412,7 @@ int pv_shim_shutdown(uint8_t reason) return 0; } -static long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long pv_shim_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct evtchn_close close; @@ -683,9 +660,9 @@ void pv_shim_inject_evtchn(unsigned int port) # define compat_handle_okay guest_handle_okay #endif -static long pv_shim_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +long pv_shim_grant_table_op(unsigned int cmd, + XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) { struct domain *d = current->domain; long rc = 0; @@ -845,6 +822,29 @@ static long pv_shim_grant_table_op(unsigned int cmd, return rc; } +#ifndef CONFIG_GRANT_TABLE +/* Thin wrapper(s) needed. */ +long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) +{ + if ( !pv_shim ) + return -ENOSYS; + + return pv_shim_grant_table_op(cmd, uop, count); +} + +#ifdef CONFIG_PV32 +int compat_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, + unsigned int count) +{ + if ( !pv_shim ) + return -ENOSYS; + + return pv_shim_grant_table_op(cmd, uop, count); +} +#endif +#endif + long pv_shim_cpu_up(void *data) { struct vcpu *v = data; diff --git a/xen/arch/x86/x86_64/platform_hypercall.c b/xen/arch/x86/x86_64/platform_hypercall.c index fbba893a47..966fd27b5f 100644 --- a/xen/arch/x86/x86_64/platform_hypercall.c +++ b/xen/arch/x86/x86_64/platform_hypercall.c @@ -6,8 +6,8 @@ EMIT_FILE; #include #include +#include -DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); #define xen_platform_op compat_platform_op #define xen_platform_op_t compat_platform_op_t #define do_platform_op(x) compat_platform_op(_##x) diff --git a/xen/common/compat/multicall.c b/xen/common/compat/multicall.c index a0e9918f48..b17739d218 100644 --- a/xen/common/compat/multicall.c +++ b/xen/common/compat/multicall.c @@ -5,7 +5,7 @@ EMIT_FILE; #include -#include +#include #include #define COMPAT @@ -19,7 +19,6 @@ static inline void xlat_multicall_entry(struct mc_state *mcs) mcs->compat_call.args[i] = mcs->call.args[i]; } -DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); #define multicall_entry compat_multicall_entry #define multicall_entry_t multicall_entry_compat_t #define do_multicall_call compat_multicall_call diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index da88ad141a..c9912122d1 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -31,6 +31,10 @@ #include #include +#ifdef CONFIG_PV_SHIM +#include +#endif + #define ERROR_EXIT(_errno) \ do { \ gdprintk(XENLOG_WARNING, \ @@ -1189,6 +1193,11 @@ long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; +#ifdef CONFIG_PV_SHIM + if ( unlikely(pv_shim) ) + return pv_shim_event_channel_op(cmd, arg); +#endif + switch ( cmd ) { case EVTCHNOP_alloc_unbound: { diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 3d92fee592..925ed7d6be 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -44,6 +44,10 @@ #include #include +#ifdef CONFIG_PV_SHIM +#include +#endif + /* Per-domain grant information. */ struct grant_table { /* @@ -3561,6 +3565,11 @@ do_grant_table_op( long rc; unsigned int opaque_in = cmd & GNTTABOP_ARG_MASK, opaque_out = 0; +#ifdef CONFIG_PV_SHIM + if ( unlikely(pv_shim) ) + return pv_shim_grant_table_op(cmd, uop, count); +#endif + if ( (int)count < 0 ) return -EINVAL; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277960.474827 (Exim 4.92) (envelope-from ) id 1nN9jm-0002Px-L2; Thu, 24 Feb 2022 08:44:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277960.474827; Thu, 24 Feb 2022 08:44:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jm-0002Pp-I3; Thu, 24 Feb 2022 08:44:34 +0000 Received: by outflank-mailman (input) for mailman id 277960; Thu, 24 Feb 2022 08:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jk-0002PK-TU for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jk-0000qz-Sc for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9jk-00058T-Rf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X9BfeZs/g3dUpFbNYqdpVVZBBFuH61dghT6HJN0ULSY=; b=xrPWeRyqlHfpU0vOPFZmFX7kzL Cy/XLNJ8e4Hmw2bbNoG9KR0JJTJANUvSn0i8FeYAMrxdYEzyIburrS5rUSMwZDllzdSEIMlpdfjq6 gf1CboDu6LGvHcGnteMw/4mDmb/vAqplJIY6BF/0tbmmKpkxyMFiKiZ9bcboffB1B1O8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Don't use the hypercall table for calling compat hypercalls Message-Id: Date: Thu, 24 Feb 2022 08:44:32 +0000 commit 69a85336f62d5ec472a4b91d35a9549d5b2b8546 Author: Juergen Gross AuthorDate: Mon Nov 1 16:20:10 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86: Don't use the hypercall table for calling compat hypercalls Today the *_op_compat hypercalls call the modern handler functions by using the entries from the hypercall table. This is resulting in a not needed indirect function call which can be avoided by using the correct handler function directly. This is basically a revert of commit 1252e282311734 ("x86/pv: Export pv_hypercall_table[] rather than working around it in several ways"), which reasoning no longer applies, as shim no longer modifies the hypercall table. The hypercall table can now be made static as there is no external reference to it any longer. Commit 834cb8761051f7 ("x86/PV32: fix physdev_op_compat handling") can be reverted, too, as using the direct call of the correct handler is already handled fine without that patch. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/compat.c | 14 ++++---------- xen/arch/x86/include/asm/hypercall.h | 8 -------- xen/arch/x86/pv/hypercall.c | 9 ++++++++- xen/arch/x86/x86_64/compat.c | 1 - 4 files changed, 12 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 58b202f701..939b449dec 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -17,14 +17,12 @@ typedef long ret_t; /* Legacy hypercall (as of 0x00030202). */ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { - typeof(do_physdev_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_physdev_op].native; struct physdev_op op; if ( unlikely(copy_from_guest(&op, uop, 1) != 0) ) return -EFAULT; - return fn(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); + return do_physdev_op(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); } #ifndef COMPAT @@ -32,14 +30,11 @@ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) /* Legacy hypercall (as of 0x00030101). */ long do_sched_op_compat(int cmd, unsigned long arg) { - typeof(do_sched_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_sched_op].native; - switch ( cmd ) { case SCHEDOP_yield: case SCHEDOP_block: - return fn(cmd, guest_handle_from_ptr(NULL, void)); + return do_sched_op(cmd, guest_handle_from_ptr(NULL, void)); case SCHEDOP_shutdown: TRACE_3D(TRC_SCHED_SHUTDOWN, @@ -57,8 +52,6 @@ long do_sched_op_compat(int cmd, unsigned long arg) /* Legacy hypercall (as of 0x00030202). */ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { - typeof(do_event_channel_op) *fn = - (void *)pv_hypercall_table[__HYPERVISOR_event_channel_op].native; struct evtchn_op op; if ( unlikely(copy_from_guest(&op, uop, 1) != 0) ) @@ -76,7 +69,8 @@ long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) case EVTCHNOP_bind_ipi: case EVTCHNOP_bind_vcpu: case EVTCHNOP_unmask: - return fn(op.cmd, guest_handle_from_ptr(&uop.p->u, void)); + return do_event_channel_op(op.cmd, + guest_handle_from_ptr(&uop.p->u, void)); default: return -ENOSYS; diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index f004824f16..eb3aed3bf7 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -15,13 +15,6 @@ typedef unsigned long hypercall_fn_t( unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); -typedef struct { - hypercall_fn_t *native; -#ifdef CONFIG_PV32 - hypercall_fn_t *compat; -#endif -} pv_hypercall_table_t; - typedef struct { uint8_t native; #ifdef CONFIG_COMPAT @@ -32,7 +25,6 @@ typedef struct { extern const hypercall_args_t hypercall_args_table[NR_hypercalls]; #ifdef CONFIG_PV -extern const pv_hypercall_table_t pv_hypercall_table[]; void pv_hypercall(struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c index 50cd219c18..e8fbee7bbb 100644 --- a/xen/arch/x86/pv/hypercall.c +++ b/xen/arch/x86/pv/hypercall.c @@ -27,6 +27,13 @@ #include #include +typedef struct { + hypercall_fn_t *native; +#ifdef CONFIG_PV32 + hypercall_fn_t *compat; +#endif +} pv_hypercall_table_t; + #ifdef CONFIG_PV32 #define HYPERCALL(x) \ [ __HYPERVISOR_ ## x ] = { (hypercall_fn_t *) do_ ## x, \ @@ -42,7 +49,7 @@ #define do_arch_1 paging_domctl_continuation -const pv_hypercall_table_t pv_hypercall_table[] = { +static const pv_hypercall_table_t pv_hypercall_table[] = { COMPAT_CALL(set_trap_table), HYPERCALL(mmu_update), COMPAT_CALL(set_gdt), diff --git a/xen/arch/x86/x86_64/compat.c b/xen/arch/x86/x86_64/compat.c index fcbc1cc0d7..0e4c71f2aa 100644 --- a/xen/arch/x86/x86_64/compat.c +++ b/xen/arch/x86/x86_64/compat.c @@ -12,7 +12,6 @@ EMIT_FILE; #define physdev_op_t physdev_op_compat_t #define do_physdev_op compat_physdev_op #define do_physdev_op_compat(x) compat_physdev_op_compat(_##x) -#define native compat #define COMPAT #define _XEN_GUEST_HANDLE(t) XEN_GUEST_HANDLE(t) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277961.474831 (Exim 4.92) (envelope-from ) id 1nN9jw-0002Tw-Ms; Thu, 24 Feb 2022 08:44:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277961.474831; Thu, 24 Feb 2022 08:44:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jw-0002To-Ja; Thu, 24 Feb 2022 08:44:44 +0000 Received: by outflank-mailman (input) for mailman id 277961; Thu, 24 Feb 2022 08:44:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9jv-0002T3-0J for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ju-0000rA-Vs for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ju-00059Y-V5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DUkaYkrZvL9XQNuXI/hQhtnwWzWlzjpn83ZnmjhB9s8=; b=kt2oub6XIzgp1Q43HBiDG/QrZ+ NfjmHnOm/m79ddlvVTDMQkh2diGSg4ZMM6rzZ0o+iHaFJj6bZ2uP1KmvCiFtcavc0tYM52iV1Ci6o dM8mBr1vNxdkEds+9nGWfzoy2nbzs2g3w4uMcSUJ4NPdGZ1jsFRxtoz/MdekaWmuLPgw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/kexec: Annotate embedded data with ELF metadata Message-Id: Date: Thu, 24 Feb 2022 08:44:42 +0000 commit 7764fd93cf24d59b98fd1ee1c3f03a1fda83633a Author: Andrew Cooper AuthorDate: Wed Feb 16 18:24:43 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86/kexec: Annotate embedded data with ELF metadata Scanning for embedded endbranch instructions involves parsing the .text disassembly. Data in the kexec trampoline has no ELF metadata, so objdump treats it as instructions and tries to disassemble. Convert: ffff82d040396108 : ffff82d040396108: 00 00 add %al,(%rax) ffff82d04039610a: 00 00 add %al,(%rax) ffff82d04039610c: 10 00 adc %al,(%rax) ffff82d04039610e : ffff82d04039610e: 17 (bad) ... ffff82d040396118 : ... ffff82d040396120: ff (bad) ffff82d040396121: ff 00 incl (%rax) ffff82d040396123: 00 00 add %al,(%rax) ffff82d040396125: 93 xchg %eax,%ebx ffff82d040396126: cf iret ffff82d040396127: 00 ff add %bh,%bh ffff82d040396129: ff 00 incl (%rax) ffff82d04039612b: 00 00 add %al,(%rax) ffff82d04039612d: 9b fwait ffff82d04039612e: cf iret ... ffff82d040396130 : ... ffff82d0403961b6 : ffff82d0403961b6: b6 01 mov $0x1,%dh ... to: ffff82d040396108 : ffff82d040396108: 00 00 00 00 10 00 ...... ffff82d04039610e : ffff82d04039610e: 17 00 00 00 00 00 00 00 00 00 .......... ffff82d040396118 : ... ffff82d040396120: ff ff 00 00 00 93 cf 00 ff ff 00 00 00 9b cf 00 ................ ffff82d040396130 : ffff82d040396130: 00 00 00 00 00 00 ...... ffff82d040396136 : ... Most data just gains type and size metadata. The reloc_stack label is the wrong end of the data block to have a size, so move it to the lowest address and introduce .Lreloc_stack_base as a replacement. Also, fix the fact that it is misaligned by 2 bytes. While kexec_reloc_size could gain metadata, it's use in the linker assertion (while correct) is deeply confusing to follow. Drop it entirely, using a linker symbol instead to denote the end of the trampoline. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/machine_kexec.h | 2 +- xen/arch/x86/machine_kexec.c | 2 +- xen/arch/x86/x86_64/kexec_reloc.S | 23 ++++++++++++++++++----- xen/arch/x86/xen.lds.S | 3 ++- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/include/asm/machine_kexec.h b/xen/arch/x86/include/asm/machine_kexec.h index ba0d469d07..d4880818c1 100644 --- a/xen/arch/x86/include/asm/machine_kexec.h +++ b/xen/arch/x86/include/asm/machine_kexec.h @@ -9,7 +9,7 @@ extern void kexec_reloc(unsigned long reloc_code, unsigned long reloc_pt, unsigned long ind_maddr, unsigned long entry_maddr, unsigned long flags); -extern unsigned int kexec_reloc_size; +extern const char kexec_reloc_end[]; #endif diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..751a9efcaf 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -117,7 +117,7 @@ int machine_kexec_load(struct kexec_image *image) } code_page = __map_domain_page(image->control_code_page); - memcpy(code_page, kexec_reloc, kexec_reloc_size); + memcpy(code_page, kexec_reloc, kexec_reloc_end - (char *)kexec_reloc); unmap_domain_page(code_page); /* diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_reloc.S index d488d127cf..89316bc3a7 100644 --- a/xen/arch/x86/x86_64/kexec_reloc.S +++ b/xen/arch/x86/x86_64/kexec_reloc.S @@ -34,7 +34,7 @@ ENTRY(kexec_reloc) movq %rcx, %rbp /* Setup stack. */ - leaq (reloc_stack - kexec_reloc)(%rdi), %rsp + leaq (.Lreloc_stack_base - kexec_reloc)(%rdi), %rsp /* Load reloc page table. */ movq %rsi, %cr3 @@ -175,10 +175,16 @@ compatibility_mode_far: .long 0x00000000 /* set in call_32_bit above */ .word 0x0010 + .type compatibility_mode_far, @object + .size compatibility_mode_far, . - compatibility_mode_far + compat_mode_gdt_desc: .word .Lcompat_mode_gdt_end - compat_mode_gdt -1 .quad 0x0000000000000000 /* set in call_32_bit above */ + .type compat_mode_gdt_desc, @object + .size compat_mode_gdt_desc, . - compat_mode_gdt_desc + .align 8 compat_mode_gdt: .quad 0x0000000000000000 /* null */ @@ -186,16 +192,23 @@ compat_mode_gdt: .quad 0x00cf9b000000ffff /* 0x0010 ring 0 code, compatibility */ .Lcompat_mode_gdt_end: + .type compat_mode_gdt, @object + .size compat_mode_gdt, . - compat_mode_gdt + compat_mode_idt: .word 0 /* limit */ .long 0 /* base */ + .type compat_mode_idt, @object + .size compat_mode_idt, . - compat_mode_idt + /* * 16 words of stack are more than enough. */ - .fill 16,8,0 + .align 8 reloc_stack: + .fill 16,8,0 +.Lreloc_stack_base: - .globl kexec_reloc_size -kexec_reloc_size: - .long . - kexec_reloc + .type reloc_stack, @object + .size reloc_stack, . - reloc_stack diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 82ad8feb6e..7ffecd4630 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -84,6 +84,7 @@ SECTIONS _etextentry = .; *(.text.kexec) /* Page aligned in the object file. */ + kexec_reloc_end = .; *(.text.cold) *(.text.unlikely) @@ -428,7 +429,7 @@ ASSERT(__2M_rwdata_end <= XEN_VIRT_END - XEN_VIRT_START + __XEN_VIRT_START - "Xen image overlaps stubs area") #ifdef CONFIG_KEXEC -ASSERT(kexec_reloc_size - kexec_reloc <= PAGE_SIZE, "kexec_reloc is too large") +ASSERT(kexec_reloc_end - kexec_reloc <= PAGE_SIZE, "kexec_reloc is too large") #endif /* The Multiboot setup paths relies on this to simplify superpage PTE creation. */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:44:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:44:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277962.474835 (Exim 4.92) (envelope-from ) id 1nN9k6-0002Wj-Nu; Thu, 24 Feb 2022 08:44:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277962.474835; Thu, 24 Feb 2022 08:44:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9k6-0002Wb-L5; Thu, 24 Feb 2022 08:44:54 +0000 Received: by outflank-mailman (input) for mailman id 277962; Thu, 24 Feb 2022 08:44:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9k5-0002WP-49 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9k5-0000rM-3L for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9k5-0005Ac-2F for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:44:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FC8NDY+2pq5V2T7j+zf47Hl3jW8N2n01q2WilzLeHQo=; b=HiU0IoslNrcn3r9lK6hD/ZKcDe K9QihNg9C+XudrLzbYOCMFpvcVmf+EEC2qCRXy7Zkcz7dMiuhQneXZrbDmFCasezV+dW2iVZde5Un hjV0znOGsqcrEoXw75Hzi6p+CeHz+i0khCh8fZinwPipMsUaQg1p6OKeFmc/JT2UgnjQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Introduce support for CET-IBT Message-Id: Date: Thu, 24 Feb 2022 08:44:53 +0000 commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. However, the default -fcf-protection=branch places an endbr{32,64} on every function which far more than necessary, and reduces the quantity of protection afforded. Therefore, we use manual placement using the cf_check attribute. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- Config.mk | 1 - tools/firmware/Makefile | 2 ++ tools/libs/guest/xg_dom_decompress_unsafe.h | 2 ++ tools/tests/x86_emulator/x86-emulate.h | 2 ++ xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 6 ++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/arch/x86/include/asm/asm-defns.h | 6 ++++++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/include/xen/compiler.h | 6 ++++++ 11 files changed, 44 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 95c053212e..f56f7dc334 100644 --- a/Config.mk +++ b/Config.mk @@ -190,7 +190,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile index 345037b93b..53ed4f161e 100644 --- a/tools/firmware/Makefile +++ b/tools/firmware/Makefile @@ -6,6 +6,8 @@ TARGET := hvmloader/hvmloader INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR) DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR) +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none + SUBDIRS-y := SUBDIRS-$(CONFIG_OVMF) += ovmf-dir SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir diff --git a/tools/libs/guest/xg_dom_decompress_unsafe.h b/tools/libs/guest/xg_dom_decompress_unsafe.h index 4e0bf23aa5..ac6b94288d 100644 --- a/tools/libs/guest/xg_dom_decompress_unsafe.h +++ b/tools/libs/guest/xg_dom_decompress_unsafe.h @@ -8,6 +8,8 @@ typedef int decompress_fn(unsigned char *inbuf, unsigned int len, void (*error)(const char *x)); #endif +#define cf_check /* No Control Flow Integriy checking */ + int xc_dom_decompress_unsafe( decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size) __attribute__((visibility("internal"))); diff --git a/tools/tests/x86_emulator/x86-emulate.h b/tools/tests/x86_emulator/x86-emulate.h index 7f60ef9e89..18ae40d017 100644 --- a/tools/tests/x86_emulator/x86-emulate.h +++ b/tools/tests/x86_emulator/x86-emulate.h @@ -54,6 +54,8 @@ #define likely(x) __builtin_expect(!!(x), true) #define unlikely(x) __builtin_expect(!!(x), false) +#define cf_check /* No Control Flow Integriy checking */ + #define container_of(ptr, type, member) ({ \ typeof(((type *)0)->member) *mptr__ = (ptr); \ (type *)((char *)mptr__ - offsetof(type, member)); \ diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 41198b0f96..8e70f9a448 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -40,6 +40,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -125,6 +130,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index edfc043dbb..f780c912a9 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -52,6 +52,12 @@ CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif +ifdef CONFIG_XEN_IBT +CFLAGS += -fcf-protection=branch -mmanual-endbr +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 787376df5a..d0e92c2ded 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -8,6 +8,7 @@ CONFIG_NR_CPUS=32 CONFIG_EXPERT=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index a0ab6d7d78..f2c6f255ac 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -152,6 +152,7 @@ #define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index b10154fc44..7413febd7a 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 696c7eb89e..933aec09a9 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -37,6 +37,12 @@ # define nocall #endif +#ifdef CONFIG_XEN_IBT +# define cf_check __attribute__((__cf_check__)) +#else +# define cf_check +#endif + #if (!defined(__clang__) && (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)) #define unreachable() do {} while (1) #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277963.474839 (Exim 4.92) (envelope-from ) id 1nN9kG-0002b0-Qe; Thu, 24 Feb 2022 08:45:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277963.474839; Thu, 24 Feb 2022 08:45:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kG-0002as-Mh; Thu, 24 Feb 2022 08:45:04 +0000 Received: by outflank-mailman (input) for mailman id 277963; Thu, 24 Feb 2022 08:45:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kF-0002af-9H for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kF-0000sP-8V for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9kF-0005Bp-7i for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hTVzH0qYofhzU1VspeLA0zw8VuK0Os4ZFA93jieweKI=; b=2cN+qAAlwwJh9TbdeTevOm+Cic jX9Lq0CoRn0mX8N90GCuWiFmAsIt10GlV21EQkYA/QmYU10eE48rSP5P33+lJSzIP/477/3pZcD3X 28w/u9DXemp4YPwH09vjgu+MkPNVRNBMm3LSwpBvUvdbLN9L6a2qoAotRdnKNMPKYm9o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for x86 hypercalls Message-Id: Date: Thu, 24 Feb 2022 08:45:03 +0000 commit 517b9114bfddf24ecb8890be79e1d218254dbf18 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:42 2022 +0000 xen: CFI hardening for x86 hypercalls Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/compat.c | 7 ++-- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/vpmu.c | 3 +- xen/arch/x86/hvm/dm.c | 5 ++- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/hypercall.c | 5 +-- xen/arch/x86/include/asm/hypercall.h | 69 +++++++++++++++++++----------------- xen/arch/x86/include/asm/paging.h | 2 +- xen/arch/x86/mm.c | 23 ++++++------ xen/arch/x86/mm/paging.c | 3 +- xen/arch/x86/physdev.c | 2 +- xen/arch/x86/platform_hypercall.c | 3 +- xen/arch/x86/pv/callback.c | 25 +++++++------ xen/arch/x86/pv/descriptor-tables.c | 14 ++++---- xen/arch/x86/pv/iret.c | 4 +-- xen/arch/x86/pv/misc-hypercalls.c | 10 +++--- xen/arch/x86/pv/shim.c | 8 ++--- xen/arch/x86/x86_64/compat/mm.c | 7 ++-- xen/common/argo.c | 4 +-- xen/common/compat/domain.c | 3 +- xen/common/compat/grant_table.c | 5 ++- xen/common/compat/kernel.c | 2 +- xen/common/compat/memory.c | 3 +- xen/common/dm.c | 6 ++-- xen/common/domain.c | 5 +-- xen/common/domctl.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/hypfs.c | 6 ++-- xen/common/kernel.c | 2 +- xen/common/kexec.c | 4 +-- xen/common/memory.c | 2 +- xen/common/multicall.c | 2 +- xen/common/sched/compat.c | 2 +- xen/common/sched/core.c | 4 +-- xen/common/sysctl.c | 2 +- xen/common/xenoprof.c | 2 +- xen/drivers/char/console.c | 4 +-- xen/include/xen/hypercall.h | 69 ++++++++++++++++++------------------ xen/xsm/xsm_core.c | 4 +-- 40 files changed, 169 insertions(+), 162 deletions(-) diff --git a/xen/arch/x86/compat.c b/xen/arch/x86/compat.c index 939b449dec..28281a262a 100644 --- a/xen/arch/x86/compat.c +++ b/xen/arch/x86/compat.c @@ -15,7 +15,7 @@ typedef long ret_t; #endif /* Legacy hypercall (as of 0x00030202). */ -ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) +ret_t cf_check do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) { struct physdev_op op; @@ -28,7 +28,7 @@ ret_t do_physdev_op_compat(XEN_GUEST_HANDLE_PARAM(physdev_op_t) uop) #ifndef COMPAT /* Legacy hypercall (as of 0x00030101). */ -long do_sched_op_compat(int cmd, unsigned long arg) +long cf_check do_sched_op_compat(int cmd, unsigned long arg) { switch ( cmd ) { @@ -50,7 +50,8 @@ long do_sched_op_compat(int cmd, unsigned long arg) } /* Legacy hypercall (as of 0x00030202). */ -long do_event_channel_op_compat(XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) +long cf_check do_event_channel_op_compat( + XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop) { struct evtchn_op op; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 7f433343bc..eae08caa07 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1351,7 +1351,7 @@ CHECK_mcinfo_recovery; # endif /* CONFIG_COMPAT */ /* Machine Check Architecture Hypercall */ -long do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) +long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) { long ret = 0; struct xen_mc curop, *op = &curop; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 8ec4547bed..598291f4ec 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -671,7 +671,8 @@ void vpmu_dump(struct vcpu *v) alternative_vcall(vpmu_ops.arch_vpmu_dump, v); } -long do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) +long cf_check do_xenpmu_op( + unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg) { int ret; struct vcpu *curr; diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index b60b9f3364..d80975efcf 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -654,9 +654,8 @@ CHECK_dm_op_relocate_memory; CHECK_dm_op_pin_memory_cacheattr; CHECK_dm_op_nr_vcpus; -int compat_dm_op(domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(void) bufs) +int cf_check compat_dm_op( + domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(void) bufs) { struct dmop_args args; unsigned int i; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c4ddb8607d..4e685c1b0c 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -5015,7 +5015,7 @@ static int hvmop_get_mem_type( return rc; } -long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc = 0; diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 384724ec41..030243810e 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -31,7 +31,8 @@ #include #include -static long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +static long cf_check hvm_memory_op( + unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { long rc; @@ -51,7 +52,7 @@ static long hvm_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_GRANT_TABLE -static long hvm_grant_table_op( +static long cf_check hvm_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { switch ( cmd ) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index eb3aed3bf7..16d8418b57 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -38,97 +38,97 @@ void pv_ring3_init_hypercall_page(void *ptr); */ #define MMU_UPDATE_PREEMPTED (~(~0U>>1)) -extern long +extern long cf_check do_event_channel_op_compat( XEN_GUEST_HANDLE_PARAM(evtchn_op_t) uop); /* Legacy hypercall (as of 0x00030202). */ -extern long do_physdev_op_compat( +extern long cf_check do_physdev_op_compat( XEN_GUEST_HANDLE(physdev_op_t) uop); /* Legacy hypercall (as of 0x00030101). */ -extern long do_sched_op_compat( +extern long cf_check do_sched_op_compat( int cmd, unsigned long arg); -extern long +extern long cf_check do_set_trap_table( XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps); -extern long +extern long cf_check do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -extern long +extern long cf_check do_set_gdt( XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries); -extern long +extern long cf_check do_stack_switch( unsigned long ss, unsigned long esp); -extern long +extern long cf_check do_fpu_taskswitch( int set); -extern long +extern long cf_check do_set_debugreg( int reg, unsigned long value); -extern unsigned long +extern unsigned long cf_check do_get_debugreg( int reg); -extern long +extern long cf_check do_update_descriptor( uint64_t gaddr, seg_desc_t desc); -extern long +extern long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); -extern long +extern long cf_check do_update_va_mapping( unsigned long va, u64 val64, unsigned long flags); -extern long +extern long cf_check do_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_update_va_mapping_otherdomain( unsigned long va, u64 val64, unsigned long flags, domid_t domid); -extern long +extern long cf_check do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); -extern long do_callback_op( +extern long cf_check do_callback_op( int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg); -extern unsigned long +extern unsigned long cf_check do_iret( void); -extern long +extern long cf_check do_set_callbacks( unsigned long event_address, unsigned long failsafe_address, unsigned long syscall_address); -extern long +extern long cf_check do_set_segment_base( unsigned int which, unsigned long base); @@ -139,7 +139,7 @@ do_set_segment_base( #include #include -extern int +extern int cf_check compat_physdev_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); @@ -148,44 +148,47 @@ extern int arch_compat_vcpu_op( int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int compat_mmuext_op( +extern int cf_check compat_mmuext_op( XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom); DEFINE_XEN_GUEST_HANDLE(compat_platform_op_t); -extern int compat_platform_op( +extern int cf_check compat_platform_op( XEN_GUEST_HANDLE_PARAM(compat_platform_op_t) u_xenpf_op); -extern long compat_callback_op( +extern long cf_check compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); -extern int compat_update_va_mapping( +extern int cf_check compat_update_va_mapping( unsigned int va, u32 lo, u32 hi, unsigned int flags); -extern int compat_update_va_mapping_otherdomain( +extern int cf_check compat_update_va_mapping_otherdomain( unsigned int va, u32 lo, u32 hi, unsigned int flags, domid_t domid); DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); -extern int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps); +extern int cf_check compat_set_trap_table( + XEN_GUEST_HANDLE(trap_info_compat_t) traps); -extern int compat_set_gdt( +extern int cf_check compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); -extern int compat_update_descriptor( +extern int cf_check compat_update_descriptor( u32 pa_lo, u32 pa_hi, u32 desc_lo, u32 desc_hi); -extern unsigned int compat_iret(void); +extern unsigned int cf_check compat_iret(void); -extern int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); +extern int cf_check compat_nmi_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long compat_set_callbacks( +extern long cf_check compat_set_callbacks( unsigned long event_selector, unsigned long event_address, unsigned long failsafe_selector, unsigned long failsafe_address); DEFINE_XEN_GUEST_HANDLE(physdev_op_compat_t); -extern int compat_physdev_op_compat(XEN_GUEST_HANDLE(physdev_op_compat_t) uop); +extern int cf_check compat_physdev_op_compat( + XEN_GUEST_HANDLE(physdev_op_compat_t) uop); #endif /* CONFIG_COMPAT */ diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h index 2ddcfb022c..f0b4efc66e 100644 --- a/xen/arch/x86/include/asm/paging.h +++ b/xen/arch/x86/include/asm/paging.h @@ -235,7 +235,7 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, bool_t resuming); /* Helper hypercall for dealing with continuations. */ -long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); +long cf_check paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t)); /* Call when destroying a vcpu/domain */ void paging_vcpu_teardown(struct vcpu *v); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 9c7c616253..cdbd04e197 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3377,7 +3377,7 @@ static int vcpumask_to_pcpumask( } } -long do_mmuext_op( +long cf_check do_mmuext_op( XEN_GUEST_HANDLE_PARAM(mmuext_op_t) uops, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -3916,7 +3916,7 @@ long do_mmuext_op( return rc; } -long do_mmu_update( +long cf_check do_mmu_update( XEN_GUEST_HANDLE_PARAM(mmu_update_t) ureqs, unsigned int count, XEN_GUEST_HANDLE_PARAM(uint) pdone, @@ -4501,8 +4501,8 @@ static int __do_update_va_mapping( return rc; } -long do_update_va_mapping(unsigned long va, u64 val64, - unsigned long flags) +long cf_check do_update_va_mapping( + unsigned long va, u64 val64, unsigned long flags) { int rc = __do_update_va_mapping(va, val64, flags, current->domain); @@ -4513,9 +4513,8 @@ long do_update_va_mapping(unsigned long va, u64 val64, return rc; } -long do_update_va_mapping_otherdomain(unsigned long va, u64 val64, - unsigned long flags, - domid_t domid) +long cf_check do_update_va_mapping_otherdomain( + unsigned long va, u64 val64, unsigned long flags, domid_t domid) { struct domain *pg_owner; int rc; @@ -4537,8 +4536,8 @@ long do_update_va_mapping_otherdomain(unsigned long va, u64 val64, #endif /* CONFIG_PV */ #ifdef CONFIG_PV32 -int compat_update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, - unsigned int flags) +int cf_check compat_update_va_mapping( + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags) { int rc = __do_update_va_mapping(va, ((uint64_t)hi << 32) | lo, flags, current->domain); @@ -4550,9 +4549,9 @@ int compat_update_va_mapping(unsigned int va, uint32_t lo, uint32_t hi, return rc; } -int compat_update_va_mapping_otherdomain(unsigned int va, - uint32_t lo, uint32_t hi, - unsigned int flags, domid_t domid) +int cf_check compat_update_va_mapping_otherdomain( + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, + domid_t domid) { struct domain *pg_owner; int rc; diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index dc3a4a0b4b..1f0b94ad21 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -759,7 +759,8 @@ int paging_domctl(struct domain *d, struct xen_domctl_shadow_op *sc, return shadow_domctl(d, sc, u_domctl); } -long paging_domctl_continuation(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long cf_check paging_domctl_continuation( + XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { struct xen_domctl op; struct domain *d; diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c index ea38be8b79..2ddcf44f33 100644 --- a/xen/arch/x86/physdev.c +++ b/xen/arch/x86/physdev.c @@ -174,7 +174,7 @@ int physdev_unmap_pirq(domid_t domid, int pirq) } #endif /* COMPAT */ -ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int irq; ret_t ret; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index bf4090c942..84566bbfaa 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -213,7 +213,8 @@ void resource_access(void *info) } #endif -ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) +ret_t cf_check do_platform_op( + XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) { ret_t ret; struct xen_platform_op curop, *op = &curop; diff --git a/xen/arch/x86/pv/callback.c b/xen/arch/x86/pv/callback.c index 42a6aa0831..55148c7f9e 100644 --- a/xen/arch/x86/pv/callback.c +++ b/xen/arch/x86/pv/callback.c @@ -140,7 +140,7 @@ static long unregister_guest_callback(struct callback_unregister *unreg) return ret; } -long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) +long cf_check do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) { long ret; @@ -178,9 +178,9 @@ long do_callback_op(int cmd, XEN_GUEST_HANDLE_PARAM(const_void) arg) return ret; } -long do_set_callbacks(unsigned long event_address, - unsigned long failsafe_address, - unsigned long syscall_address) +long cf_check do_set_callbacks( + unsigned long event_address, unsigned long failsafe_address, + unsigned long syscall_address) { struct callback_register event = { .type = CALLBACKTYPE_event, @@ -283,7 +283,7 @@ static long compat_unregister_guest_callback( return ret; } -long compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) +long cf_check compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) { long ret; @@ -321,10 +321,9 @@ long compat_callback_op(int cmd, XEN_GUEST_HANDLE(void) arg) return ret; } -long compat_set_callbacks(unsigned long event_selector, - unsigned long event_address, - unsigned long failsafe_selector, - unsigned long failsafe_address) +long cf_check compat_set_callbacks( + unsigned long event_selector, unsigned long event_address, + unsigned long failsafe_selector, unsigned long failsafe_address) { struct compat_callback_register event = { .type = CALLBACKTYPE_event, @@ -349,7 +348,7 @@ long compat_set_callbacks(unsigned long event_selector, #endif /* CONFIG_PV32 */ -long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) +long cf_check do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) { struct trap_info cur; struct vcpu *curr = current; @@ -395,7 +394,7 @@ long do_set_trap_table(XEN_GUEST_HANDLE_PARAM(const_trap_info_t) traps) } #ifdef CONFIG_PV32 -int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) +int cf_check compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) { struct vcpu *curr = current; struct compat_trap_info cur; @@ -438,7 +437,7 @@ int compat_set_trap_table(XEN_GUEST_HANDLE(trap_info_compat_t) traps) } #endif -long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct xennmi_callback cb; long rc = 0; @@ -464,7 +463,7 @@ long do_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef CONFIG_PV32 -int compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int cf_check compat_nmi_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct compat_nmi_callback cb; int rc = 0; diff --git a/xen/arch/x86/pv/descriptor-tables.c b/xen/arch/x86/pv/descriptor-tables.c index 5e84704400..653a61d0b5 100644 --- a/xen/arch/x86/pv/descriptor-tables.c +++ b/xen/arch/x86/pv/descriptor-tables.c @@ -124,8 +124,8 @@ int pv_set_gdt(struct vcpu *v, const unsigned long frames[], return -EINVAL; } -long do_set_gdt(XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, - unsigned int entries) +long cf_check do_set_gdt( + XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, unsigned int entries) { unsigned int nr_frames = DIV_ROUND_UP(entries, 512); unsigned long frames[16]; @@ -151,8 +151,8 @@ long do_set_gdt(XEN_GUEST_HANDLE_PARAM(xen_ulong_t) frame_list, #ifdef CONFIG_PV32 -int compat_set_gdt(XEN_GUEST_HANDLE_PARAM(uint) frame_list, - unsigned int entries) +int cf_check compat_set_gdt( + XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries) { struct vcpu *curr = current; unsigned int i, nr_frames = DIV_ROUND_UP(entries, 512); @@ -187,8 +187,8 @@ int compat_set_gdt(XEN_GUEST_HANDLE_PARAM(uint) frame_list, return ret; } -int compat_update_descriptor(uint32_t pa_lo, uint32_t pa_hi, - uint32_t desc_lo, uint32_t desc_hi) +int cf_check compat_update_descriptor( + uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi) { seg_desc_t d; @@ -299,7 +299,7 @@ int validate_segdesc_page(struct page_info *page) return i == 512 ? 0 : -EINVAL; } -long do_update_descriptor(uint64_t gaddr, seg_desc_t d) +long cf_check do_update_descriptor(uint64_t gaddr, seg_desc_t d) { struct domain *currd = current->domain; gfn_t gfn = gaddr_to_gfn(gaddr); diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index 29a2f7cc45..dd2965d8f0 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -48,7 +48,7 @@ static void async_exception_cleanup(struct vcpu *curr) curr->arch.async_exception_state(trap).old_mask; } -unsigned long do_iret(void) +unsigned long cf_check do_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct iret_context iret_saved; @@ -105,7 +105,7 @@ unsigned long do_iret(void) } #ifdef CONFIG_PV32 -unsigned int compat_iret(void) +unsigned int cf_check compat_iret(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hypercalls.c index 5dade24726..5649aaab44 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -23,12 +23,12 @@ #include -long do_set_debugreg(int reg, unsigned long value) +long cf_check do_set_debugreg(int reg, unsigned long value) { return set_debugreg(current, reg, value); } -unsigned long do_get_debugreg(int reg) +unsigned long cf_check do_get_debugreg(int reg) { unsigned long val; int res = x86emul_read_dr(reg, &val, NULL); @@ -36,7 +36,7 @@ unsigned long do_get_debugreg(int reg) return res == X86EMUL_OKAY ? val : -ENODEV; } -long do_fpu_taskswitch(int set) +long cf_check do_fpu_taskswitch(int set) { struct vcpu *v = current; @@ -171,7 +171,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) return 0; } -long do_stack_switch(unsigned long ss, unsigned long esp) +long cf_check do_stack_switch(unsigned long ss, unsigned long esp) { fixup_guest_stack_selector(current->domain, ss); current->arch.pv.kernel_ss = ss; @@ -180,7 +180,7 @@ long do_stack_switch(unsigned long ss, unsigned long esp) return 0; } -long do_set_segment_base(unsigned int which, unsigned long base) +long cf_check do_set_segment_base(unsigned int which, unsigned long base) { struct vcpu *v = current; long ret = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 7e891fe2f7..4c710ad891 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -824,8 +824,8 @@ long pv_shim_grant_table_op(unsigned int cmd, #ifndef CONFIG_GRANT_TABLE /* Thin wrapper(s) needed. */ -long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +long cf_check do_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) return -ENOSYS; @@ -834,8 +834,8 @@ long do_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, } #ifdef CONFIG_PV32 -int compat_grant_table_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, - unsigned int count) +int cf_check compat_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { if ( !pv_shim ) return -ENOSYS; diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index 215e96aba0..b3da8fafbb 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -176,10 +176,9 @@ int compat_arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifdef CONFIG_PV DEFINE_XEN_GUEST_HANDLE(mmuext_op_compat_t); -int compat_mmuext_op(XEN_GUEST_HANDLE_PARAM(void) arg, - unsigned int count, - XEN_GUEST_HANDLE_PARAM(uint) pdone, - unsigned int foreigndom) +int cf_check compat_mmuext_op( + XEN_GUEST_HANDLE_PARAM(void) arg, unsigned int count, + XEN_GUEST_HANDLE_PARAM(uint) pdone, unsigned int foreigndom) { unsigned int i, preempt_mask; int rc = 0; diff --git a/xen/common/argo.c b/xen/common/argo.c index eaea7ba888..1448faf657 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -2069,7 +2069,7 @@ sendv(struct domain *src_d, xen_argo_addr_t *src_addr, return ( ret < 0 ) ? ret : len; } -long +long cf_check do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long raw_arg3, unsigned long raw_arg4) @@ -2207,7 +2207,7 @@ do_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, } #ifdef CONFIG_COMPAT -long +long cf_check compat_argo_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, unsigned long arg3, unsigned long arg4) diff --git a/xen/common/compat/domain.c b/xen/common/compat/domain.c index 98b8c15cea..afae27eeba 100644 --- a/xen/common/compat/domain.c +++ b/xen/common/compat/domain.c @@ -38,7 +38,8 @@ CHECK_vcpu_hvm_context; #endif -int compat_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) +int cf_check compat_vcpu_op( + int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct vcpu *v; diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index ff1d678f01..c6199e8918 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -55,9 +55,8 @@ CHECK_gnttab_swap_grant_ref; CHECK_gnttab_cache_flush; #undef xen_gnttab_cache_flush -int compat_grant_table_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(void) cmp_uop, - unsigned int count) +int cf_check compat_grant_table_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) cmp_uop, unsigned int count) { int rc = 0; unsigned int i, cmd_op; diff --git a/xen/common/compat/kernel.c b/xen/common/compat/kernel.c index 804b919bdc..8e8c413bf1 100644 --- a/xen/common/compat/kernel.c +++ b/xen/common/compat/kernel.c @@ -37,7 +37,7 @@ CHECK_TYPE(capabilities_info); CHECK_TYPE(domain_handle); -#define DO(fn) int compat_##fn +#define DO(fn) int cf_check compat_##fn #define COMPAT #include "../kernel.c" diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index c43fa97cf1..ec8ba54bb6 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -53,7 +53,8 @@ static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, } #endif -int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) +int cf_check compat_memory_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) compat) { struct vcpu *curr = current; struct domain *currd = curr->domain; diff --git a/xen/common/dm.c b/xen/common/dm.c index 2d1d98ca58..fcb3a1aa05 100644 --- a/xen/common/dm.c +++ b/xen/common/dm.c @@ -19,9 +19,9 @@ #include #include -long do_dm_op(domid_t domid, - unsigned int nr_bufs, - XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) +long cf_check do_dm_op( + domid_t domid, unsigned int nr_bufs, + XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) { struct dmop_args args; int rc; diff --git a/xen/common/domain.c b/xen/common/domain.c index 3742322d22..ac2746d0d6 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1570,7 +1570,8 @@ int default_initialise_vcpu(struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg) return rc; } -long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_vcpu_op( + int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d = current->domain; struct vcpu *v; @@ -1757,7 +1758,7 @@ long do_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) } #ifdef arch_vm_assist_valid_mask -long do_vm_assist(unsigned int cmd, unsigned int type) +long cf_check do_vm_assist(unsigned int cmd, unsigned int type) { struct domain *currd = current->domain; const unsigned long valid = arch_vm_assist_valid_mask(currd); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 879a2adcbe..9606fa4f1a 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -274,7 +274,7 @@ static struct vnuma_info *vnuma_init(const struct xen_domctl_vnuma *uinfo, return ERR_PTR(ret); } -long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) +long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { long ret = 0; bool_t copyback = 0; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index c9912122d1..a5ee8b8ebf 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1189,7 +1189,7 @@ static int evtchn_set_priority(const struct evtchn_set_priority *set_priority) return ret; } -long do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_event_channel_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { int rc; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 925ed7d6be..153332b7bf 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -3558,7 +3558,7 @@ gnttab_cache_flush(XEN_GUEST_HANDLE_PARAM(gnttab_cache_flush_t) uop, return 0; } -long +long cf_check do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count) { diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index e71f7df479..1526bcc528 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -671,9 +671,9 @@ static int hypfs_write(struct hypfs_entry *entry, return entry->funcs->write(l, uaddr, ulen); } -long do_hypfs_op(unsigned int cmd, - XEN_GUEST_HANDLE_PARAM(const_char) arg1, unsigned long arg2, - XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) +long cf_check do_hypfs_op( + unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, + unsigned long arg2, XEN_GUEST_HANDLE_PARAM(void) arg3, unsigned long arg4) { int ret; struct hypfs_entry *entry; diff --git a/xen/common/kernel.c b/xen/common/kernel.c index e119e5401f..752c2e0dae 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -451,7 +451,7 @@ static int __init param_init(void) __initcall(param_init); #endif -# define DO(fn) long do_##fn +# define DO(fn) long cf_check do_##fn #endif diff --git a/xen/common/kexec.c b/xen/common/kexec.c index c63db618a7..8471590aee 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -1265,13 +1265,13 @@ static int do_kexec_op_internal(unsigned long op, return ret; } -long do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +long cf_check do_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 0); } #ifdef CONFIG_COMPAT -int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) +int cf_check compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg) { return do_kexec_op_internal(op, uarg, 1); } diff --git a/xen/common/memory.c b/xen/common/memory.c index 0d7c413df8..38732dde6f 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1367,7 +1367,7 @@ static int acquire_resource( return rc; } -long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +long cf_check do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { struct domain *d, *curr_d = current->domain; long rc; diff --git a/xen/common/multicall.c b/xen/common/multicall.c index 794638392b..e48f46dbe0 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -32,7 +32,7 @@ static void trace_multicall_call(multicall_entry_t *call) __trace_multicall_call(call); } -ret_t +ret_t cf_check do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, uint32_t nr_calls) { diff --git a/xen/common/sched/compat.c b/xen/common/sched/compat.c index 040b4caca2..66ba0fe88f 100644 --- a/xen/common/sched/compat.c +++ b/xen/common/sched/compat.c @@ -39,7 +39,7 @@ static int compat_poll(struct compat_sched_poll *compat) #include "core.c" -int compat_set_timer_op(u32 lo, s32 hi) +int cf_check compat_set_timer_op(u32 lo, s32 hi) { return do_set_timer_op(((s64)hi << 32) | lo); } diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index f5c819349b..6c1ee7879a 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -1862,7 +1862,7 @@ typedef long ret_t; #endif /* !COMPAT */ -ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { ret_t ret = 0; @@ -1999,7 +1999,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) #ifndef COMPAT /* Per-vcpu oneshot-timer hypercall. */ -long do_set_timer_op(s_time_t timeout) +long cf_check do_set_timer_op(s_time_t timeout) { struct vcpu *v = current; s_time_t offset = timeout - NOW(); diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c index 1ad3c29351..fc4a0b31d6 100644 --- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -29,7 +29,7 @@ #include #include -long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) +long cf_check do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl) { long ret = 0; int copyback = -1; diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index 1926a92fe4..af617f1d0b 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -721,7 +721,7 @@ static int xenoprof_op_get_buffer(XEN_GUEST_HANDLE_PARAM(void) arg) || (op == XENOPROF_disable_virq) \ || (op == XENOPROF_get_buffer)) -ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) +ret_t cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) { int ret = 0; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 7d0a603d03..a043e9521a 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -675,8 +675,8 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, return 0; } -long do_console_io(unsigned int cmd, unsigned int count, - XEN_GUEST_HANDLE_PARAM(char) buffer) +long cf_check do_console_io( + unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer) { long rc; unsigned int idx, len; diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 07b10ec230..4dfd64cf71 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -18,12 +18,12 @@ #include #include -extern long +extern long cf_check do_sched_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_domctl( XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); @@ -32,7 +32,7 @@ arch_do_domctl( struct xen_domctl *domctl, struct domain *d, XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl); -extern long +extern long cf_check do_sysctl( XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); @@ -41,7 +41,7 @@ arch_do_sysctl( struct xen_sysctl *sysctl, XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl); -extern long +extern long cf_check do_platform_op( XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op); @@ -62,47 +62,47 @@ pci_physdev_op( #define MEMOP_EXTENT_SHIFT 6 /* cmd[:6] == start_extent */ #define MEMOP_CMD_MASK ((1 << MEMOP_EXTENT_SHIFT) - 1) -extern long +extern long cf_check do_memory_op( unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_t) call_list, unsigned int nr_calls); -extern long +extern long cf_check do_set_timer_op( s_time_t timeout); -extern long +extern long cf_check do_event_channel_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_xen_version( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_console_io( unsigned int cmd, unsigned int count, XEN_GUEST_HANDLE_PARAM(char) buffer); -extern long +extern long cf_check do_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count); -extern long +extern long cf_check do_vm_assist( unsigned int cmd, unsigned int type); -extern long +extern long cf_check do_vcpu_op( int cmd, unsigned int vcpuid, @@ -114,27 +114,27 @@ arch_do_vcpu_op(int cmd, struct vcpu *v, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_nmi_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_hvm_op( unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_kexec_op( unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); -extern long +extern long cf_check do_xsm_op( XEN_GUEST_HANDLE_PARAM(void) u_xsm_op); #ifdef CONFIG_ARGO -extern long do_argo_op( +extern long cf_check do_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, @@ -142,20 +142,20 @@ extern long do_argo_op( unsigned long arg4); #endif -extern long +extern long cf_check do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern long +extern long cf_check do_xenpmu_op(unsigned int op, XEN_GUEST_HANDLE_PARAM(xen_pmu_params_t) arg); -extern long +extern long cf_check do_dm_op( domid_t domid, unsigned int nr_bufs, XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs); #ifdef CONFIG_HYPFS -extern long +extern long cf_check do_hypfs_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(const_char) arg1, @@ -166,53 +166,54 @@ do_hypfs_op( #ifdef CONFIG_COMPAT -extern int +extern int cf_check compat_memory_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_grant_table_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) uop, unsigned int count); -extern int +extern int cf_check compat_vcpu_op( int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_xen_version( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_sched_op( int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); -extern int +extern int cf_check compat_set_timer_op( u32 lo, s32 hi); -extern int compat_xsm_op( +extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); -extern int compat_kexec_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); +extern int cf_check compat_kexec_op( + unsigned long op, XEN_GUEST_HANDLE_PARAM(void) uarg); DEFINE_XEN_GUEST_HANDLE(multicall_entry_compat_t); -extern int compat_multicall( +extern int cf_check compat_multicall( XEN_GUEST_HANDLE_PARAM(multicall_entry_compat_t) call_list, uint32_t nr_calls); #ifdef CONFIG_ARGO -extern long compat_argo_op( +extern long cf_check compat_argo_op( unsigned int cmd, XEN_GUEST_HANDLE_PARAM(void) arg1, XEN_GUEST_HANDLE_PARAM(void) arg2, @@ -220,7 +221,7 @@ extern long compat_argo_op( unsigned long arg4); #endif -extern int +extern int cf_check compat_dm_op( domid_t domid, unsigned int nr_bufs, diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 14d98f1f72..5fc3a5f754 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -219,13 +219,13 @@ bool __init has_xsm_magic(paddr_t start) #endif -long do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +long cf_check do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_xsm_op(op); } #ifdef CONFIG_COMPAT -int compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +int cf_check compat_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return xsm_do_compat_op(op); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277964.474843 (Exim 4.92) (envelope-from ) id 1nN9kP-0002e4-UU; Thu, 24 Feb 2022 08:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277964.474843; Thu, 24 Feb 2022 08:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kP-0002dw-RT; Thu, 24 Feb 2022 08:45:13 +0000 Received: by outflank-mailman (input) for mailman id 277964; Thu, 24 Feb 2022 08:45:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kP-0002dm-Fb for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kP-0000uB-Ek for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9kP-0005Cs-Ds for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Xlve3Wn5IolGEauhVSIAmT/gEvylZlxSJoq8fBjzNXw=; b=dfdYX+U1NEwZSe9hQ0dbAyl1cv RzkeBmVEizdnEqgJ7wssLWJUA0RST35AP7Euw2a2bq4qQuY75x7KTsYb/qyvKQ3E8fMnMtfXJlyUE JtXWRuJOE/482v2der+0TGhLGhLvdmjHnpayLNw/pTyKTpWbrk/brEE89/xKCrZuIbIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for custom_param() Message-Id: Date: Thu, 24 Feb 2022 08:45:13 +0000 commit 17f0c6176e16ada6b97ccc7caac4b0b00f8e9032 Author: Andrew Cooper AuthorDate: Wed Oct 27 14:21:51 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for custom_param() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The "watchdog_timeout" and "cpu_type" handlers were missing __init. The "numa", "acpi", "irq_vector_map" and "flask" handlers can skip forward declarations by altering the custom_param() position. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/apic.c | 4 ++-- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/cpuid.c | 8 ++++---- xen/arch/x86/dom0_build.c | 8 ++++---- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/hpet.c | 2 +- xen/arch/x86/hvm/viridian/viridian.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 8 ++++---- xen/arch/x86/io_apic.c | 2 +- xen/arch/x86/irq.c | 6 ++---- xen/arch/x86/mm.c | 2 +- xen/arch/x86/nmi.c | 4 ++-- xen/arch/x86/numa.c | 6 ++---- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/pv/domain.c | 8 ++++---- xen/arch/x86/pv/shim.c | 2 +- xen/arch/x86/setup.c | 11 +++++------ xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/arch/x86/time.c | 2 +- xen/arch/x86/tsx.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 2 +- xen/common/argo.c | 2 +- xen/common/core_parking.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/domain.c | 2 +- xen/common/efi/boot.c | 2 +- xen/common/grant_table.c | 14 +++++++------- xen/common/kexec.c | 6 +++--- xen/common/memory.c | 2 +- xen/common/page_alloc.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/sched/credit2.c | 2 +- xen/drivers/acpi/tables.c | 2 +- xen/drivers/char/console.c | 18 +++++++++--------- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/passthrough/amd/iommu_acpi.c | 6 +++--- xen/drivers/passthrough/iommu.c | 4 ++-- xen/drivers/passthrough/pci.c | 4 ++-- xen/drivers/passthrough/vtd/dmar.c | 2 +- xen/drivers/passthrough/vtd/quirks.c | 2 +- xen/drivers/video/vesa.c | 2 +- xen/xsm/flask/flask_op.c | 5 ++--- xen/xsm/xsm_core.c | 2 +- 49 files changed, 92 insertions(+), 98 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index d788c8bffc..5d73eb5917 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -106,7 +106,7 @@ void (*__read_mostly pm_idle_save)(void); unsigned int max_cstate __read_mostly = UINT_MAX; unsigned int max_csubstate __read_mostly = UINT_MAX; -static int __init parse_cstate(const char *s) +static int __init cf_check parse_cstate(const char *s) { max_cstate = simple_strtoul(s, &s, 0); if ( *s == ',' ) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5eaa77f66a..912d4c4d62 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -35,7 +35,7 @@ uint32_t system_reset_counter = 1; -static int __init parse_acpi_sleep(const char *s) +static int __init cf_check parse_acpi_sleep(const char *s) { const char *ss; unsigned int flag = 0; diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 5836561585..68e4d870c7 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -775,7 +775,7 @@ int lapic_resume(void) * Original code written by Keir Fraser. */ -static int __init lapic_disable(const char *str) +static int __init cf_check lapic_disable(const char *str) { enable_local_apic = -1; setup_clear_cpu_cap(X86_FEATURE_APIC); @@ -784,7 +784,7 @@ static int __init lapic_disable(const char *str) custom_param("nolapic", lapic_disable); boolean_param("lapic", enable_local_apic); -static int __init apic_set_verbosity(const char *str) +static int __init cf_check apic_set_verbosity(const char *str) { if (strcmp("debug", str) == 0) apic_verbosity = APIC_DEBUG; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index eae08caa07..ea86d84481 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -63,7 +63,7 @@ struct mca_banks *mca_allbanks; #endif int mce_verbosity; -static int __init mce_set_verbosity(const char *str) +static int __init cf_check mce_set_verbosity(const char *str) { if ( strcmp("verbose", str) == 0 ) mce_verbosity = MCE_VERBOSE; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index ac3ceb567c..95d35ca0f3 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -111,7 +111,7 @@ void __init microcode_set_module(unsigned int idx) * optional. If the EFI has forced which of the multiboot payloads is to be * used, only nmi= is parsed. */ -static int __init parse_ucode(const char *s) +static int __init cf_check parse_ucode(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 598291f4ec..b10d6e2eb4 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -56,7 +56,7 @@ static unsigned vpmu_count; static DEFINE_PER_CPU(struct vcpu *, last_vcpu); -static int __init parse_vpmu_params(const char *s) +static int __init cf_check parse_vpmu_params(const char *s) { const char *ss; int rc = 0, val; diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 7c638eff2b..bb554b06a7 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -101,7 +101,7 @@ static int __init always_inline parse_cpuid( return rc; } -static void __init _parse_xen_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_xen_cpuid(unsigned int feat, bool val) { if ( !val ) setup_clear_cpu_cap(feat); @@ -110,7 +110,7 @@ static void __init _parse_xen_cpuid(unsigned int feat, bool val) setup_force_cpu_cap(X86_FEATURE_RDRAND); } -static int __init parse_xen_cpuid(const char *s) +static int __init cf_check parse_xen_cpuid(const char *s) { return parse_cpuid(s, _parse_xen_cpuid); } @@ -120,13 +120,13 @@ static bool __initdata dom0_cpuid_cmdline; static uint32_t __initdata dom0_enable_feat[FSCAPINTS]; static uint32_t __initdata dom0_disable_feat[FSCAPINTS]; -static void __init _parse_dom0_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_dom0_cpuid(unsigned int feat, bool val) { __set_bit (feat, val ? dom0_enable_feat : dom0_disable_feat); __clear_bit(feat, val ? dom0_disable_feat : dom0_enable_feat ); } -static int __init parse_dom0_cpuid(const char *s) +static int __init cf_check parse_dom0_cpuid(const char *s) { dom0_cpuid_cmdline = true; diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c index a7fec05956..4d1c5c60e4 100644 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -115,7 +115,7 @@ static int __init parse_amt(const char *s, const char **ps, struct memsize *sz) return 0; } -static int __init parse_dom0_mem(const char *s) +static int __init cf_check parse_dom0_mem(const char *s) { int ret; @@ -144,7 +144,7 @@ custom_param("dom0_mem", parse_dom0_mem); static unsigned int __initdata opt_dom0_max_vcpus_min = 1; static unsigned int __initdata opt_dom0_max_vcpus_max = UINT_MAX; -static int __init parse_dom0_max_vcpus(const char *s) +static int __init cf_check parse_dom0_max_vcpus(const char *s) { if ( *s == '-' ) /* -M */ opt_dom0_max_vcpus_max = simple_strtoul(s + 1, &s, 0); @@ -168,7 +168,7 @@ static __initdata unsigned int dom0_pxms[MAX_NUMNODES] = { [0 ... MAX_NUMNODES - 1] = ~0 }; bool __initdata dom0_affinity_relaxed; -static int __init parse_dom0_nodes(const char *s) +static int __init cf_check parse_dom0_nodes(const char *s) { const char *ss; int rc = 0; @@ -266,7 +266,7 @@ bool __initdata opt_dom0_pvh = !IS_ENABLED(CONFIG_PV); bool __initdata opt_dom0_verbose = IS_ENABLED(CONFIG_VERBOSE_DEBUG); bool __initdata opt_dom0_msr_relaxed; -static int __init parse_dom0_param(const char *s) +static int __init cf_check parse_dom0_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index 66bc5ce072..ad57912f50 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -43,7 +43,7 @@ void __init generic_bigsmp_probe(void) } } -static int __init genapic_apic_force(const char *str) +static int __init cf_check genapic_apic_force(const char *str) { int i, rc = -EINVAL; diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 2fe8b005a5..7a810e4e71 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -65,7 +65,7 @@ u8 __initdata hpet_flags; static bool __initdata force_hpet_broadcast; boolean_param("hpetbroadcast", force_hpet_broadcast); -static int __init parse_hpet_param(const char *s) +static int __init cf_check parse_hpet_param(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/hvm/viridian/viridian.c b/xen/arch/x86/hvm/viridian/viridian.c index 8986b8e03c..7ebcaa1c89 100644 --- a/xen/arch/x86/hvm/viridian/viridian.c +++ b/xen/arch/x86/hvm/viridian/viridian.c @@ -1186,7 +1186,7 @@ static int viridian_load_vcpu_ctxt(struct domain *d, HVM_REGISTER_SAVE_RESTORE(VIRIDIAN_VCPU, viridian_save_vcpu_ctxt, viridian_load_vcpu_ctxt, 1, HVMSR_PER_VCPU); -static int __init parse_viridian_version(const char *arg) +static int __init cf_check parse_viridian_version(const char *arg) { const char *t; unsigned int n[3]; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 7ab15e07a0..f72a7db045 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -71,7 +71,7 @@ static bool __read_mostly opt_ept_pml = true; static s8 __read_mostly opt_ept_ad = -1; int8_t __read_mostly opt_ept_exec_sp = -1; -static int __init parse_ept_param(const char *s) +static int __init cf_check parse_ept_param(const char *s) { const char *ss; int val, rc = 0; @@ -107,16 +107,16 @@ static void update_ept_param(void) opt_ept_exec_sp); } -static void __init init_ept_param(struct param_hypfs *par) +static void __init cf_check init_ept_param(struct param_hypfs *par) { update_ept_param(); custom_runtime_set_var(par, opt_ept_setting); } -static int parse_ept_param_runtime(const char *s); +static int cf_check parse_ept_param_runtime(const char *s); custom_runtime_only_param("ept", parse_ept_param_runtime, init_ept_param); -static int parse_ept_param_runtime(const char *s) +static int cf_check parse_ept_param_runtime(const char *s) { struct domain *d; int val; diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 1c49a0fe14..4135a9c060 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1601,7 +1601,7 @@ static unsigned int startup_level_ioapic_irq(struct irq_desc *desc) return 0; /* don't check for pending */ } -static int __init setup_ioapic_ack(const char *s) +static int __init cf_check setup_ioapic_ack(const char *s) { if ( !strcmp(s, "old") ) { diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 67cbf6b979..84b174d0f5 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -28,8 +28,6 @@ #include #include -static int parse_irq_vector_map_param(const char *s); - /* opt_noirqbalance: If true, software IRQ balancing/affinity is disabled. */ bool __read_mostly opt_noirqbalance; boolean_param("noirqbalance", opt_noirqbalance); @@ -40,7 +38,6 @@ integer_param("nr_irqs", nr_irqs); /* This default may be changed by the AMD IOMMU code */ int __read_mostly opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_DEFAULT; -custom_param("irq_vector_map", parse_irq_vector_map_param); /* Max number of guests IRQ could be shared with */ static unsigned char __read_mostly irq_max_guests; @@ -66,7 +63,7 @@ static struct timer irq_ratelimit_timer; static unsigned int __read_mostly irq_ratelimit_threshold = 10000; integer_param("irq_ratelimit", irq_ratelimit_threshold); -static int __init parse_irq_vector_map_param(const char *s) +static int __init cf_check parse_irq_vector_map_param(const char *s) { const char *ss; int rc = 0; @@ -90,6 +87,7 @@ static int __init parse_irq_vector_map_param(const char *s) return rc; } +custom_param("irq_vector_map", parse_irq_vector_map_param); /* Must be called when irq disabled */ void lock_vector_lock(void) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index cdbd04e197..a1b8737096 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -189,7 +189,7 @@ static uint32_t base_disallow_mask; static s8 __read_mostly opt_mmio_relax; -static int __init parse_mmio_relax(const char *s) +static int __init cf_check parse_mmio_relax(const char *s) { if ( !*s ) opt_mmio_relax = 1; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index c515de6336..515a3633e5 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -48,7 +48,7 @@ bool __initdata opt_watchdog; /* watchdog_force: If true, process unknown NMIs when running the watchdog. */ bool watchdog_force; -static int __init parse_watchdog(const char *s) +static int __init cf_check parse_watchdog(const char *s) { if ( !*s ) { @@ -78,7 +78,7 @@ custom_param("watchdog", parse_watchdog); /* opt_watchdog_timeout: Number of seconds to wait before panic. */ static unsigned int opt_watchdog_timeout = 5; -static int parse_watchdog_timeout(const char *s) +static int __init cf_check parse_watchdog_timeout(const char *s) { const char *q; diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index ce79ee44ce..6be5a0c933 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -19,9 +19,6 @@ #include #include -static int numa_setup(const char *s); -custom_param("numa", numa_setup); - #ifndef Dprintk #define Dprintk(x...) #endif @@ -294,7 +291,7 @@ void numa_set_node(int cpu, nodeid_t node) } /* [numa=off] */ -static __init int numa_setup(const char *opt) +static int __init cf_check numa_setup(const char *opt) { if ( !strncmp(opt,"off",3) ) numa_off = true; @@ -321,6 +318,7 @@ static __init int numa_setup(const char *opt) return 0; } +custom_param("numa", numa_setup); /* * Setup early cpu_to_node. diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index a13bd82915..7842d95b95 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -340,7 +340,7 @@ static int __init p4_init(char ** cpu_type) static int force_arch_perfmon; -static int force_cpu_type(const char *str) +static int __init cf_check force_cpu_type(const char *str) { if (!strcmp(str, "arch_perfmon")) { force_arch_perfmon = 1; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index d805b85dc6..56916344cb 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -573,7 +573,7 @@ static bool __init parse_psr_bool(const char *s, const char *delim, return false; } -static int __init parse_psr_param(const char *s) +static int __init cf_check parse_psr_param(const char *s) { const char *ss, *val_delim; const char *q; diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 6ad533183b..125c4561a7 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -20,7 +20,7 @@ int8_t __read_mostly opt_pv32 = -1; #endif -static __init int parse_pv(const char *s) +static int __init cf_check parse_pv(const char *s) { const char *ss; int val, rc = 0; @@ -63,16 +63,16 @@ static const char opt_pcid_2_string[][7] = { [PCID_NOXPTI] = "noxpti", }; -static void __init opt_pcid_init(struct param_hypfs *par) +static void __init cf_check opt_pcid_init(struct param_hypfs *par) { custom_runtime_set_var(par, opt_pcid_2_string[opt_pcid]); } #endif -static int parse_pcid(const char *s); +static int cf_check parse_pcid(const char *s); custom_runtime_param("pcid", parse_pcid, opt_pcid_init); -static int parse_pcid(const char *s) +static int cf_check parse_pcid(const char *s) { int rc = 0; diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index 4c710ad891..ae4d8913fa 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -73,7 +73,7 @@ static uint64_t __initdata shim_nrpages; static uint64_t __initdata shim_min_nrpages; static uint64_t __initdata shim_max_nrpages; -static int __init parse_shim_mem(const char *s) +static int __init cf_check parse_shim_mem(const char *s) { do { if ( !strncmp(s, "min:", 4) ) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 2f6e10d0cf..3a4ec1fcfd 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -81,8 +81,6 @@ unsigned long __read_mostly cr4_pv32_mask; /* "acpi=ht": Limit ACPI just to boot-time to enable HT. */ /* "acpi=noirq": Disables ACPI interrupt routing. */ /* "acpi=verbose": Enables more verbose ACPI boot time logging. */ -static int parse_acpi_param(const char *s); -custom_param("acpi", parse_acpi_param); /* **** Linux config option: propagated to domain0. */ /* noapic: Disable IOAPIC setup. */ @@ -104,7 +102,7 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif -static int __init parse_cet(const char *s) +static int __init cf_check parse_cet(const char *s) { const char *ss; int val, rc = 0; @@ -159,7 +157,7 @@ static s8 __initdata opt_smep = -1; */ static struct domain *__initdata dom0; -static int __init parse_smep_param(const char *s) +static int __init cf_check parse_smep_param(const char *s) { if ( !*s ) { @@ -190,7 +188,7 @@ custom_param("smep", parse_smep_param); #define SMAP_HVM_ONLY (-2) static s8 __initdata opt_smap = -1; -static int __init parse_smap_param(const char *s) +static int __init cf_check parse_smap_param(const char *s) { if ( !*s ) { @@ -221,7 +219,7 @@ bool __read_mostly acpi_disabled; bool __initdata acpi_force; static char __initdata acpi_param[10] = ""; -static int __init parse_acpi_param(const char *s) +static int __init cf_check parse_acpi_param(const char *s) { /* Interpret the parameter for use within Xen. */ if ( !parse_bool(s, NULL) ) @@ -257,6 +255,7 @@ static int __init parse_acpi_param(const char *s) return 0; } +custom_param("acpi", parse_acpi_param); static const module_t *__initdata initial_images; static unsigned int __initdata nr_initial_images; diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index acef033143..a01354d933 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -56,7 +56,7 @@ static int reboot_mode; */ static enum reboot_type reboot_type = BOOT_INVALID; -static int __init set_reboot_type(const char *str) +static int __init cf_check set_reboot_type(const char *str) { int rc = 0; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index db27bc3f64..2d4cf5c7ef 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -68,7 +68,7 @@ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. static int8_t __initdata opt_srb_lock = -1; -static int __init parse_spec_ctrl(const char *s) +static int __init cf_check parse_spec_ctrl(const char *s) { const char *ss; int val, rc = 0; @@ -218,7 +218,7 @@ static __init void xpti_init_default(uint64_t caps) } } -static __init int parse_xpti(const char *s) +static int __init cf_check parse_xpti(const char *s) { const char *ss; int val, rc = 0; @@ -264,7 +264,7 @@ custom_param("xpti", parse_xpti); int8_t __read_mostly opt_pv_l1tf_hwdom = -1; int8_t __read_mostly opt_pv_l1tf_domu = -1; -static __init int parse_pv_l1tf(const char *s) +static int __init cf_check parse_pv_l1tf(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index bc41a3aa37..818a42a406 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2354,7 +2354,7 @@ int hwdom_pit_access(struct ioreq *ioreq) * tsc=skewed: Assume TSCs are individually reliable, but skewed across CPUs. * tsc=stable:socket: Assume TSCs are reliable across sockets. */ -static int __init tsc_parse(const char *s) +static int __init cf_check tsc_parse(const char *s) { if ( !strcmp(s, "unstable") ) { diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index be89741a2f..b156844cde 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -22,7 +22,7 @@ int8_t __read_mostly opt_tsx = -1; int8_t __read_mostly cpu_has_tsx_ctrl = -1; bool __read_mostly rtm_disabled; -static int __init parse_tsx(const char *s) +static int __init cf_check parse_tsx(const char *s) { int rc = 0, val = parse_bool(s, NULL); diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 7c3ed64b4c..2fa7f3f0bc 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -29,7 +29,7 @@ unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_MMCONF; -static int __init parse_mmcfg(const char *s) +static int __init cf_check parse_mmcfg(const char *s) { const char *ss; int rc = 0; diff --git a/xen/common/argo.c b/xen/common/argo.c index 1448faf657..297f6d11f0 100644 --- a/xen/common/argo.c +++ b/xen/common/argo.c @@ -78,7 +78,7 @@ DEFINE_COMPAT_HANDLE(compat_argo_iov_t); static bool __read_mostly opt_argo; static bool __read_mostly opt_argo_mac_permissive; -static int __init parse_argo(const char *s) +static int __init cf_check parse_argo(const char *s) { const char *ss; int val, rc = 0; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 411106c675..aa432ed2f5 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -40,7 +40,7 @@ static enum core_parking_controller { PERFORMANCE_FIRST } core_parking_controller __initdata = POWER_FIRST; -static int __init setup_core_parking_option(const char *str) +static int __init cf_check setup_core_parking_option(const char *str) { if ( !strcmp(str, "power") ) core_parking_controller = POWER_FIRST; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index f3794b9453..29b11239f5 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -38,7 +38,7 @@ static bool debugtrace_buf_empty = true; static bool debugtrace_used; static DEFINE_SPINLOCK(debugtrace_lock); -static int __init debugtrace_parse_param(const char *s) +static int __init cf_check debugtrace_parse_param(const char *s) { unsigned long bytes; diff --git a/xen/common/domain.c b/xen/common/domain.c index ac2746d0d6..dacd03254c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -354,7 +354,7 @@ static int late_hwdom_init(struct domain *d) static unsigned int __read_mostly extra_hwdom_irqs; static unsigned int __read_mostly extra_domU_irqs = 32; -static int __init parse_extra_guest_irqs(const char *s) +static int __init cf_check parse_extra_guest_irqs(const char *s) { if ( isdigit(*s) ) extra_domU_irqs = simple_strtoul(s, &s, 0); diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 12fd0844bd..f31f68fd4c 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1417,7 +1417,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) static bool __initdata efi_map_uc; -static int __init parse_efi_param(const char *s) +static int __init cf_check parse_efi_param(const char *s) { const char *ss; int rc = 0, val; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 153332b7bf..b663845d9c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -117,12 +117,12 @@ static void update_gnttab_par(unsigned int val, struct param_hypfs *par, custom_runtime_set_var_sz(par, parval, GRANT_CUSTOM_VAL_SZ); } -static void __init gnttab_max_frames_init(struct param_hypfs *par) +static void __init cf_check gnttab_max_frames_init(struct param_hypfs *par) { update_gnttab_par(opt_max_grant_frames, par, opt_max_grant_frames_val); } -static void __init max_maptrack_frames_init(struct param_hypfs *par) +static void __init cf_check max_maptrack_frames_init(struct param_hypfs *par) { update_gnttab_par(opt_max_maptrack_frames, par, opt_max_maptrack_frames_val); @@ -156,23 +156,23 @@ static int parse_gnttab_limit(const char *arg, unsigned int *valp, return 0; } -static int parse_gnttab_max_frames(const char *arg); +static int cf_check parse_gnttab_max_frames(const char *arg); custom_runtime_param("gnttab_max_frames", parse_gnttab_max_frames, gnttab_max_frames_init); -static int parse_gnttab_max_frames(const char *arg) +static int cf_check parse_gnttab_max_frames(const char *arg) { return parse_gnttab_limit(arg, &opt_max_grant_frames, param_2_parfs(parse_gnttab_max_frames), opt_max_grant_frames_val); } -static int parse_gnttab_max_maptrack_frames(const char *arg); +static int cf_check parse_gnttab_max_maptrack_frames(const char *arg); custom_runtime_param("gnttab_max_maptrack_frames", parse_gnttab_max_maptrack_frames, max_maptrack_frames_init); -static int parse_gnttab_max_maptrack_frames(const char *arg) +static int cf_check parse_gnttab_max_maptrack_frames(const char *arg) { return parse_gnttab_limit(arg, &opt_max_maptrack_frames, param_2_parfs(parse_gnttab_max_maptrack_frames), @@ -191,7 +191,7 @@ static bool __ro_after_init opt_grant_transfer = true; #define opt_grant_transfer false #endif -static int __init parse_gnttab(const char *s) +static int __init cf_check parse_gnttab(const char *s) { const char *ss, *e; int val, rc = 0; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 8471590aee..6286c0bbf0 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -104,7 +104,7 @@ static void *crash_heap_current = NULL, *crash_heap_end = NULL; * < and below are synonyomous, the latter being useful for grub2 systems * which would otherwise require escaping of the < option */ -static int __init parse_crashkernel(const char *str) +static int __init cf_check parse_crashkernel(const char *str) { const char *cur; int rc = 0; @@ -201,7 +201,7 @@ custom_param("crashkernel", parse_crashkernel); * - all will allocate additional structures such as domain and vcpu structs * low so the crash kernel can perform an extended analysis of state. */ -static int __init parse_low_crashinfo(const char *str) +static int __init cf_check parse_low_crashinfo(const char *str) { if ( !strlen(str) ) @@ -230,7 +230,7 @@ custom_param("low_crashinfo", parse_low_crashinfo); * * will be rounded down to the nearest power of two. Defaults to 64G */ -static int __init parse_crashinfo_maxaddr(const char *str) +static int __init cf_check parse_crashinfo_maxaddr(const char *str) { u64 addr; const char *q; diff --git a/xen/common/memory.c b/xen/common/memory.c index 38732dde6f..ede45c4af9 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -62,7 +62,7 @@ static unsigned int __read_mostly hwdom_max_order = CONFIG_HWDOM_MAX_ORDER; static unsigned int __read_mostly ptdom_max_order = CONFIG_PTDOM_MAX_ORDER; #endif -static int __init parse_max_order(const char *s) +static int __init cf_check parse_max_order(const char *s) { if ( *s != ',' ) domu_max_order = simple_strtoul(s, &s, 0); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index f8749b0787..ad06655158 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -179,7 +179,7 @@ enum bootscrub_mode { * https://bugs.llvm.org/show_bug.cgi?id=39707 */ static enum bootscrub_mode __read_mostly opt_bootscrub = BOOTSCRUB_IDLE; -static int __init parse_bootscrub_param(const char *s) +static int __init cf_check parse_bootscrub_param(const char *s) { /* Interpret 'bootscrub' alone in its positive boolean form */ if ( *s == '\0' ) diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index 8c6e6eb9cc..f0dd626054 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -93,7 +93,7 @@ static int sched_gran_get(const char *str, enum sched_gran *mode) return -EINVAL; } -static int __init sched_select_granularity(const char *str) +static int __init cf_check sched_select_granularity(const char *str) { return sched_gran_get(str, &opt_sched_granularity); } diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index 6396b38e04..a5f073cda5 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -456,7 +456,7 @@ static const char *const opt_runqueue_str[] = { }; static int __read_mostly opt_runqueue = OPT_RUNQUEUE_SOCKET; -static int __init parse_credit2_runqueue(const char *s) +static int __init cf_check parse_credit2_runqueue(const char *s) { unsigned int i; diff --git a/xen/drivers/acpi/tables.c b/xen/drivers/acpi/tables.c index f39cd5eaac..96ff96b84c 100644 --- a/xen/drivers/acpi/tables.c +++ b/xen/drivers/acpi/tables.c @@ -472,7 +472,7 @@ int __init acpi_table_init(void) return 0; } -static int __init acpi_parse_apic_instance(const char *str) +static int __init cf_check acpi_parse_apic_instance(const char *str) { const char *q; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index a043e9521a..4694be83db 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -88,7 +88,7 @@ static const char con_timestamp_mode_2_string[][7] = { [TSM_RAW] = "raw", }; -static void con_timestamp_mode_upd(struct param_hypfs *par) +static void cf_check con_timestamp_mode_upd(struct param_hypfs *par) { const char *val = con_timestamp_mode_2_string[opt_con_timestamp_mode]; @@ -98,7 +98,7 @@ static void con_timestamp_mode_upd(struct param_hypfs *par) #define con_timestamp_mode_upd(par) #endif -static int parse_console_timestamps(const char *s); +static int cf_check parse_console_timestamps(const char *s); custom_runtime_param("console_timestamps", parse_console_timestamps, con_timestamp_mode_upd); @@ -160,8 +160,8 @@ static int __read_mostly xenlog_guest_upper_thresh = static int __read_mostly xenlog_guest_lower_thresh = XENLOG_GUEST_LOWER_THRESHOLD; -static int parse_loglvl(const char *s); -static int parse_guest_loglvl(const char *s); +static int cf_check parse_loglvl(const char *s); +static int cf_check parse_guest_loglvl(const char *s); #ifdef CONFIG_HYPFS #define LOGLVL_VAL_SZ 16 @@ -176,13 +176,13 @@ static void xenlog_update_val(int lower, int upper, char *val) snprintf(val, LOGLVL_VAL_SZ, "%s/%s", lvl2opt[lower], lvl2opt[upper]); } -static void __init xenlog_init(struct param_hypfs *par) +static void __init cf_check xenlog_init(struct param_hypfs *par) { xenlog_update_val(xenlog_lower_thresh, xenlog_upper_thresh, xenlog_val); custom_runtime_set_var(par, xenlog_val); } -static void __init xenlog_guest_init(struct param_hypfs *par) +static void __init cf_check xenlog_guest_init(struct param_hypfs *par) { xenlog_update_val(xenlog_guest_lower_thresh, xenlog_guest_upper_thresh, xenlog_guest_val); @@ -240,7 +240,7 @@ static int _parse_loglvl(const char *s, int *lower, int *upper, char *val) return *s ? -EINVAL : 0; } -static int parse_loglvl(const char *s) +static int cf_check parse_loglvl(const char *s) { int ret; @@ -251,7 +251,7 @@ static int parse_loglvl(const char *s) return ret; } -static int parse_guest_loglvl(const char *s) +static int cf_check parse_guest_loglvl(const char *s) { int ret; @@ -793,7 +793,7 @@ static int printk_prefix_check(char *p, char **pp) ((loglvl < upper_thresh) && printk_ratelimit())); } -static int parse_console_timestamps(const char *s) +static int cf_check parse_console_timestamps(const char *s) { switch ( parse_bool(s, NULL) ) { diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 419aae83ee..36b0792962 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -65,7 +65,7 @@ enum cpufreq_controller cpufreq_controller = FREQCTL_xen; static int __init cpufreq_cmdline_parse(const char *s); -static int __init setup_cpufreq_option(const char *str) +static int __init cf_check setup_cpufreq_option(const char *str) { const char *arg = strpbrk(str, ",:"); int choice; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index b07fa4c401..5ea2277328 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -704,7 +704,7 @@ static u16 __init parse_ivhd_device_extended_range( return dev_length; } -static int __init parse_ivrs_ioapic(const char *str) +static int __init cf_check parse_ivrs_ioapic(const char *str) { const char *s = str; unsigned long id; @@ -742,7 +742,7 @@ static int __init parse_ivrs_ioapic(const char *str) } custom_param("ivrs_ioapic[", parse_ivrs_ioapic); -static int __init parse_ivrs_hpet(const char *str) +static int __init cf_check parse_ivrs_hpet(const char *str) { const char *s = str; unsigned long id; @@ -1369,7 +1369,7 @@ int __init amd_iommu_get_supported_ivhd_type(void) * Format: * ivmd=[-][=[-'][,[-'][,...]]][;...] */ -static int __init parse_ivmd_param(const char *s) +static int __init cf_check parse_ivmd_param(const char *s) { do { unsigned long start, end; diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index fc18f63bd4..6ee267d2bf 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -64,7 +64,7 @@ bool_t __read_mostly amd_iommu_perdev_intremap = 1; DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); -static int __init parse_iommu_param(const char *s) +static int __init cf_check parse_iommu_param(const char *s) { const char *ss; int val, rc = 0; @@ -135,7 +135,7 @@ static int __init parse_iommu_param(const char *s) } custom_param("iommu", parse_iommu_param); -static int __init parse_dom0_iommu_param(const char *s) +static int __init cf_check parse_dom0_iommu_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 70b6684981..4b59b332f0 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -146,7 +146,7 @@ static struct phantom_dev { } phantom_devs[8]; static unsigned int nr_phantom_devs; -static int __init parse_phantom_dev(const char *str) +static int __init cf_check parse_phantom_dev(const char *str) { const char *s; unsigned int seg, bus, slot; @@ -182,7 +182,7 @@ custom_param("pci-phantom", parse_phantom_dev); static u16 __read_mostly command_mask; static u16 __read_mostly bridge_ctl_mask; -static int __init parse_pci_param(const char *s) +static int __init cf_check parse_pci_param(const char *s) { const char *ss; int rc = 0; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 33a12b2ae9..b152f3da91 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -1084,7 +1084,7 @@ int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) * If a segment is specified for other than the first device, and it does not * match the one specified for the first one, an error will be reported. */ -static int __init parse_rmrr_param(const char *str) +static int __init cf_check parse_rmrr_param(const char *str) { const char *s = str, *cur, *stmp; unsigned int seg, bus, dev, func, dev_count; diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c index 52b47dd893..0590ddeea7 100644 --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -308,7 +308,7 @@ void vtd_ops_postamble_quirk(struct vtd_iommu *iommu) } } -static int __init parse_snb_timeout(const char *s) +static int __init cf_check parse_snb_timeout(const char *s) { int t; const char *q = NULL; diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index 0342a3dede..c8f81a5cc5 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -29,7 +29,7 @@ integer_param("vesa-ram", vram_total); static unsigned int __initdata vram_remap; static unsigned int __initdata font_height; -static int __init parse_font_height(const char *s) +static int __init cf_check parse_font_height(const char *s) { if ( simple_strtoul(s, &s, 10) == 8 && (*s++ == 'x') ) font_height = simple_strtoul(s, &s, 10); diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index bb3bebc30e..2d7ca3abae 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -28,8 +28,6 @@ #define _copy_from_guest copy_from_guest enum flask_bootparam_t __read_mostly flask_bootparam = FLASK_BOOTPARAM_ENFORCING; -static int parse_flask_param(const char *s); -custom_param("flask", parse_flask_param); bool __read_mostly flask_enforcing = true; @@ -60,7 +58,7 @@ static int flask_security_make_bools(void); extern int ss_initialized; -static int __init parse_flask_param(const char *s) +static int __init cf_check parse_flask_param(const char *s) { if ( !strcmp(s, "enforcing") ) flask_bootparam = FLASK_BOOTPARAM_ENFORCING; @@ -75,6 +73,7 @@ static int __init parse_flask_param(const char *s) return (flask_bootparam == FLASK_BOOTPARAM_INVALID) ? -EINVAL : 0; } +custom_param("flask", parse_flask_param); static int domain_has_security(struct domain *d, u32 perms) { diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c index 5fc3a5f754..2286a502e3 100644 --- a/xen/xsm/xsm_core.c +++ b/xen/xsm/xsm_core.c @@ -55,7 +55,7 @@ static enum xsm_bootparam __initdata xsm_bootparam = XSM_BOOTPARAM_DUMMY; #endif -static int __init parse_xsm_param(const char *s) +static int __init cf_check parse_xsm_param(const char *s) { int rc = 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277965.474847 (Exim 4.92) (envelope-from ) id 1nN9kb-0002hn-1e; Thu, 24 Feb 2022 08:45:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277965.474847; Thu, 24 Feb 2022 08:45:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ka-0002hf-Un; Thu, 24 Feb 2022 08:45:24 +0000 Received: by outflank-mailman (input) for mailman id 277965; Thu, 24 Feb 2022 08:45:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kZ-0002hV-LQ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kZ-0000uF-KY for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9kZ-0005E3-Jf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2gi2hRUirYDiM+ouGYMlVKuvMtVjpUESVevqvRNlxMM=; b=CrnLnSVawlYClB1HyiVplv/gTX l4Cq9L+litFBSK9ozUGrprGSizya2QnnCEWvpJzlE9LluGsztfqxaSlSU94Zn7Ok0bXcBCNqleYGl fMgGK594MOEvd5kw3tS7v3mV6lfaeTWvMYwPdSv7m7riOx43AArYf26/DK52myVUURoE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for __initcall() Message-Id: Date: Thu, 24 Feb 2022 08:45:23 +0000 commit 7629460eeb8487de8a13fefe6b73716cc0cdeafe Author: Andrew Cooper AuthorDate: Thu Oct 28 10:24:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for __initcall() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 4 ++-- xen/arch/x86/acpi/cpufreq/cpufreq.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/mtrr/main.c | 2 +- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/domain.c | 2 +- xen/arch/x86/extable.c | 2 +- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/arch/x86/hvm/irq.c | 2 +- xen/arch/x86/hvm/mtrr.c | 2 +- xen/arch/x86/hvm/nestedhvm.c | 3 +-- xen/arch/x86/hvm/quirks.c | 2 +- xen/arch/x86/include/asm/hvm/save.h | 2 +- xen/arch/x86/ioport_emulate.c | 4 ++-- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/mm/shadow/common.c | 4 ++-- xen/arch/x86/msi.c | 2 +- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/numa.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/pv/domain.c | 2 +- xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/time.c | 8 ++++---- xen/common/core_parking.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/gdbstub.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/kernel.c | 4 ++-- xen/common/kexec.c | 2 +- xen/common/livepatch.c | 2 +- xen/common/page_alloc.c | 4 ++-- xen/common/radix-tree.c | 2 +- xen/common/random.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/spinlock.c | 2 +- xen/common/stop_machine.c | 2 +- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/cpufreq/cpufreq_misc_governors.c | 6 +++--- xen/drivers/cpufreq/cpufreq_ondemand.c | 2 +- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 2 +- xen/drivers/passthrough/pci.c | 2 +- xen/drivers/passthrough/vtd/iommu.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 48 files changed, 60 insertions(+), 61 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 5d73eb5917..7902ccce6b 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -410,7 +410,7 @@ static void dump_cx(unsigned char key) } } -static int __init cpu_idle_key_init(void) +static int __init cf_check cpu_idle_key_init(void) { register_keyhandler('c', dump_cx, "dump ACPI Cx structures", 1); return 0; @@ -1655,7 +1655,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpuidle_presmp_init(void) +static int __init cf_check cpuidle_presmp_init(void) { void *cpu = (void *)(long)smp_processor_id(); diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 029c9398c4..9510f05340 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -630,7 +630,7 @@ static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { .exit = acpi_cpufreq_cpu_exit, }; -static int __init cpufreq_driver_init(void) +static int __init cf_check cpufreq_driver_init(void) { int ret = 0; diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index ec52d37c96..2679c220a8 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -86,7 +86,7 @@ static void mce_work_fn(void *data) adjust = 0; } -static int __init init_nonfatal_mce_checker(void) +static int __init cf_check init_nonfatal_mce_checker(void) { struct cpuinfo_x86 *c = &boot_cpu_data; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 95d35ca0f3..46f55fe7f1 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -696,7 +696,7 @@ int microcode_update(XEN_GUEST_HANDLE(const_void) buf, unsigned long len) microcode_update_helper, buffer); } -static int __init microcode_init(void) +static int __init cf_check microcode_init(void) { /* * At this point, all CPUs should have updated their microcode diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index e9df53f00d..428133100d 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -632,7 +632,7 @@ void mtrr_bp_restore(void) mtrr_if->set_all(); } -static int __init mtrr_init_finialize(void) +static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index b10d6e2eb4..9fc897dc84 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -844,7 +844,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init vpmu_init(void) +static int __init cf_check vpmu_init(void) { int vendor = current_cpu_data.x86_vendor; const struct arch_vpmu_ops *ops = NULL; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9835f90ea0..36748f67da 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2533,7 +2533,7 @@ static void vcpu_kick_softirq(void) */ } -static int __init init_vcpu_kick_softirq(void) +static int __init cf_check init_vcpu_kick_softirq(void) { open_softirq(VCPU_KICK_SOFTIRQ, vcpu_kick_softirq); return 0; diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 78d6727225..51ef863d78 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -126,7 +126,7 @@ search_exception_table(const struct cpu_user_regs *regs) #ifndef NDEBUG #include -static int __init stub_selftest(void) +static int __init cf_check stub_selftest(void) { static const struct { uint8_t opc[4]; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4e685c1b0c..2ae1685d0a 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -164,7 +164,7 @@ static bool __init hap_supported(struct hvm_function_table *fns) return true; } -static int __init hvm_enable(void) +static int __init cf_check hvm_enable(void) { const struct hvm_function_table *fns = NULL; @@ -1506,7 +1506,7 @@ static int hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) /* We need variable length data chunks for XSAVE area and MSRs, hence * a custom declaration rather than HVM_REGISTER_SAVE_RESTORE. */ -static int __init hvm_register_CPU_save_and_restore(void) +static int __init cf_check hvm_register_CPU_save_and_restore(void) { hvm_register_savevm(CPU_XSAVE_CODE, "CPU_XSAVE", diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 52aae4565f..6045c9149b 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -650,7 +650,7 @@ static void dump_irq_info(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static int __init dump_irq_info_key_init(void) +static int __init cf_check dump_irq_info_key_init(void) { register_keyhandler('I', dump_irq_info, "dump HVM irq info", 1); return 0; diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index 4a9f3177ed..b3ef1bf541 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -75,7 +75,7 @@ static uint8_t __read_mostly mtrr_epat_tbl[MTRR_NUM_TYPES][MEMORY_NUM_TYPES] = static uint8_t __read_mostly pat_entry_tbl[PAT_TYPE_NUMS] = { [0 ... PAT_TYPE_NUMS-1] = INVALID_MEM_TYPE }; -static int __init hvm_mtrr_pat_init(void) +static int __init cf_check hvm_mtrr_pat_init(void) { unsigned int i, j; diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 5021da667a..2351688448 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -125,8 +125,7 @@ nestedhvm_vmcx_flushtlb(struct p2m_domain *p2m) * iomap[2] set set */ -static int __init -nestedhvm_setup(void) +static int __init cf_check nestedhvm_setup(void) { /* Same format and size as hvm_io_bitmap (Intel needs only 2 pages). */ unsigned nr = cpu_has_vmx ? 2 : 3; diff --git a/xen/arch/x86/hvm/quirks.c b/xen/arch/x86/hvm/quirks.c index 54cc66c382..917356b131 100644 --- a/xen/arch/x86/hvm/quirks.c +++ b/xen/arch/x86/hvm/quirks.c @@ -36,7 +36,7 @@ static int __init dmi_hvm_deny_port80(const struct dmi_system_id *id) return 0; } -static int __init check_port80(void) +static int __init cf_check check_port80(void) { /* * Quirk table for systems that misbehave (lock up, etc.) if port diff --git a/xen/arch/x86/include/asm/hvm/save.h b/xen/arch/x86/include/asm/hvm/save.h index 4efc535055..e975011ddb 100644 --- a/xen/arch/x86/include/asm/hvm/save.h +++ b/xen/arch/x86/include/asm/hvm/save.h @@ -115,7 +115,7 @@ void hvm_register_savevm(uint16_t typecode, /* Syntactic sugar around that function: specify the max number of * saves, and this calculates the size of buffer needed */ #define HVM_REGISTER_SAVE_RESTORE(_x, _save, _load, _num, _k) \ -static int __init __hvm_register_##_x##_save_and_restore(void) \ +static int __init cf_check __hvm_register_##_x##_save_and_restore(void) \ { \ hvm_register_savevm(HVM_SAVE_CODE(_x), \ #_x, \ diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index cf1f3f9229..6caeb3d470 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -11,7 +11,7 @@ unsigned int (*__read_mostly ioemul_handle_quirk)( uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); -static unsigned int ioemul_handle_proliant_quirk( +static unsigned int cf_check ioemul_handle_proliant_quirk( u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) { static const char stub[] = { @@ -100,7 +100,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { { } }; -static int __init ioport_quirks_init(void) +static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) ioemul_handle_quirk = ioemul_handle_proliant_quirk; diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 84b174d0f5..bcf46cd54d 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -954,7 +954,7 @@ static void irq_ratelimit_timer_fn(void *data) spin_unlock_irqrestore(&irq_ratelimit_lock, flags); } -static int __init irq_ratelimit_init(void) +static int __init cf_check irq_ratelimit_init(void) { if ( irq_ratelimit_threshold ) init_timer(&irq_ratelimit_timer, irq_ratelimit_timer_fn, NULL, 0); @@ -2504,7 +2504,7 @@ static void dump_irqs(unsigned char key) dump_ioapic_irq_info(); } -static int __init setup_dump_irqs(void) +static int __init cf_check setup_dump_irqs(void) { /* In lieu of being able to live in init_irq_data(). */ BUILD_BUG_ON(sizeof(irq_max_guests) > diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 6221630fc2..b8730a9441 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -105,7 +105,7 @@ static void shadow_audit_key(unsigned char key) __func__, shadow_audit_enable); } -static int __init shadow_audit_key_init(void) +static int __init cf_check shadow_audit_key_init(void) { register_keyhandler('O', shadow_audit_key, "toggle shadow audits", 0); return 0; @@ -1057,7 +1057,7 @@ static void shadow_blow_all_tables(unsigned char c) } /* Register this function in the Xen console keypress table */ -static __init int shadow_blow_tables_keyhandler_init(void) +static int __init cf_check shadow_blow_tables_keyhandler_init(void) { register_keyhandler('S', shadow_blow_all_tables, "reset shadow pagetables", 1); return 0; diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 5febc0ea4b..d1497254b1 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1485,7 +1485,7 @@ static void dump_msi(unsigned char key) vpci_dump_msi(); } -static int __init msi_setup_keyhandler(void) +static int __init cf_check msi_setup_keyhandler(void) { register_keyhandler('M', dump_msi, "dump MSI state", 1); return 0; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 515a3633e5..b112921b39 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -605,7 +605,7 @@ static void do_nmi_stats(unsigned char key) printk("%pv: NMI neither pending nor masked\n", v); } -static __init int register_nmi_trigger(void) +static int __init cf_check register_nmi_trigger(void) { register_keyhandler('N', do_nmi_trigger, "trigger an NMI", 0); register_keyhandler('n', do_nmi_stats, "NMI statistics", 1); diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 6be5a0c933..5de9db4e99 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -504,7 +504,7 @@ static void dump_numa(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static __init int register_numa_trigger(void) +static int __init cf_check register_numa_trigger(void) { register_keyhandler('u', dump_numa, "dump NUMA info", 1); return 0; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index 7842d95b95..ba9c4b9804 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -388,7 +388,7 @@ static int __init arch_perfmon_init(char **cpu_type) return 1; } -static int __init nmi_init(void) +static int __init cf_check nmi_init(void) { __u8 vendor = current_cpu_data.x86_vendor; __u8 family = current_cpu_data.x86; diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index 5ea14b6ec3..0e0b6577ca 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -94,7 +94,7 @@ static struct notifier_block cpu_percpu_nfb = { .priority = 100 /* highest priority */ }; -static int __init percpu_presmp_init(void) +static int __init cf_check percpu_presmp_init(void) { register_cpu_notifier(&cpu_percpu_nfb); diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 56916344cb..9a3670afc3 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1675,7 +1675,7 @@ static struct notifier_block cpu_nfb = { .priority = -1 }; -static int __init psr_presmp_init(void) +static int __init cf_check psr_presmp_init(void) { if ( (opt_psr & PSR_CMT) && opt_rmid_max ) init_psr_cmt(opt_rmid_max); diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 125c4561a7..55146c15c8 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -167,7 +167,7 @@ unsigned long pv_fixup_guest_cr4(const struct vcpu *v, unsigned long cr4) static int8_t __read_mostly opt_global_pages = -1; boolean_runtime_param("global-pages", opt_global_pages); -static int __init pge_init(void) +static int __init cf_check pge_init(void) { if ( opt_global_pages == -1 ) opt_global_pages = !cpu_has_hypervisor || diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index a01354d933..ad3e3a7691 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -533,7 +533,7 @@ static const struct dmi_system_id __initconstrel reboot_dmi_table[] = { { } }; -static int __init reboot_init(void) +static int __init cf_check reboot_init(void) { /* * Only do the DMI check if reboot_type hasn't been overridden diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 818a42a406..b94aa8f216 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -537,7 +537,7 @@ static struct platform_timesource __initdata plt_pmtimer = static struct time_scale __read_mostly pmt_scale; -static __init int init_pmtmr_scale(void) +static __init int cf_check init_pmtmr_scale(void) { set_time_scale(&pmt_scale, ACPI_PM_FREQUENCY); return 0; @@ -2051,7 +2051,7 @@ static void __init try_platform_timer_tail(void) } /* Late init function, after all cpus have booted */ -static int __init verify_tsc_reliability(void) +static int __init cf_check verify_tsc_reliability(void) { if ( boot_cpu_has(X86_FEATURE_TSC_RELIABLE) ) { @@ -2221,7 +2221,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) return ret; } -static int __init disable_pit_irq(void) +static int __init cf_check disable_pit_irq(void) { if ( !_disable_pit_irq(hpet_broadcast_init) ) { @@ -2584,7 +2584,7 @@ static void dump_softtsc(unsigned char key) printk("No domains have emulated TSC\n"); } -static int __init setup_dump_softtsc(void) +static int __init cf_check setup_dump_softtsc(void) { register_keyhandler('s', dump_softtsc, "dump softtsc stats", 1); return 0; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index aa432ed2f5..44a907abfd 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -258,7 +258,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) return 0; } -static int __init core_parking_init(void) +static int __init cf_check core_parking_init(void) { int ret = 0; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index 29b11239f5..f3c0fd8aa1 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -279,7 +279,7 @@ static struct notifier_block debugtrace_nfb = { .notifier_call = debugtrace_cpu_callback }; -static int __init debugtrace_init(void) +static int __init cf_check debugtrace_init(void) { unsigned int cpu; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index a5ee8b8ebf..2026bc30dc 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1642,7 +1642,7 @@ static void dump_evtchn_info(unsigned char key) rcu_read_unlock(&domlist_read_lock); } -static int __init dump_evtchn_info_key_init(void) +static int __init cf_check dump_evtchn_info_key_init(void) { register_keyhandler('e', dump_evtchn_info, "dump evtchn info", 1); return 0; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 848c1f4327..99bfd9a654 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -640,7 +640,7 @@ __trap_to_gdb(struct cpu_user_regs *regs, unsigned long cookie) return rc; } -static int __init initialise_gdb(void) +static int __init cf_check initialise_gdb(void) { if ( *opt_gdb == '\0' ) return 0; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index b663845d9c..1078e3e16c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4291,7 +4291,7 @@ static void gnttab_usage_print_all(unsigned char key) printk("%s ] done\n", __func__); } -static int __init gnttab_usage_init(void) +static int __init cf_check gnttab_usage_init(void) { register_keyhandler('g', gnttab_usage_print_all, "print grant table usage", 1); diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 752c2e0dae..adff2d2c77 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -393,7 +393,7 @@ static HYPFS_STRING_INIT(extra, "extra"); static HYPFS_STRING_INIT(config, "config"); #endif -static int __init buildinfo_init(void) +static int __init cf_check buildinfo_init(void) { hypfs_add_dir(&hypfs_root, &buildinfo, true); @@ -431,7 +431,7 @@ __initcall(buildinfo_init); static HYPFS_DIR_INIT(params, "params"); -static int __init param_init(void) +static int __init cf_check param_init(void) { struct param_hypfs *param; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 6286c0bbf0..36384f782d 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -570,7 +570,7 @@ void __init kexec_early_calculations(void) crashinfo_maxaddr_bits = fls64(crashinfo_maxaddr) - 1; } -static int __init kexec_init(void) +static int __init cf_check kexec_init(void) { void *cpu = (void *)(unsigned long)smp_processor_id(); diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..33708b4e23 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2139,7 +2139,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init livepatch_init(void) +static int __init cf_check livepatch_init(void) { unsigned int cpu; diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index ad06655158..561e238d2d 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2549,7 +2549,7 @@ static void pagealloc_info(unsigned char key) printk(" Dom heap: %lukB free\n", total << (PAGE_SHIFT-10)); } -static __init int pagealloc_keyhandler_init(void) +static __init int cf_check pagealloc_keyhandler_init(void) { register_keyhandler('m', pagealloc_info, "memory info", 1); return 0; @@ -2597,7 +2597,7 @@ static void dump_heap(unsigned char key) } } -static __init int register_heap_trigger(void) +static __init int cf_check register_heap_trigger(void) { register_keyhandler('H', dump_heap, "dump heap info", 1); return 0; diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 2384655a2e..628a7e0698 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -744,7 +744,7 @@ static __init unsigned long __maxindex(unsigned int height) return ~0UL >> shift; } -static __init int radix_tree_init_maxindex(void) +static int __init cf_check radix_tree_init_maxindex(void) { unsigned int i; diff --git a/xen/common/random.c b/xen/common/random.c index fb805b0ecd..a29f2fcb99 100644 --- a/xen/common/random.c +++ b/xen/common/random.c @@ -31,7 +31,7 @@ unsigned int get_random(void) return val; } -static int __init init_boot_random(void) +static int __init cf_check init_boot_random(void) { boot_random = get_random(); return 0; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index f0dd626054..f26c7f2895 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1218,7 +1218,7 @@ static void cpupool_hypfs_init(void) #endif /* CONFIG_HYPFS */ -static int __init cpupool_init(void) +static int __init cf_check cpupool_init(void) { unsigned int cpu; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index b90981bb27..5ce7e33638 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -508,7 +508,7 @@ void _lock_profile_deregister_struct( spin_unlock(&lock_profile_lock); } -static int __init lock_prof_init(void) +static int __init cf_check lock_prof_init(void) { struct lock_profile **q; diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index 2d5f6aef61..8979d553d6 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -198,7 +198,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpu_stopmachine_init(void) +static int __init cf_check cpu_stopmachine_init(void) { unsigned int cpu; for_each_online_cpu ( cpu ) diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 36b0792962..e55e202d5a 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -657,7 +657,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; -static int __init cpufreq_presmp_init(void) +static int __init cf_check cpufreq_presmp_init(void) { register_cpu_notifier(&cpu_nfb); return 0; diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index 746bbcd5ff..8343f491da 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -116,7 +116,7 @@ struct cpufreq_governor cpufreq_gov_userspace = { .handle_option = cpufreq_userspace_handle_option }; -static int __init cpufreq_gov_userspace_init(void) +static int __init cf_check cpufreq_gov_userspace_init(void) { unsigned int cpu; @@ -160,7 +160,7 @@ struct cpufreq_governor cpufreq_gov_performance = { .governor = cpufreq_governor_performance, }; -static int __init cpufreq_gov_performance_init(void) +static int __init cf_check cpufreq_gov_performance_init(void) { return cpufreq_register_governor(&cpufreq_gov_performance); } @@ -199,7 +199,7 @@ struct cpufreq_governor cpufreq_gov_powersave = { .governor = cpufreq_governor_powersave, }; -static int __init cpufreq_gov_powersave_init(void) +static int __init cf_check cpufreq_gov_powersave_init(void) { return cpufreq_register_governor(&cpufreq_gov_powersave); } diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index 6b905d7cfc..cabd9ffa88 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -356,7 +356,7 @@ struct cpufreq_governor cpufreq_gov_dbs = { .handle_option = cpufreq_dbs_handle_option }; -static int __init cpufreq_gov_dbs_init(void) +static int __init cf_check cpufreq_gov_dbs_init(void) { return cpufreq_register_governor(&cpufreq_gov_dbs); } diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 93243424e8..04517c1a02 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -234,7 +234,7 @@ int amd_iommu_prepare(bool xt); int amd_iommu_init(bool xt); int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int iov_adjust_irq_affinities(void); +int cf_check iov_adjust_irq_affinities(void); int amd_iommu_quarantine_init(struct domain *d); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 559a734bda..f1ed755582 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -808,7 +808,7 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) return 1; } -int iov_adjust_irq_affinities(void) +int cf_check iov_adjust_irq_affinities(void) { const struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 4b59b332f0..9f79a01608 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1358,7 +1358,7 @@ static void dump_pci_devices(unsigned char ch) pcidevs_unlock(); } -static int __init setup_dump_pcidevs(void) +static int __init cf_check setup_dump_pcidevs(void) { register_keyhandler('Q', dump_pci_devices, "dump PCI devices", 1); return 0; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 0fc818fd27..6ed32922c4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2106,7 +2106,7 @@ static void adjust_irq_affinity(struct acpi_drhd_unit *drhd) spin_unlock_irqrestore(&desc->lock, flags); } -static int adjust_vtd_irq_affinities(void) +static int cf_check adjust_vtd_irq_affinities(void) { struct acpi_drhd_unit *drhd; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0b37cd145b..e5a2c58303 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1076,7 +1076,7 @@ static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback, }; -static int __init setup_dpci_softirq(void) +static int __init cf_check setup_dpci_softirq(void) { unsigned int cpu; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277966.474851 (Exim 4.92) (envelope-from ) id 1nN9kl-0002kp-4g; Thu, 24 Feb 2022 08:45:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277966.474851; Thu, 24 Feb 2022 08:45:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kl-0002kh-1a; Thu, 24 Feb 2022 08:45:35 +0000 Received: by outflank-mailman (input) for mailman id 277966; Thu, 24 Feb 2022 08:45:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kj-0002kU-Pk for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kj-0000uR-Ow for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9kj-0005F8-O5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fs5nZ+ds/Tha8J67l3pH/J5L/AwMgIO4LfgiplKox4g=; b=2vz3K73vSAbvM61HSZnaCk0wO7 Ilip4WaaE2m1lkuSWsdbx52BiPBDKwRm7tF7rKWRGaEbHl2CfpoIfHuPY6QvH3lG1l3PJmbe82aZ7 bt9Fa6gDspBwLMX2WLtj52a9dMzU6scJ4PqpQUTWpJ0tffSaKIeYukaRFDn4w/k4XTW4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for notifier callbacks Message-Id: Date: Thu, 24 Feb 2022 08:45:33 +0000 commit 22939d3c83da3f94c612b1f49f6f91f11ee3490d Author: Andrew Cooper AuthorDate: Fri Oct 29 10:11:55 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for notifier callbacks Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +- xen/arch/x86/cpu/mwait-idle.c | 4 ++-- xen/arch/x86/cpu/vpmu.c | 2 +- xen/arch/x86/genapic/x2apic.c | 2 +- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/arch/x86/psr.c | 2 +- xen/arch/x86/smpboot.c | 2 +- xen/common/debugtrace.c | 4 ++-- xen/common/kexec.c | 2 +- xen/common/livepatch.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 2 +- xen/common/sched/cpupool.c | 2 +- xen/common/stop_machine.c | 2 +- xen/common/tasklet.c | 2 +- xen/common/timer.c | 2 +- xen/common/trace.c | 2 +- xen/drivers/cpufreq/cpufreq.c | 2 +- xen/drivers/cpufreq/cpufreq_misc_governors.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 24 files changed, 26 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 7902ccce6b..fb47eb9ad6 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -1622,7 +1622,7 @@ bool cpuidle_using_deep_cstate(void) : ACPI_STATE_C1); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index ea86d84481..a449fa0424 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -733,7 +733,7 @@ static int cpu_bank_alloc(unsigned int cpu) return 0; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index d63d6083d3..b6da8262e6 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -931,7 +931,7 @@ static int cpu_mcabank_alloc(unsigned int cpu) return -ENOMEM; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 24d073d315..fe1b7af25f 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -1275,8 +1275,8 @@ static int __init mwait_idle_probe(void) return 0; } -static int mwait_idle_cpu_init(struct notifier_block *nfb, - unsigned long action, void *hcpu) +static int cf_check mwait_idle_cpu_init( + struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu, cstate; struct acpi_processor_power *dev = processor_powers[cpu]; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 9fc897dc84..df3c9201b2 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -817,7 +817,7 @@ long cf_check do_xenpmu_op( return ret; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index 9064a0ca46..bd44bb7539 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -187,7 +187,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { .send_IPI_self = send_IPI_self_x2apic }; -static int update_clusterinfo( +static int cf_check update_clusterinfo( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 2ae1685d0a..0a19353068 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -117,7 +117,7 @@ static const char __initconst warning_hvm_fep[] = static bool_t __initdata opt_altp2m_enabled = 0; boolean_param("altp2m", opt_altp2m_enabled); -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index b112921b39..d6018f0c42 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -427,7 +427,7 @@ void setup_apic_nmi_watchdog(void) nmi_active = 1; } -static int cpu_nmi_callback( +static int cf_check cpu_nmi_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index 0e0b6577ca..eb3ba7bc88 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -63,7 +63,7 @@ static void free_percpu_area(unsigned int cpu) call_rcu(&info->rcu, _free_percpu_area); } -static int cpu_percpu_callback( +static int cf_check cpu_percpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 9a3670afc3..5b9991bd5b 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1642,7 +1642,7 @@ static void psr_cpu_fini(unsigned int cpu) free_socket_resources(socket); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { int rc = 0; diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 335129a010..709704d71a 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1112,7 +1112,7 @@ static int cpu_smpboot_alloc(unsigned int cpu) return rc; } -static int cpu_smpboot_callback( +static int cf_check cpu_smpboot_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index f3c0fd8aa1..160d00b796 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -263,8 +263,8 @@ static void debugtrace_alloc_buffer(struct debugtrace_data **ptr, *ptr = data; } -static int debugtrace_cpu_callback(struct notifier_block *nfb, - unsigned long action, void *hcpu) +static int cf_check debugtrace_cpu_callback( + struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 36384f782d..3b223cd03d 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -531,7 +531,7 @@ static int kexec_init_cpu_notes(const unsigned long cpu) return ret; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned long cpu = (unsigned long)hcpu; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 33708b4e23..701efd87a1 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2124,7 +2124,7 @@ static void livepatch_printall(unsigned char key) spin_unlock(&payload_lock); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index a5a27af3de..2ec5606de5 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -641,7 +641,7 @@ static void rcu_init_percpu_data(int cpu, struct rcu_ctrlblk *rcp, init_timer(&rdp->idle_timer, rcu_idle_timer_handler, rdp, cpu); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6c1ee7879a..fbd2dfb59b 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2839,7 +2839,7 @@ void sched_rm_cpu(unsigned int cpu) cpu_schedule_down(cpu); } -static int cpu_schedule_callback( +static int cf_check cpu_schedule_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index f26c7f2895..e5cfb03b85 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -985,7 +985,7 @@ void dump_runq(unsigned char key) spin_unlock(&cpupool_lock); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index 8979d553d6..a122bd4afe 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -182,7 +182,7 @@ static void stopmachine_action(void *data) local_irq_enable(); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/tasklet.c b/xen/common/tasklet.c index ac89511a09..1b16bbcdeb 100644 --- a/xen/common/tasklet.c +++ b/xen/common/tasklet.c @@ -214,7 +214,7 @@ void softirq_tasklet_init(struct tasklet *t, void (*func)(void *), void *data) t->is_softirq = 1; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/timer.c b/xen/common/timer.c index 1bb265ceea..b788050ea1 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -637,7 +637,7 @@ static void free_percpu_timers(unsigned int cpu) ASSERT(ts->heap == dummy_heap); } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/common/trace.c b/xen/common/trace.c index 61fecc2b2b..b5358508f8 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -79,7 +79,7 @@ static u32 tb_event_mask = TRC_ALL; * i.e., sizeof(_type) * ans >= _x. */ #define fit_to_type(_type, _x) (((_x)+sizeof(_type)-1) / sizeof(_type)) -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index e55e202d5a..a94520ee57 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -632,7 +632,7 @@ static int __init cpufreq_cmdline_parse(const char *s) return rc; } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index 8343f491da..ad79d0f5d2 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -91,7 +91,7 @@ cpufreq_userspace_handle_option(const char *name, const char *val) return 0; } -static int cpufreq_userspace_cpu_callback( +static int cf_check cpufreq_userspace_cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index e5a2c58303..527bd6a56d 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1046,7 +1046,7 @@ static void dpci_softirq(void) } } -static int cpu_callback( +static int cf_check cpu_callback( struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277967.474855 (Exim 4.92) (envelope-from ) id 1nN9kv-0002nz-6J; Thu, 24 Feb 2022 08:45:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277967.474855; Thu, 24 Feb 2022 08:45:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kv-0002nr-37; Thu, 24 Feb 2022 08:45:45 +0000 Received: by outflank-mailman (input) for mailman id 277967; Thu, 24 Feb 2022 08:45:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kt-0002ng-TC for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9kt-0000uV-SP for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9kt-0005Fx-Rj for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dNPJ+aMNntojXUTfwX0WOhQ9DDn+C+ZAs6NEAIxUBxw=; b=3rEJuKrkjL1yu0J02Qx56zoM2s Bze5J9do5ntUO1Kqsg4pTVSDIVb6QJ9kSU33bFyH8ZrHf8Z5AhMZslJnmO3b4Hqe5+58AbiiHBErS qLcdHZmxBMD75lRaMiZ+RD+F5bHLYlEIZSqzI45Dn91GuEsElnRJvf6HI76x4otM9K54=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for acpi_table_parse() Message-Id: Date: Thu, 24 Feb 2022 08:45:43 +0000 commit 56773dfd5d89a0291249694974d26c624c14421e Author: Andrew Cooper AuthorDate: Thu Oct 28 11:30:00 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for acpi_table_parse() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/boot.c | 24 ++++++++++++------------ xen/arch/x86/hvm/dom0_build.c | 16 ++++++++-------- xen/arch/x86/include/asm/tboot.h | 2 +- xen/arch/x86/srat.c | 4 ++-- xen/arch/x86/tboot.c | 2 +- xen/arch/x86/x86_64/acpi_mmcfg.c | 2 +- xen/arch/x86/x86_64/mmconfig.h | 2 +- xen/drivers/acpi/apei/hest.c | 4 ++-- xen/drivers/acpi/numa.c | 10 +++++----- xen/drivers/passthrough/amd/iommu_acpi.c | 9 +++++---- xen/drivers/passthrough/pci.c | 3 ++- xen/drivers/passthrough/vtd/dmar.c | 2 +- xen/include/xen/acpi.h | 2 +- 13 files changed, 42 insertions(+), 40 deletions(-) diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c index cc4bbc0284..54b72d716b 100644 --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -60,7 +60,7 @@ static u64 acpi_lapic_addr __initdata = APIC_DEFAULT_PHYS_BASE; Boot-time Configuration -------------------------------------------------------------------------- */ -static int __init acpi_parse_madt(struct acpi_table_header *table) +static int __init cf_check acpi_parse_madt(struct acpi_table_header *table) { struct acpi_table_madt *madt = container_of(table, struct acpi_table_madt, header); @@ -77,7 +77,7 @@ static int __init acpi_parse_madt(struct acpi_table_header *table) return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic(struct acpi_subtable_header *header, const unsigned long end) { struct acpi_madt_local_x2apic *processor = @@ -133,7 +133,7 @@ acpi_parse_x2apic(struct acpi_subtable_header *header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_lapic(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_local_apic *processor = @@ -171,7 +171,7 @@ acpi_parse_lapic(struct acpi_subtable_header * header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_lapic_addr_ovr(struct acpi_subtable_header * header, const unsigned long end) { @@ -187,7 +187,7 @@ acpi_parse_lapic_addr_ovr(struct acpi_subtable_header * header, return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic_nmi(struct acpi_subtable_header *header, const unsigned long end) { @@ -206,7 +206,7 @@ acpi_parse_x2apic_nmi(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_lapic_nmi(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_local_apic_nmi *lapic_nmi = @@ -223,7 +223,7 @@ acpi_parse_lapic_nmi(struct acpi_subtable_header * header, const unsigned long e return 0; } -static int __init +static int __init cf_check acpi_parse_ioapic(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_io_apic *ioapic = @@ -240,7 +240,7 @@ acpi_parse_ioapic(struct acpi_subtable_header * header, const unsigned long end) return 0; } -static int __init +static int __init cf_check acpi_parse_int_src_ovr(struct acpi_subtable_header * header, const unsigned long end) { @@ -267,7 +267,7 @@ acpi_parse_int_src_ovr(struct acpi_subtable_header * header, return 0; } -static int __init +static int __init cf_check acpi_parse_nmi_src(struct acpi_subtable_header * header, const unsigned long end) { struct acpi_madt_nmi_source *nmi_src = @@ -283,7 +283,7 @@ acpi_parse_nmi_src(struct acpi_subtable_header * header, const unsigned long end return 0; } -static int __init acpi_parse_hpet(struct acpi_table_header *table) +static int __init cf_check acpi_parse_hpet(struct acpi_table_header *table) { const struct acpi_table_hpet *hpet_tbl = container_of(table, const struct acpi_table_hpet, header); @@ -319,7 +319,7 @@ static int __init acpi_parse_hpet(struct acpi_table_header *table) return 0; } -static int __init acpi_invalidate_bgrt(struct acpi_table_header *table) +static int __init cf_check acpi_invalidate_bgrt(struct acpi_table_header *table) { struct acpi_table_bgrt *bgrt_tbl = container_of(table, struct acpi_table_bgrt, header); @@ -472,7 +472,7 @@ acpi_fadt_parse_sleep_info(const struct acpi_table_fadt *fadt) acpi_sinfo.wakeup_vector, acpi_sinfo.vector_width); } -static int __init acpi_parse_fadt(struct acpi_table_header *table) +static int __init cf_check acpi_parse_fadt(struct acpi_table_header *table) { const struct acpi_table_fadt *fadt = container_of(table, const struct acpi_table_fadt, header); diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index f9e17249dc..25fb05a389 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -745,15 +745,15 @@ static int __init pvh_setup_cpus(struct domain *d, paddr_t entry, return 0; } -static int __init acpi_count_intr_ovr(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_count_intr_ovr( + struct acpi_subtable_header *header, const unsigned long end) { acpi_intr_overrides++; return 0; } -static int __init acpi_set_intr_ovr(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_set_intr_ovr( + struct acpi_subtable_header *header, const unsigned long end) { const struct acpi_madt_interrupt_override *intr = container_of(header, struct acpi_madt_interrupt_override, header); @@ -764,15 +764,15 @@ static int __init acpi_set_intr_ovr(struct acpi_subtable_header *header, return 0; } -static int __init acpi_count_nmi_src(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_count_nmi_src( + struct acpi_subtable_header *header, const unsigned long end) { acpi_nmi_sources++; return 0; } -static int __init acpi_set_nmi_src(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check acpi_set_nmi_src( + struct acpi_subtable_header *header, const unsigned long end) { const struct acpi_madt_nmi_source *src = container_of(header, struct acpi_madt_nmi_source, header); diff --git a/xen/arch/x86/include/asm/tboot.h b/xen/arch/x86/include/asm/tboot.h index bfeed1542f..818d5fa451 100644 --- a/xen/arch/x86/include/asm/tboot.h +++ b/xen/arch/x86/include/asm/tboot.h @@ -124,7 +124,7 @@ void tboot_probe(void); void tboot_shutdown(uint32_t shutdown_type); int tboot_in_measured_env(void); int tboot_protect_mem_regions(void); -int tboot_parse_dmar_table(acpi_table_handler dmar_handler); +int cf_check tboot_parse_dmar_table(acpi_table_handler dmar_handler); int tboot_s3_resume(void); void tboot_s3_error(int error); int tboot_wake_ap(int apicid, unsigned long sipi_vec); diff --git a/xen/arch/x86/srat.c b/xen/arch/x86/srat.c index 6b77b98201..cfe24c7e78 100644 --- a/xen/arch/x86/srat.c +++ b/xen/arch/x86/srat.c @@ -407,8 +407,8 @@ void __init acpi_numa_arch_fixup(void) {} static uint64_t __initdata srat_region_mask; -static int __init srat_parse_region(struct acpi_subtable_header *header, - const unsigned long end) +static int __init cf_check srat_parse_region( + struct acpi_subtable_header *header, const unsigned long end) { struct acpi_srat_mem_affinity *ma; diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 529367ed81..fe1abfdf08 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -450,7 +450,7 @@ int __init tboot_protect_mem_regions(void) return 1; } -int __init tboot_parse_dmar_table(acpi_table_handler dmar_handler) +int __init cf_check tboot_parse_dmar_table(acpi_table_handler dmar_handler) { int rc; uint64_t size; diff --git a/xen/arch/x86/x86_64/acpi_mmcfg.c b/xen/arch/x86/x86_64/acpi_mmcfg.c index 0db8f57abb..2159c68189 100644 --- a/xen/arch/x86/x86_64/acpi_mmcfg.c +++ b/xen/arch/x86/x86_64/acpi_mmcfg.c @@ -68,7 +68,7 @@ static int __init acpi_mcfg_check_entry(struct acpi_table_mcfg *mcfg, return -EINVAL; } -int __init acpi_parse_mcfg(struct acpi_table_header *header) +int __init cf_check acpi_parse_mcfg(struct acpi_table_header *header) { struct acpi_table_mcfg *mcfg; unsigned long i; diff --git a/xen/arch/x86/x86_64/mmconfig.h b/xen/arch/x86/x86_64/mmconfig.h index 4d3b9fcbdd..433046be66 100644 --- a/xen/arch/x86/x86_64/mmconfig.h +++ b/xen/arch/x86/x86_64/mmconfig.h @@ -76,7 +76,7 @@ static inline void mmio_config_writel(void __iomem *pos, u32 val) /* function prototypes */ struct acpi_table_header; -int acpi_parse_mcfg(struct acpi_table_header *header); +int cf_check acpi_parse_mcfg(struct acpi_table_header *header); int pci_mmcfg_reserved(uint64_t address, unsigned int segment, unsigned int start_bus, unsigned int end_bus, unsigned int flags); diff --git a/xen/drivers/acpi/apei/hest.c b/xen/drivers/acpi/apei/hest.c index c5f3aaab7c..5881275d2f 100644 --- a/xen/drivers/acpi/apei/hest.c +++ b/xen/drivers/acpi/apei/hest.c @@ -128,8 +128,8 @@ int apei_hest_parse(apei_hest_func_t func, void *data) * Check if firmware advertises firmware first mode. We need FF bit to be set * along with a set of MC banks which work in FF mode. */ -static int __init hest_parse_cmc(const struct acpi_hest_header *hest_hdr, - void *data) +static int __init cf_check hest_parse_cmc( + const struct acpi_hest_header *hest_hdr, void *data) { #ifdef CONFIG_X86_MCE unsigned int i; diff --git a/xen/drivers/acpi/numa.c b/xen/drivers/acpi/numa.c index 85f891757c..bc6e888234 100644 --- a/xen/drivers/acpi/numa.c +++ b/xen/drivers/acpi/numa.c @@ -112,14 +112,14 @@ void __init acpi_table_print_srat_entry(struct acpi_subtable_header * header) } } -static int __init acpi_parse_slit(struct acpi_table_header *table) +static int __init cf_check acpi_parse_slit(struct acpi_table_header *table) { acpi_numa_slit_init((struct acpi_table_slit *)table); return 0; } -static int __init +static int __init cf_check acpi_parse_x2apic_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -138,7 +138,7 @@ acpi_parse_x2apic_affinity(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_processor_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -156,7 +156,7 @@ acpi_parse_processor_affinity(struct acpi_subtable_header *header, return 0; } -static int __init +static int __init cf_check acpi_parse_memory_affinity(struct acpi_subtable_header *header, const unsigned long end) { @@ -174,7 +174,7 @@ acpi_parse_memory_affinity(struct acpi_subtable_header *header, return 0; } -int __init acpi_parse_srat(struct acpi_table_header *table) +int __init cf_check acpi_parse_srat(struct acpi_table_header *table) { if (!table) return -EINVAL; diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 5ea2277328..3a79314589 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -1078,7 +1078,7 @@ static inline bool_t is_ivmd_block(u8 type) type == ACPI_IVRS_TYPE_MEMORY_IOMMU); } -static int __init parse_ivrs_table(struct acpi_table_header *table) +static int __init cf_check parse_ivrs_table(struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length; @@ -1170,7 +1170,7 @@ static int __init parse_ivrs_table(struct acpi_table_header *table) return error; } -static int __init detect_iommu_acpi(struct acpi_table_header *table) +static int __init cf_check detect_iommu_acpi(struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length = sizeof(struct acpi_table_ivrs); @@ -1264,7 +1264,8 @@ static int __init get_last_bdf_ivhd( return last_bdf; } -static int __init get_last_bdf_acpi(struct acpi_table_header *table) +static int __init cf_check cf_check get_last_bdf_acpi( + struct acpi_table_header *table) { const struct acpi_ivrs_header *ivrs_block; unsigned long length = sizeof(struct acpi_table_ivrs); @@ -1306,7 +1307,7 @@ int __init amd_iommu_update_ivrs_mapping_acpi(void) return acpi_table_parse(ACPI_SIG_IVRS, parse_ivrs_table); } -static int __init +static int __init cf_check get_supported_ivhd_type(struct acpi_table_header *table) { size_t length = sizeof(struct acpi_table_ivrs); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 9f79a01608..099312365d 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1287,7 +1287,8 @@ static bool_t hest_source_is_pcie_aer(const struct acpi_hest_header *hest_hdr) return 0; } -static int aer_hest_parse(const struct acpi_hest_header *hest_hdr, void *data) +static int cf_check aer_hest_parse( + const struct acpi_hest_header *hest_hdr, void *data) { struct aer_hest_parse_info *info = data; const struct acpi_hest_aer_common *p; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index b152f3da91..b8e91f5be1 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -767,7 +767,7 @@ acpi_parse_one_rhsa(struct acpi_dmar_header *header) return ret; } -static int __init acpi_parse_dmar(struct acpi_table_header *table) +static int __init cf_check acpi_parse_dmar(struct acpi_table_header *table) { struct acpi_table_dmar *dmar; struct acpi_dmar_header *entry_header; diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h index 08834f1402..39d51fcd01 100644 --- a/xen/include/xen/acpi.h +++ b/xen/include/xen/acpi.h @@ -91,7 +91,7 @@ struct acpi_subtable_header *acpi_table_get_entry_madt(enum acpi_madt_type id, int acpi_table_parse_madt(enum acpi_madt_type id, acpi_table_entry_handler handler, unsigned int max_entries); int acpi_table_parse_srat(int id, acpi_madt_entry_handler handler, unsigned int max_entries); -int acpi_parse_srat(struct acpi_table_header *); +int cf_check acpi_parse_srat(struct acpi_table_header *); void acpi_table_print (struct acpi_table_header *header, unsigned long phys_addr); void acpi_table_print_madt_entry (struct acpi_subtable_header *madt); void acpi_table_print_srat_entry (struct acpi_subtable_header *srat); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:45:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:45:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277968.474859 (Exim 4.92) (envelope-from ) id 1nN9l5-0002r5-8q; Thu, 24 Feb 2022 08:45:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277968.474859; Thu, 24 Feb 2022 08:45:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9l5-0002qx-5x; Thu, 24 Feb 2022 08:45:55 +0000 Received: by outflank-mailman (input) for mailman id 277968; Thu, 24 Feb 2022 08:45:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9l4-0002qp-0B for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9l3-0000uf-Vi for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9l3-0005H9-V7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:45:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=250sNGTluAXe1juELWqvVj6JpQKmw3JjCWRQGSRE9y8=; b=qIJqM4ULUoJ2zhaiRErRXKtq6i HeaCs3l56GKPILwFXh5DsQcpHfECqlfkImEzdXBfQUniMgxd56yRMlNJmruzkNIAGcXro7XnflUX6 TafNTZkkDnjZ2kJnC/Cc5AWBwiwQs+lrc2k+RXjvrDW9kGQV3G15tmZdh1Bt/+lwvRYg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for continue_hypercall_on_cpu() Message-Id: Date: Thu, 24 Feb 2022 08:45:53 +0000 commit 19804ed02902e78c82c6c97af8bd5ec348d5f071 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:49 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for continue_hypercall_on_cpu() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/include/asm/pv/shim.h | 8 ++++---- xen/arch/x86/include/asm/smp.h | 6 +++--- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/pv/shim.c | 4 ++-- xen/arch/x86/smp.c | 4 ++-- xen/arch/x86/sysctl.c | 2 +- xen/common/core_parking.c | 2 +- xen/common/kexec.c | 2 +- xen/common/sched/cpupool.c | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 912d4c4d62..c4e7e86989 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -326,7 +326,7 @@ static int enter_state(u32 state) return error; } -static long enter_state_helper(void *data) +static long cf_check enter_state_helper(void *data) { struct acpi_sleep_info *sinfo = (struct acpi_sleep_info *)data; return enter_state(sinfo->sleep_state); diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 46f55fe7f1..9631042190 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -558,7 +558,7 @@ struct ucode_buf { char buffer[]; }; -static long microcode_update_helper(void *data) +static long cf_check microcode_update_helper(void *data) { int ret; struct ucode_buf *buffer = data; diff --git a/xen/arch/x86/include/asm/pv/shim.h b/xen/arch/x86/include/asm/pv/shim.h index 6415f8068e..a43c3689b4 100644 --- a/xen/arch/x86/include/asm/pv/shim.h +++ b/xen/arch/x86/include/asm/pv/shim.h @@ -38,8 +38,8 @@ void pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, start_info_t *si); int pv_shim_shutdown(uint8_t reason); void pv_shim_inject_evtchn(unsigned int port); -long pv_shim_cpu_up(void *data); -long pv_shim_cpu_down(void *data); +long cf_check pv_shim_cpu_up(void *data); +long cf_check pv_shim_cpu_down(void *data); void pv_shim_online_memory(unsigned int nr, unsigned int order); void pv_shim_offline_memory(unsigned int nr, unsigned int order); domid_t get_initial_domain_id(void); @@ -69,12 +69,12 @@ static inline void pv_shim_inject_evtchn(unsigned int port) { ASSERT_UNREACHABLE(); } -static inline long pv_shim_cpu_up(void *data) +static inline long cf_check pv_shim_cpu_up(void *data) { ASSERT_UNREACHABLE(); return 0; } -static inline long pv_shim_cpu_down(void *data) +static inline long cf_check pv_shim_cpu_down(void *data) { ASSERT_UNREACHABLE(); return 0; diff --git a/xen/arch/x86/include/asm/smp.h b/xen/arch/x86/include/asm/smp.h index f7485f602e..1747772d23 100644 --- a/xen/arch/x86/include/asm/smp.h +++ b/xen/arch/x86/include/asm/smp.h @@ -57,10 +57,10 @@ int cpu_add(uint32_t apic_id, uint32_t acpi_id, uint32_t pxm); void __stop_this_cpu(void); -long cpu_up_helper(void *data); -long cpu_down_helper(void *data); +long cf_check cpu_up_helper(void *data); +long cf_check cpu_down_helper(void *data); -long core_parking_helper(void *data); +long cf_check core_parking_helper(void *data); bool core_parking_remove(unsigned int cpu); uint32_t get_cur_idle_nums(void); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 84566bbfaa..f5d7adc1e8 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -45,7 +45,7 @@ struct resource_access { xenpf_resource_entry_t *entries; }; -long cpu_frequency_change_helper(void *); +long cf_check cpu_frequency_change_helper(void *); void check_resource_access(struct resource_access *); void resource_access(void *); @@ -59,7 +59,7 @@ DEFINE_SPINLOCK(xenpf_lock); # undef guest_from_compat_handle # define guest_from_compat_handle(x,y) ((x)=(y)) -long cpu_frequency_change_helper(void *data) +long cf_check cpu_frequency_change_helper(void *data) { return cpu_frequency_change((uint64_t)data); } diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index ae4d8913fa..2ee290a392 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -845,7 +845,7 @@ int cf_check compat_grant_table_op( #endif #endif -long pv_shim_cpu_up(void *data) +long cf_check pv_shim_cpu_up(void *data) { struct vcpu *v = data; struct domain *d = v->domain; @@ -883,7 +883,7 @@ long pv_shim_cpu_up(void *data) return 0; } -long pv_shim_cpu_down(void *data) +long cf_check pv_shim_cpu_down(void *data) { struct vcpu *v = data; long rc; diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index eef0f9c6cb..f4952a6bf9 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -399,7 +399,7 @@ void call_function_interrupt(struct cpu_user_regs *regs) smp_call_function_interrupt(); } -long cpu_up_helper(void *data) +long cf_check cpu_up_helper(void *data) { unsigned int cpu = (unsigned long)data; int ret = cpu_up(cpu); @@ -422,7 +422,7 @@ long cpu_up_helper(void *data) return ret; } -long cpu_down_helper(void *data) +long cf_check cpu_down_helper(void *data) { int cpu = (unsigned long)data; int ret = cpu_down(cpu); diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index aff52a13f3..1772f51f8f 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -79,7 +79,7 @@ static void l3_cache_get(void *arg) l3_info->size = info.size / 1024; /* in KB unit */ } -static long smt_up_down_helper(void *data) +static long cf_check smt_up_down_helper(void *data) { bool up = (bool)data; unsigned int cpu, sibling_mask = boot_cpu_data.x86_num_siblings - 1; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 44a907abfd..4afad04f2f 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -169,7 +169,7 @@ static unsigned int core_parking_power(unsigned int event) return cpu; } -long core_parking_helper(void *data) +long cf_check core_parking_helper(void *data) { uint32_t idle_nums = (unsigned long)data; unsigned int cpu; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 3b223cd03d..b222a5fd78 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -395,7 +395,7 @@ void kexec_crash(enum crash_reason reason) BUG(); } -static long kexec_reboot(void *_image) +static long cf_check kexec_reboot(void *_image) { struct kexec_image *image = _image; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index e5cfb03b85..b9d4babd0d 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -544,7 +544,7 @@ static int cpupool_unassign_cpu_start(struct cpupool *c, unsigned int cpu) return ret; } -static long cpupool_unassign_cpu_helper(void *info) +static long cf_check cpupool_unassign_cpu_helper(void *info) { struct cpupool *c = info; long ret; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277969.474863 (Exim 4.92) (envelope-from ) id 1nN9lF-0002u9-AH; Thu, 24 Feb 2022 08:46:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277969.474863; Thu, 24 Feb 2022 08:46:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lF-0002u0-7M; Thu, 24 Feb 2022 08:46:05 +0000 Received: by outflank-mailman (input) for mailman id 277969; Thu, 24 Feb 2022 08:46:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lE-0002ts-4K for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lE-0000vC-3b for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9lE-0005If-2u for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ry7+WT/ZT12BmSZBocvV8zgkT1w6tOJkhnNy1+nliyQ=; b=VRrNRVITRrLSB6Zz08YPmvBSPg YESP+xSaXgAHa1mh5mla/cYg4yjqWojEiyf082HJrmkZBQ8d+yPv1Pk817WaB01kgLdzNzc1wTZEN 3b1EGMztKy6XUMQ510kSWw5EsBp7GzfU8tZMEe69Wex5YRJIKLBl+jwYqRw703MDNfBk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for init_timer() Message-Id: Date: Thu, 24 Feb 2022 08:46:04 +0000 commit 17bafcdcc84f67307a28acc42f0e842a7f5c08a7 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:42:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for init_timer() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/amd_nonfatal.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/hvm/pmtimer.c | 2 +- xen/arch/x86/hvm/rtc.c | 6 +++--- xen/arch/x86/hvm/viridian/time.c | 2 +- xen/arch/x86/hvm/vpt.c | 2 +- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/time.c | 4 ++-- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 18 +++++++++--------- xen/common/sched/credit.c | 10 ++++------ xen/common/sched/credit2.c | 2 +- xen/common/sched/rt.c | 5 +++-- xen/drivers/char/ehci-dbgp.c | 2 +- xen/drivers/char/ns16550.c | 6 +++--- xen/drivers/cpufreq/cpufreq_ondemand.c | 2 +- 17 files changed, 36 insertions(+), 37 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c index 6e8901530a..da0bf85f02 100644 --- a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c +++ b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c @@ -127,7 +127,7 @@ static void mce_amd_checkregs(void *info) * multiple correctable errors between two polls. In that case, * increase polling frequency higher than normal. */ -static void mce_amd_work_fn(void *data) +static void cf_check mce_amd_work_fn(void *data) { on_each_cpu(mce_amd_checkregs, data, 1); diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index 2679c220a8..f7e411c087 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -67,7 +67,7 @@ static void mce_checkregs (void *info) } } -static void mce_work_fn(void *data) +static void cf_check mce_work_fn(void *data) { on_each_cpu(mce_checkregs, NULL, 1); diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 97b9e41712..808819d1de 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -124,7 +124,7 @@ static void pmt_update_time(PMTState *s) /* This function should be called soon after each time the MSB of the * pmtimer register rolls over, to make sure we update the status * registers and SCI at least once per rollover */ -static void pmt_timer_callback(void *opaque) +static void cf_check pmt_timer_callback(void *opaque) { PMTState *s = opaque; uint32_t pmt_cycles_until_flip; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 3150f5f147..09d3501276 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -217,7 +217,7 @@ static void check_update_timer(RTCState *s) s->use_timer = 0; } -static void rtc_update_timer(void *opaque) +static void cf_check rtc_update_timer(void *opaque) { RTCState *s = opaque; @@ -230,7 +230,7 @@ static void rtc_update_timer(void *opaque) spin_unlock(&s->lock); } -static void rtc_update_timer2(void *opaque) +static void cf_check rtc_update_timer2(void *opaque) { RTCState *s = opaque; @@ -421,7 +421,7 @@ static void alarm_timer_update(RTCState *s) } } -static void rtc_alarm_cb(void *opaque) +static void cf_check rtc_alarm_cb(void *opaque) { RTCState *s = opaque; diff --git a/xen/arch/x86/hvm/viridian/time.c b/xen/arch/x86/hvm/viridian/time.c index 24ff117edb..b56fd67662 100644 --- a/xen/arch/x86/hvm/viridian/time.c +++ b/xen/arch/x86/hvm/viridian/time.c @@ -126,7 +126,7 @@ static void stop_stimer(struct viridian_stimer *vs) vs->started = false; } -static void stimer_expire(void *data) +static void cf_check stimer_expire(void *data) { struct viridian_stimer *vs = data; struct vcpu *v = vs->v; diff --git a/xen/arch/x86/hvm/vpt.c b/xen/arch/x86/hvm/vpt.c index 6fdc3e19fe..cb1d81bf9e 100644 --- a/xen/arch/x86/hvm/vpt.c +++ b/xen/arch/x86/hvm/vpt.c @@ -271,7 +271,7 @@ void pt_restore_timer(struct vcpu *v) pt_vcpu_unlock(v); } -static void pt_timer_fn(void *data) +static void cf_check pt_timer_fn(void *data) { struct periodic_time *pt = data; diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index bcf46cd54d..f9c8084555 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -935,7 +935,7 @@ void alloc_direct_apic_vector( spin_unlock(&lock); } -static void irq_ratelimit_timer_fn(void *data) +static void cf_check irq_ratelimit_timer_fn(void *data) { struct irq_desc *desc, *tmp; unsigned long flags; @@ -1129,7 +1129,7 @@ static inline void clear_pirq_eoi(struct domain *d, unsigned int irq) static void set_eoi_ready(void *data); -static void irq_guest_eoi_timer_fn(void *data) +static void cf_check irq_guest_eoi_timer_fn(void *data) { struct irq_desc *desc = data; unsigned int i, irq = desc - irq_desc; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index d6018f0c42..d8605ffddd 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -211,7 +211,7 @@ void __init check_nmi_watchdog(void) return; } -static void nmi_timer_fn(void *unused) +static void cf_check nmi_timer_fn(void *unused) { this_cpu(nmi_timer_ticks)++; set_timer(&this_cpu(nmi_timer), NOW() + MILLISECS(1000)); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index b94aa8f216..bee5fd755a 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -814,7 +814,7 @@ static s_time_t __read_platform_stime(u64 platform_time) return (stime_platform_stamp + scale_delta(diff, &plt_scale)); } -static void plt_overflow(void *unused) +static void cf_check plt_overflow(void *unused) { int i; u64 count; @@ -1854,7 +1854,7 @@ static void time_calibration_nop_rendezvous(void *rv) static void (*time_calibration_rendezvous_fn)(void *) = time_calibration_std_rendezvous; -static void time_calibration(void *unused) +static void cf_check time_calibration(void *unused) { struct calibration_rendezvous r = { .semaphore = ATOMIC_INIT(0) diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index 2ec5606de5..f9dd2584a8 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -575,7 +575,7 @@ static void rcu_idle_timer_stop(void) stop_timer(&rdp->idle_timer); } -static void rcu_idle_timer_handler(void* data) +static void cf_check rcu_idle_timer_handler(void* data) { perfc_incr(rcu_idle_timer); diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index fbd2dfb59b..6a1f17e94e 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -71,10 +71,10 @@ cpumask_t sched_res_mask; static DEFINE_SPINLOCK(sched_free_cpu_lock); /* Various timer handlers. */ -static void s_timer_fn(void *unused); -static void vcpu_periodic_timer_fn(void *data); -static void vcpu_singleshot_timer_fn(void *data); -static void poll_timer_fn(void *data); +static void cf_check s_timer_fn(void *unused); +static void cf_check vcpu_periodic_timer_fn(void *data); +static void cf_check vcpu_singleshot_timer_fn(void *data); +static void cf_check poll_timer_fn(void *data); /* This is global for now so that private implementations can reach it */ DEFINE_PER_CPU_READ_MOSTLY(struct sched_resource *, sched_res); @@ -1535,7 +1535,7 @@ long vcpu_yield(void) return 0; } -static void domain_watchdog_timeout(void *data) +static void cf_check domain_watchdog_timeout(void *data) { struct domain *d = data; @@ -2697,28 +2697,28 @@ static void schedule(void) } /* The scheduler timer: force a run through the scheduler */ -static void s_timer_fn(void *unused) +static void cf_check s_timer_fn(void *unused) { raise_softirq(SCHEDULE_SOFTIRQ); SCHED_STAT_CRANK(sched_irq); } /* Per-VCPU periodic timer function: sends a virtual timer interrupt. */ -static void vcpu_periodic_timer_fn(void *data) +static void cf_check vcpu_periodic_timer_fn(void *data) { struct vcpu *v = data; vcpu_periodic_timer_work(v); } /* Per-VCPU single-shot timer function: sends a virtual timer interrupt. */ -static void vcpu_singleshot_timer_fn(void *data) +static void cf_check vcpu_singleshot_timer_fn(void *data) { struct vcpu *v = data; send_timer_event(v); } /* SCHEDOP_poll timeout callback. */ -static void poll_timer_fn(void *data) +static void cf_check poll_timer_fn(void *data) { struct vcpu *v = data; diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index d0aa017c64..5635271f6f 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -230,8 +230,8 @@ struct csched_private { struct timer master_ticker; }; -static void csched_tick(void *_cpu); -static void csched_acct(void *dummy); +static void cf_check csched_tick(void *_cpu); +static void cf_check csched_acct(void *dummy); static inline int __unit_on_runq(const struct csched_unit *svc) @@ -1356,8 +1356,7 @@ csched_runq_sort(struct csched_private *prv, unsigned int cpu) pcpu_schedule_unlock_irqrestore(lock, flags, cpu); } -static void -csched_acct(void* dummy) +static void cf_check csched_acct(void* dummy) { struct csched_private *prv = dummy; unsigned long flags; @@ -1563,8 +1562,7 @@ out: set_timer( &prv->master_ticker, NOW() + prv->tslice); } -static void -csched_tick(void *_cpu) +static void cf_check csched_tick(void *_cpu) { unsigned int cpu = (unsigned long)_cpu; const struct sched_resource *sr = get_sched_res(cpu); diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index a5f073cda5..d96e2749dd 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -2072,7 +2072,7 @@ static inline void do_replenish(struct csched2_dom *sdom) sdom->budget += sdom->tot_budget; } -static void replenish_domain_budget(void* data) +static void cf_check replenish_domain_budget(void *data) { struct csched2_dom *sdom = data; unsigned long flags; diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c index c24cd2ac32..5ea6f01f26 100644 --- a/xen/common/sched/rt.c +++ b/xen/common/sched/rt.c @@ -173,7 +173,7 @@ #define TRC_RTDS_SCHED_TASKLET TRC_SCHED_CLASS_EVT(RTDS, 5) #define TRC_RTDS_SCHEDULE TRC_SCHED_CLASS_EVT(RTDS, 6) -static void repl_timer_handler(void *data); +static void cf_check repl_timer_handler(void *data); /* * System-wide private data, include global RunQueue/DepletedQ @@ -1452,7 +1452,8 @@ rt_dom_cntl( * The replenishment timer handler picks units * from the replq and does the actual replenishment. */ -static void repl_timer_handler(void *data){ +static void cf_check repl_timer_handler(void *data) +{ s_time_t now; const struct scheduler *ops = data; struct rt_private *prv = rt_priv(ops); diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index c893d246de..a6b57fdf2d 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1289,7 +1289,7 @@ static void _ehci_dbgp_poll(struct cpu_user_regs *regs) set_timer(&dbgp->timer, NOW() + timeout); } -static void ehci_dbgp_poll(void *data) +static void cf_check ehci_dbgp_poll(void *data) { poll_port = data; #ifdef run_in_exception_handler diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 30596d60d4..990cad39fe 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -111,7 +111,7 @@ struct ns16550_config_param { static void enable_exar_enhanced_bits(const struct ns16550 *uart); #endif -static void ns16550_delayed_resume(void *data); +static void cf_check ns16550_delayed_resume(void *data); static u8 ns_read_reg(const struct ns16550 *uart, unsigned int reg) { @@ -229,7 +229,7 @@ out: set_timer(&uart->timer, NOW() + MILLISECS(uart->timeout_ms)); } -static void ns16550_poll(void *data) +static void cf_check ns16550_poll(void *data) { this_cpu(poll_port) = data; #ifdef run_in_exception_handler @@ -532,7 +532,7 @@ static void _ns16550_resume(struct serial_port *port) } static int delayed_resume_tries; -static void ns16550_delayed_resume(void *data) +static void cf_check ns16550_delayed_resume(void *data) { struct serial_port *port = data; struct ns16550 *uart = port->uart; diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index cabd9ffa88..ba03eaa233 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -172,7 +172,7 @@ static void dbs_check_cpu(struct cpu_dbs_info_s *this_dbs_info) } } -static void do_dbs_timer(void *dbs) +static void cf_check do_dbs_timer(void *dbs) { struct cpu_dbs_info_s *dbs_info = (struct cpu_dbs_info_s *)dbs; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277970.474867 (Exim 4.92) (envelope-from ) id 1nN9lP-0002wz-Bs; Thu, 24 Feb 2022 08:46:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277970.474867; Thu, 24 Feb 2022 08:46:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lP-0002wq-8s; Thu, 24 Feb 2022 08:46:15 +0000 Received: by outflank-mailman (input) for mailman id 277970; Thu, 24 Feb 2022 08:46:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lO-0002wd-80 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lO-0000vM-7I for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9lO-0005JU-6K for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/efTsPN2aJ4B8wdnS9SPHturqrdj09S6oxZmhf/iS7k=; b=LQVHnoztpG/w6Je6J1ivZReq2D zM/V2QHSUcCgJK9c51PPJ03MBYvccYwc40D+waISE4kGU1eSL/chXkYgvUjzSn7o2fuNPaG6r0Ksq dpTkuJmWAXsT4vCT/AbhTjDlh/gdBj7sawmQhhEWl2d6xdnjTJW+/D2SMhMPvfC2yMoE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for call_rcu() Message-Id: Date: Thu, 24 Feb 2022 08:46:14 +0000 commit d910f5ce7744f992a4a69bbb94d1e85a741962a9 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:28:35 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for call_rcu() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/mtrr.c | 2 +- xen/arch/x86/hvm/vmsi.c | 2 +- xen/arch/x86/mm/mem_sharing.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/common/domain.c | 4 ++-- xen/common/radix-tree.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 2 +- xen/xsm/flask/avc.c | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index b3ef1bf541..42f3d83192 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -586,7 +586,7 @@ int hvm_get_mem_pinned_cacheattr(struct domain *d, gfn_t gfn, return rc; } -static void free_pinned_cacheattr_entry(struct rcu_head *rcu) +static void cf_check free_pinned_cacheattr_entry(struct rcu_head *rcu) { xfree(container_of(rcu, struct hvm_mem_pinned_cacheattr_range, rcu)); } diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c index 13e2a190b4..2889575a20 100644 --- a/xen/arch/x86/hvm/vmsi.c +++ b/xen/arch/x86/hvm/vmsi.c @@ -441,7 +441,7 @@ static void add_msixtbl_entry(struct domain *d, list_add_rcu(&entry->list, &d->arch.hvm.msixtbl_list); } -static void free_msixtbl_entry(struct rcu_head *rcu) +static void cf_check free_msixtbl_entry(struct rcu_head *rcu) { struct msixtbl_entry *entry; diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index 74d2869c0e..15e6a7ed81 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -75,7 +75,7 @@ static DEFINE_SPINLOCK(shr_audit_lock); static DEFINE_RCU_READ_LOCK(shr_audit_read_lock); /* RCU delayed free of audit list entry */ -static void _free_pg_shared_info(struct rcu_head *head) +static void cf_check _free_pg_shared_info(struct rcu_head *head) { xfree(container_of(head, struct page_sharing_info, rcu_head)); } diff --git a/xen/arch/x86/percpu.c b/xen/arch/x86/percpu.c index eb3ba7bc88..46460689b7 100644 --- a/xen/arch/x86/percpu.c +++ b/xen/arch/x86/percpu.c @@ -45,7 +45,7 @@ struct free_info { }; static DEFINE_PER_CPU(struct free_info, free_info); -static void _free_percpu_area(struct rcu_head *head) +static void cf_check _free_percpu_area(struct rcu_head *head) { struct free_info *info = container_of(head, struct free_info, rcu); unsigned int cpu = info->cpu; diff --git a/xen/common/domain.c b/xen/common/domain.c index dacd03254c..c5716cd72f 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1075,7 +1075,7 @@ void vcpu_end_shutdown_deferral(struct vcpu *v) } /* Complete domain destroy after RCU readers are not holding old references. */ -static void complete_domain_destroy(struct rcu_head *head) +static void cf_check complete_domain_destroy(struct rcu_head *head) { struct domain *d = container_of(head, struct domain, rcu); struct vcpu *v; @@ -1798,7 +1798,7 @@ struct pirq *pirq_get_info(struct domain *d, int pirq) return info; } -static void _free_pirq_struct(struct rcu_head *head) +static void cf_check _free_pirq_struct(struct rcu_head *head) { xfree(container_of(head, struct pirq, rcu_head)); } diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 628a7e0698..33b47748ae 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -58,7 +58,7 @@ static struct radix_tree_node *rcu_node_alloc(void *arg) return rcu_node ? &rcu_node->node : NULL; } -static void _rcu_node_free(struct rcu_head *head) +static void cf_check _rcu_node_free(struct rcu_head *head) { struct rcu_node *rcu_node = container_of(head, struct rcu_node, rcu_head); diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index f9dd2584a8..423d6b1d6d 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -167,7 +167,7 @@ static int rsinterval = 1000; static atomic_t cpu_count = ATOMIC_INIT(0); static atomic_t pending_count = ATOMIC_INIT(0); -static void rcu_barrier_callback(struct rcu_head *head) +static void cf_check rcu_barrier_callback(struct rcu_head *head) { /* * We need a barrier making all previous writes visible to other cpus diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 6a1f17e94e..aaa7ef2a6f 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2798,7 +2798,7 @@ static int cpu_schedule_up(unsigned int cpu) return 0; } -static void sched_res_free(struct rcu_head *head) +static void cf_check sched_res_free(struct rcu_head *head) { struct sched_resource *sr = container_of(head, struct sched_resource, rcu); diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c index 87ea38b7a0..e20c165042 100644 --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -276,7 +276,7 @@ int avc_get_hash_stats(struct xen_flask_hash_stats *arg) return 0; } -static void avc_node_free(struct rcu_head *rhead) +static void cf_check avc_node_free(struct rcu_head *rhead) { struct avc_node *node = container_of(rhead, struct avc_node, rhead); xfree(node); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277971.474871 (Exim 4.92) (envelope-from ) id 1nN9lZ-00030V-FF; Thu, 24 Feb 2022 08:46:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277971.474871; Thu, 24 Feb 2022 08:46:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lZ-00030N-Bk; Thu, 24 Feb 2022 08:46:25 +0000 Received: by outflank-mailman (input) for mailman id 277971; Thu, 24 Feb 2022 08:46:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lY-00030A-CS for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lY-0000vd-Bj for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9lY-0005K3-Ax for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZaAzNnHOCqgJKaY7RZ5IcE60e7o5R3FBd3ACMnWoHLE=; b=XJ6qP5rTbwdm4/DU8l//KxSrGl 6/6F28vizQnfkRDk5MJXTlnNszfv+30v8EMSKyTArePeC1Kjwb4NiTdvt7iEZU6FDnu9uoxPFC2Le PL2HY3ycbeDvAWZWbV4FBMJWbTvtPsEUSR+F4hNqu1Wn/d8jc4FxnMEq3cVJTL/9+jPM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for IPIs Message-Id: Date: Thu, 24 Feb 2022 08:46:24 +0000 commit 4ea76ad84748b49a46b71c64772531e81dd2fd42 Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:53 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for IPIs Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/acpi/cpufreq/cpufreq.c | 8 ++++---- xen/arch/x86/acpi/cpufreq/powernow.c | 6 +++--- xen/arch/x86/acpi/lib.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/mcheck/amd_nonfatal.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 6 +++--- xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/cpu/mtrr/generic.c | 2 +- xen/arch/x86/cpu/mtrr/main.c | 2 +- xen/arch/x86/cpu/mwait-idle.c | 6 +++--- xen/arch/x86/cpu/vpmu.c | 4 ++-- xen/arch/x86/guest/xen/xen.c | 2 +- xen/arch/x86/hvm/nestedhvm.c | 3 +-- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/mtrr.h | 2 +- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 10 +++++----- xen/arch/x86/oprofile/op_model_athlon.c | 2 +- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/psr.c | 2 +- xen/arch/x86/shutdown.c | 4 ++-- xen/arch/x86/smp.c | 2 +- xen/arch/x86/sysctl.c | 2 +- xen/arch/x86/time.c | 8 ++++---- xen/common/cpu.c | 4 ++-- xen/common/gdbstub.c | 2 +- xen/common/keyhandler.c | 2 +- xen/common/page_alloc.c | 2 +- 32 files changed, 53 insertions(+), 54 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index fb47eb9ad6..22c8bb0c2d 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -145,7 +145,7 @@ struct hw_residencies uint64_t cc7; }; -static void do_get_hw_residencies(void *arg) +static void cf_check do_get_hw_residencies(void *arg) { struct cpuinfo_x86 *c = ¤t_cpu_data; struct hw_residencies *hw_res = arg; diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 9510f05340..8133c2dd95 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -129,7 +129,7 @@ struct drv_cmd { u32 val; }; -static void do_drv_read(void *drvcmd) +static void cf_check do_drv_read(void *drvcmd) { struct drv_cmd *cmd; @@ -148,7 +148,7 @@ static void do_drv_read(void *drvcmd) } } -static void do_drv_write(void *drvcmd) +static void cf_check do_drv_write(void *drvcmd) { struct drv_cmd *cmd; uint64_t msr_content; @@ -244,7 +244,7 @@ struct perf_pair { static DEFINE_PER_CPU(struct perf_pair, gov_perf_pair); static DEFINE_PER_CPU(struct perf_pair, usr_perf_pair); -static void read_measured_perf_ctrs(void *_readin) +static void cf_check read_measured_perf_ctrs(void *_readin) { struct perf_pair *readin = _readin; @@ -340,7 +340,7 @@ static unsigned int get_cur_freq_on_cpu(unsigned int cpu) return extract_freq(get_cur_val(cpumask_of(cpu)), data); } -static void feature_detect(void *info) +static void cf_check feature_detect(void *info) { struct cpufreq_policy *policy = info; unsigned int eax; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index da8fc40b9a..ca71ecf72d 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -44,12 +44,12 @@ #define ARCH_CPU_FLAG_RESUME 1 -static void transition_pstate(void *pstate) +static void cf_check transition_pstate(void *pstate) { wrmsrl(MSR_PSTATE_CTRL, *(unsigned int *)pstate); } -static void update_cpb(void *data) +static void cf_check update_cpb(void *data) { struct cpufreq_policy *policy = data; @@ -165,7 +165,7 @@ struct amd_cpu_data { u32 max_hw_pstate; }; -static void get_cpu_data(void *arg) +static void cf_check get_cpu_data(void *arg) { struct amd_cpu_data *data = arg; struct processor_performance *perf = data->perf; diff --git a/xen/arch/x86/acpi/lib.c b/xen/arch/x86/acpi/lib.c index b66e7338e7..43831b92d1 100644 --- a/xen/arch/x86/acpi/lib.c +++ b/xen/arch/x86/acpi/lib.c @@ -99,7 +99,7 @@ unsigned int acpi_get_processor_id(unsigned int cpu) return INVALID_ACPIID; } -static void get_mwait_ecx(void *info) +static void cf_check get_mwait_ecx(void *info) { *(u32 *)info = cpuid_ecx(CPUID_MWAIT_LEAF); } diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index a8e37dbb1f..2d18223f20 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -430,7 +430,7 @@ static void disable_c1_ramping(void) } } -static void disable_c1e(void *unused) +static void cf_check disable_c1e(void *unused) { uint64_t msr_content; diff --git a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c index da0bf85f02..efb45c931e 100644 --- a/xen/arch/x86/cpu/mcheck/amd_nonfatal.c +++ b/xen/arch/x86/cpu/mcheck/amd_nonfatal.c @@ -79,7 +79,7 @@ static int variable_period = 1; * Collects information of correctable errors and notifies * Dom0 via an event. */ -static void mce_amd_checkregs(void *info) +static void cf_check mce_amd_checkregs(void *info) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index a449fa0424..43f6c8471a 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -961,7 +961,7 @@ void x86_mcinfo_dump(struct mc_info *mi) } while ( 1 ); } -static void do_mc_get_cpu_info(void *v) +static void cf_check do_mc_get_cpu_info(void *v) { int cpu = smp_processor_id(); int cindex, cpn; @@ -1242,7 +1242,7 @@ static void x86_mc_hwcr_wren_restore(uint64_t hwcr) wrmsrl(MSR_K8_HWCR, hwcr); } -static void x86_mc_msrinject(void *data) +static void cf_check x86_mc_msrinject(void *data) { struct xen_mc_msrinject *mci = data; struct mcinfo_msr *msr; @@ -1274,7 +1274,7 @@ static void x86_mc_msrinject(void *data) } /*ARGSUSED*/ -static void x86_mc_mceinject(void *data) +static void cf_check x86_mc_mceinject(void *data) { printk("Simulating #MC on cpu %d\n", smp_processor_id()); __asm__ __volatile__("int $0x12"); diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index b6da8262e6..a691e10bdc 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -599,7 +599,7 @@ static void mce_set_owner(void) cmci_discover(); } -static void __cpu_mcheck_distribute_cmci(void *unused) +static void cf_check __cpu_mcheck_distribute_cmci(void *unused) { cmci_discover(); } diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index f7e411c087..1c0c32ba08 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -32,7 +32,7 @@ static uint64_t period = MCE_PERIOD; static int adjust = 0; static int variable_period = 1; -static void mce_checkregs (void *info) +static void cf_check mce_checkregs(void *info) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 9631042190..8413642080 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -533,7 +533,7 @@ static int control_thread_fn(const struct microcode_patch *patch) return ret; } -static int do_microcode_update(void *patch) +static int cf_check do_microcode_update(void *patch) { unsigned int cpu = smp_processor_id(); int ret; diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 883e3398ff..7cf4cd01f3 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -84,7 +84,7 @@ bool is_var_mtrr_overlapped(const struct mtrr_state *m) return false; } -void mtrr_save_fixed_ranges(void *info) +void cf_check mtrr_save_fixed_ranges(void *info) { get_fixed_ranges(mtrr_state.fixed_ranges); } diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 428133100d..4e01c8d6f9 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -131,7 +131,7 @@ struct set_mtrr_data { */ int hold_mtrr_updates_on_aps; -static void ipi_handler(void *info) +static void cf_check ipi_handler(void *info) /* [SUMMARY] Synchronisation handler. Executed by "other" CPUs. [RETURNS] Nothing. */ diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index fe1b7af25f..927ce1b67a 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -877,7 +877,7 @@ static void mwait_idle(void) cpuidle_current_governor->reflect(power); } -static void auto_demotion_disable(void *dummy) +static void cf_check auto_demotion_disable(void *dummy) { u64 msr_bits; @@ -886,13 +886,13 @@ static void auto_demotion_disable(void *dummy) wrmsrl(MSR_PKG_CST_CONFIG_CONTROL, msr_bits); } -static void byt_auto_demotion_disable(void *dummy) +static void cf_check byt_auto_demotion_disable(void *dummy) { wrmsrl(MSR_CC6_DEMOTION_POLICY_CONFIG, 0); wrmsrl(MSR_MC6_DEMOTION_POLICY_CONFIG, 0); } -static void c1e_promotion_disable(void *dummy) +static void cf_check c1e_promotion_disable(void *dummy) { u64 msr_bits; diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index df3c9201b2..4fedc7c570 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -335,7 +335,7 @@ void vpmu_do_interrupt(struct cpu_user_regs *regs) #endif } -static void vpmu_save_force(void *arg) +static void cf_check vpmu_save_force(void *arg) { struct vcpu *v = arg; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -528,7 +528,7 @@ void vpmu_initialise(struct vcpu *v) put_vpmu(v); } -static void vpmu_clear_last(void *arg) +static void cf_check vpmu_clear_last(void *arg) { if ( this_cpu(last_vcpu) == arg ) this_cpu(last_vcpu) = NULL; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 2ff63d370a..b2aa3a009b 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -289,7 +289,7 @@ int xg_free_unused_page(mfn_t mfn) return rangeset_remove_range(mem, mfn_x(mfn), mfn_x(mfn)); } -static void ap_resume(void *unused) +static void cf_check ap_resume(void *unused) { BUG_ON(map_vcpuinfo()); BUG_ON(init_evtchn()); diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 2351688448..58370190ff 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -82,8 +82,7 @@ nestedhvm_vcpu_destroy(struct vcpu *v) alternative_vcall(hvm_funcs.nhvm_vcpu_destroy, v); } -static void -nestedhvm_flushtlb_ipi(void *info) +static void cf_check nestedhvm_flushtlb_ipi(void *info) { struct vcpu *v = current; struct domain *d = info; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f72a7db045..2b6bafe9d5 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -589,7 +589,7 @@ static void vmx_free_vmcs(paddr_t pa) free_domheap_page(maddr_to_page(pa)); } -static void __vmx_clear_vmcs(void *info) +static void cf_check __vmx_clear_vmcs(void *info) { struct vcpu *v = info; struct vmx_vcpu *vmx = &v->arch.hvm.vmx; diff --git a/xen/arch/x86/include/asm/mtrr.h b/xen/arch/x86/include/asm/mtrr.h index e0fd1005ce..7733800b79 100644 --- a/xen/arch/x86/include/asm/mtrr.h +++ b/xen/arch/x86/include/asm/mtrr.h @@ -64,7 +64,7 @@ struct mtrr_state { }; extern struct mtrr_state mtrr_state; -extern void mtrr_save_fixed_ranges(void *); +extern void cf_check mtrr_save_fixed_ranges(void *); extern void mtrr_save_state(void); extern int mtrr_add(unsigned long base, unsigned long size, unsigned int type, char increment); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index f9c8084555..d9bd355113 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1127,7 +1127,7 @@ static inline void clear_pirq_eoi(struct domain *d, unsigned int irq) } } -static void set_eoi_ready(void *data); +static void cf_check set_eoi_ready(void *data); static void cf_check irq_guest_eoi_timer_fn(void *data) { @@ -1398,7 +1398,7 @@ static void __set_eoi_ready(const struct irq_desc *desc) } /* Mark specified IRQ as ready-for-EOI (if it really is) and attempt to EOI. */ -static void set_eoi_ready(void *data) +static void cf_check set_eoi_ready(void *data) { struct irq_desc *desc = data; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index d8605ffddd..0a1c9b8e9a 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -149,7 +149,7 @@ int nmi_active; (P4_CCCR_OVF_PMI0|P4_CCCR_THRESHOLD(15)|P4_CCCR_COMPLEMENT| \ P4_CCCR_COMPARE|P4_CCCR_REQUIRED|P4_CCCR_ESCR_SELECT(4)|P4_CCCR_ENABLE) -static void __init wait_for_nmis(void *p) +static void __init cf_check wait_for_nmis(void *p) { unsigned int start_count = this_cpu(nmi_count); unsigned long ticks = 10 * 1000 * cpu_khz / nmi_hz; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index ba9c4b9804..6ebe20bd1d 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -131,7 +131,7 @@ static void nmi_cpu_save_registers(struct op_msrs *msrs) } -static void nmi_save_registers(void * dummy) +static void cf_check nmi_save_registers(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -179,7 +179,7 @@ static int allocate_msrs(void) } -static void nmi_cpu_setup(void * dummy) +static void cf_check nmi_cpu_setup(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -245,7 +245,7 @@ static void nmi_restore_registers(struct op_msrs * msrs) } -static void nmi_cpu_shutdown(void * dummy) +static void cf_check nmi_cpu_shutdown(void *dummy) { int cpu = smp_processor_id(); struct op_msrs * msrs = &cpu_msrs[cpu]; @@ -261,7 +261,7 @@ void nmi_release_counters(void) } -static void nmi_cpu_start(void * dummy) +static void cf_check nmi_cpu_start(void *dummy) { int cpu = smp_processor_id(); struct op_msrs const * msrs = &cpu_msrs[cpu]; @@ -278,7 +278,7 @@ int nmi_start(void) } -static void nmi_cpu_stop(void * dummy) +static void cf_check nmi_cpu_stop(void *dummy) { unsigned int v; int cpu = smp_processor_id(); diff --git a/xen/arch/x86/oprofile/op_model_athlon.c b/xen/arch/x86/oprofile/op_model_athlon.c index ee6eb0ecae..2177f02946 100644 --- a/xen/arch/x86/oprofile/op_model_athlon.c +++ b/xen/arch/x86/oprofile/op_model_athlon.c @@ -436,7 +436,7 @@ static void athlon_stop(struct op_msrs const * const msrs) #define APIC_EILVT_MSG_NMI 0x4 #define APIC_EILVT_LVTOFF_IBS 1 #define APIC_EILVTn(n) (0x500 + 0x10 * n) -static inline void __init init_ibs_nmi_per_cpu(void *arg) +static inline void __init cf_check init_ibs_nmi_per_cpu(void *arg) { unsigned long reg; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index f5d7adc1e8..b91ccff589 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -47,7 +47,7 @@ struct resource_access { long cf_check cpu_frequency_change_helper(void *); void check_resource_access(struct resource_access *); -void resource_access(void *); +void cf_check resource_access(void *); #ifndef COMPAT typedef long ret_t; @@ -149,7 +149,7 @@ void check_resource_access(struct resource_access *ra) ra->nr_done = i; } -void resource_access(void *info) +void cf_check resource_access(void *info) { struct resource_access *ra = info; unsigned int i; diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 5b9991bd5b..6c9cabf384 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -1247,7 +1247,7 @@ struct cos_write_info const uint32_t *val; }; -static void do_write_psr_msrs(void *data) +static void cf_check do_write_psr_msrs(void *data) { const struct cos_write_info *info = data; unsigned int i, index, cos = info->cos; diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index ad3e3a7691..30985d36a6 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -118,7 +118,7 @@ static inline void kb_wait(void) break; } -static void noreturn __machine_halt(void *unused) +static void noreturn cf_check __machine_halt(void *unused) { local_irq_disable(); @@ -548,7 +548,7 @@ static int __init cf_check reboot_init(void) } __initcall(reboot_init); -static void noreturn __machine_restart(void *pdelay) +static void cf_check noreturn __machine_restart(void *pdelay) { machine_restart(*(unsigned int *)pdelay); } diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index f4952a6bf9..f6fd7f95df 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -339,7 +339,7 @@ void __stop_this_cpu(void) cpumask_clear_cpu(smp_processor_id(), &cpu_online_map); } -static void stop_this_cpu(void *dummy) +static void cf_check stop_this_cpu(void *dummy) { __stop_this_cpu(); for ( ; ; ) diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index 1772f51f8f..f82abc2488 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -69,7 +69,7 @@ struct l3_cache_info { unsigned long size; }; -static void l3_cache_get(void *arg) +static void cf_check l3_cache_get(void *arg) { struct cpuid4_info info; struct l3_cache_info *l3_info = arg; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index bee5fd755a..a78f350b23 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -1660,7 +1660,7 @@ static void check_tsc_warp(unsigned long tsc_khz, unsigned long *max_warp) static unsigned long tsc_max_warp, tsc_check_count; static cpumask_t tsc_check_cpumask; -static void tsc_check_slave(void *unused) +static void cf_check tsc_check_slave(void *unused) { unsigned int cpu = smp_processor_id(); local_irq_disable(); @@ -1808,7 +1808,7 @@ static void time_calibration_tsc_rendezvous(void *_r) } /* Ordinary rendezvous function which does not modify TSC values. */ -static void time_calibration_std_rendezvous(void *_r) +static void cf_check time_calibration_std_rendezvous(void *_r) { struct calibration_rendezvous *r = _r; unsigned int total_cpus = cpumask_weight(&r->cpu_calibration_map); @@ -1839,7 +1839,7 @@ static void time_calibration_std_rendezvous(void *_r) * Rendezvous function used when clocksource is TSC and * no CPU hotplug will be performed. */ -static void time_calibration_nop_rendezvous(void *rv) +static void cf_check time_calibration_nop_rendezvous(void *rv) { const struct calibration_rendezvous *r = rv; struct cpu_time_stamp *c = &this_cpu(cpu_calibration); @@ -2031,7 +2031,7 @@ static void __init tsc_check_writability(void) disable_tsc_sync = true; } -static void __init reset_percpu_time(void *unused) +static void __init cf_check reset_percpu_time(void *unused) { struct cpu_time *t = &this_cpu(cpu_time); diff --git a/xen/common/cpu.c b/xen/common/cpu.c index 1f976db0a5..b0b63cdb36 100644 --- a/xen/common/cpu.c +++ b/xen/common/cpu.c @@ -84,13 +84,13 @@ static int cpu_notifier_call_chain(unsigned int cpu, unsigned long action, return ret; } -static void _take_cpu_down(void *unused) +static void cf_check _take_cpu_down(void *unused) { cpu_notifier_call_chain(smp_processor_id(), CPU_DYING, NULL, true); __cpu_disable(); } -static int take_cpu_down(void *arg) +static int cf_check take_cpu_down(void *arg) { _take_cpu_down(arg); return 0; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 99bfd9a654..079c3ca961 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -660,7 +660,7 @@ static int __init cf_check initialise_gdb(void) } presmp_initcall(initialise_gdb); -static void gdb_pause_this_cpu(void *unused) +static void cf_check gdb_pause_this_cpu(void *unused) { unsigned long flags; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 8b9f378371..2c916d528a 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -360,7 +360,7 @@ static cpumask_t read_clocks_cpumask; static DEFINE_PER_CPU(s_time_t, read_clocks_time); static DEFINE_PER_CPU(u64, read_cycles_time); -static void read_clocks_slave(void *unused) +static void cf_check read_clocks_slave(void *unused) { unsigned int cpu = smp_processor_id(); local_irq_disable(); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 561e238d2d..827617502e 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1898,7 +1898,7 @@ void __init end_boot_allocator(void) printk("\n"); } -static void __init smp_scrub_heap_pages(void *data) +static void __init cf_check smp_scrub_heap_pages(void *data) { unsigned long mfn, start, end; struct page_info *pg; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277972.474875 (Exim 4.92) (envelope-from ) id 1nN9lj-00032m-GG; Thu, 24 Feb 2022 08:46:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277972.474875; Thu, 24 Feb 2022 08:46:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lj-00032e-DO; Thu, 24 Feb 2022 08:46:35 +0000 Received: by outflank-mailman (input) for mailman id 277972; Thu, 24 Feb 2022 08:46:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9li-00032U-GL for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9li-0000wQ-Fd for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9li-0005Kh-Er for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BGA8iBrBhVOl9dxxTi06yU35+y+q0LvgcvJC1GoGvMM=; b=VJlU7irVeZZNaH0ZddDU0naN4f 1hxhRe151qfYF+0nC76oPc8AhTAH1OL6hQKUM4yJC4LuCo4dGkAcBKZzLqHyDGCHqNkXKtUnE1STH Y8ylE57yvlBILrej99C902wD4xnXWg7wndQmzSUB8l3nTtRkqvxI80fzD0grs2xM0ZH8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: CFI hardening for open_softirq() Message-Id: Date: Thu, 24 Feb 2022 08:46:34 +0000 commit 078dfe2fe0084e9a656928a186213821c5c5bad4 Author: Andrew Cooper AuthorDate: Fri Oct 29 10:58:21 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for open_softirq() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/domain.c | 2 +- xen/arch/x86/include/asm/flushtlb.h | 2 +- xen/arch/x86/pv/traps.c | 2 +- xen/arch/x86/smp.c | 2 +- xen/arch/x86/time.c | 2 +- xen/common/rcupdate.c | 2 +- xen/common/sched/core.c | 6 +++--- xen/common/tasklet.c | 2 +- xen/common/timer.c | 2 +- xen/drivers/passthrough/x86/hvm.c | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 43f6c8471a..3467e0f1a3 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -1837,7 +1837,7 @@ static int mce_delayed_action(mctelem_cookie_t mctc) } /* Softirq Handler for this MCE# processing */ -static void mce_softirq(void) +static void cf_check mce_softirq(void) { static DEFINE_MCE_BARRIER(mce_inside_bar); static DEFINE_MCE_BARRIER(mce_severity_bar); diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 36748f67da..ec0b631f7c 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2524,7 +2524,7 @@ void vcpu_mark_events_pending(struct vcpu *v) vcpu_kick(v); } -static void vcpu_kick_softirq(void) +static void cf_check vcpu_kick_softirq(void) { /* * Nothing to do here: we merely prevent notifiers from racing with checks diff --git a/xen/arch/x86/include/asm/flushtlb.h b/xen/arch/x86/include/asm/flushtlb.h index 0be2273387..18777f1d4c 100644 --- a/xen/arch/x86/include/asm/flushtlb.h +++ b/xen/arch/x86/include/asm/flushtlb.h @@ -87,7 +87,7 @@ static inline void tlbflush_filter(cpumask_t *mask, uint32_t page_timestamp) __cpumask_clear_cpu(cpu, mask); } -void new_tlbflush_clock_period(void); +void cf_check new_tlbflush_clock_period(void); /* Read pagetable base. */ static inline unsigned long read_cr3(void) diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index 170e103098..97fe54b5ee 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -130,7 +130,7 @@ bool set_guest_nmi_trapbounce(void) static DEFINE_PER_CPU(struct vcpu *, softirq_nmi_vcpu); -static void nmi_softirq(void) +static void cf_check nmi_softirq(void) { struct vcpu **v_ptr = &this_cpu(softirq_nmi_vcpu); diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index f6fd7f95df..b9a696f619 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -290,7 +290,7 @@ void flush_area_mask(const cpumask_t *mask, const void *va, unsigned int flags) } /* Call with no locks held and interrupts enabled (e.g., softirq context). */ -void new_tlbflush_clock_period(void) +void cf_check new_tlbflush_clock_period(void) { cpumask_t allbutself; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index a78f350b23..32111358a7 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -1454,7 +1454,7 @@ int cpu_frequency_change(u64 freq) static DEFINE_PER_CPU(struct cpu_time_stamp, cpu_calibration); /* Softirq handler for per-CPU time calibration. */ -static void local_time_calibration(void) +static void cf_check local_time_calibration(void) { struct cpu_time *t = &this_cpu(cpu_time); const struct cpu_time_stamp *c = &this_cpu(cpu_calibration); diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index 423d6b1d6d..212a99acd8 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -466,7 +466,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp, rcu_do_batch(rdp); } -static void rcu_process_callbacks(void) +static void cf_check rcu_process_callbacks(void) { struct rcu_data *rdp = &this_cpu(rcu_data); diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index aaa7ef2a6f..4e60500c7c 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2568,7 +2568,7 @@ static struct sched_unit *sched_wait_rendezvous_in(struct sched_unit *prev, return prev->next_task; } -static void sched_slave(void) +static void cf_check sched_slave(void) { struct vcpu *v, *vprev = current; struct sched_unit *prev = vprev->sched_unit, *next; @@ -2632,7 +2632,7 @@ static void sched_slave(void) * - deschedule the current domain (scheduler independent). * - pick a new domain (scheduler dependent). */ -static void schedule(void) +static void cf_check schedule(void) { struct vcpu *vnext, *vprev = current; struct sched_unit *prev = vprev->sched_unit, *next = NULL; @@ -2928,7 +2928,7 @@ const cpumask_t *sched_get_opt_cpumask(enum sched_gran opt, unsigned int cpu) return mask; } -static void schedule_dummy(void) +static void cf_check schedule_dummy(void) { sched_tasklet_check_cpu(smp_processor_id()); } diff --git a/xen/common/tasklet.c b/xen/common/tasklet.c index 1b16bbcdeb..3ad67b5c24 100644 --- a/xen/common/tasklet.c +++ b/xen/common/tasklet.c @@ -135,7 +135,7 @@ void do_tasklet(void) } /* Softirq context work */ -static void tasklet_softirq_action(void) +static void cf_check tasklet_softirq_action(void) { unsigned int cpu = smp_processor_id(); struct list_head *list = &per_cpu(softirq_tasklet_list, cpu); diff --git a/xen/common/timer.c b/xen/common/timer.c index b788050ea1..700f191a70 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -450,7 +450,7 @@ static void execute_timer(struct timers *ts, struct timer *t) } -static void timer_softirq_action(void) +static void cf_check timer_softirq_action(void) { struct timer *t, **heap, *next; struct timers *ts; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 527bd6a56d..0e3c0f6aee 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -1003,7 +1003,7 @@ int arch_pci_clean_pirqs(struct domain *d) * Note: 'pt_pirq_softirq_reset' can clear the STATE_SCHED before we get to * doing it. If that is the case we let 'pt_pirq_softirq_reset' do ref-counting. */ -static void dpci_softirq(void) +static void cf_check dpci_softirq(void) { unsigned int cpu = smp_processor_id(); LIST_HEAD(our_list); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277973.474879 (Exim 4.92) (envelope-from ) id 1nN9lt-00036s-JM; Thu, 24 Feb 2022 08:46:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277973.474879; Thu, 24 Feb 2022 08:46:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9lt-00036i-GG; Thu, 24 Feb 2022 08:46:45 +0000 Received: by outflank-mailman (input) for mailman id 277973; Thu, 24 Feb 2022 08:46:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ls-00036V-Jk for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ls-0000yC-J4 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ls-0005LV-IK for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n2W4vCckSPij1Sq+irxPTkkPJ8UN43bRB0jZ7IAinbw=; b=wibPRAa1nYDO/+IigwPXJGO5HD xfyJcxbVqJix+i2UgaTCBvhwNjMo36kFmZU4/q9PYd+GCstjzG8BX4sn4QtmbH/xy2O66Kn55o5WD MMrjMEZXrYggOQuVpvp1LbEim1ZDNKOGgrhwzfJY2xKZJcm3REtOOobaa87btvESnNkQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xsm/flask/ss: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:46:44 +0000 commit c9e0a06259aff799b57b3180ba815081c914f4e8 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:32:08 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm/flask/ss: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/xsm/flask/ss/avtab.c | 4 ++-- xen/xsm/flask/ss/conditional.c | 10 ++++---- xen/xsm/flask/ss/conditional.h | 6 ++--- xen/xsm/flask/ss/policydb.c | 53 ++++++++++++++++++++++-------------------- xen/xsm/flask/ss/services.c | 6 ++--- xen/xsm/flask/ss/symtab.c | 5 ++-- 6 files changed, 44 insertions(+), 40 deletions(-) diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c index bfc91c8b0c..55c2b4d8a4 100644 --- a/xen/xsm/flask/ss/avtab.c +++ b/xen/xsm/flask/ss/avtab.c @@ -482,8 +482,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return insertf(a, &key, &datum, p); } -static int avtab_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *p) +static int cf_check avtab_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p) { return avtab_insert(a, k, d); } diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c index 3e58aea551..b4b116666c 100644 --- a/xen/xsm/flask/ss/conditional.c +++ b/xen/xsm/flask/ss/conditional.c @@ -189,14 +189,14 @@ int cond_init_bool_indexes(struct policydb *p) return 0; } -int cond_destroy_bool(void *key, void *datum, void *p) +int cf_check cond_destroy_bool(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -int cond_index_bool(void *key, void *datum, void *datap) +int cf_check cond_index_bool(void *key, void *datum, void *datap) { struct policydb *p; struct cond_bool_datum *booldatum; @@ -220,7 +220,7 @@ static int bool_isvalid(struct cond_bool_datum *b) return 1; } -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cond_bool_datum *booldatum; @@ -268,8 +268,8 @@ struct cond_insertf_data struct cond_av_list *tail; }; -static int cond_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *ptr) +static int cf_check cond_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr) { struct cond_insertf_data *data = ptr; struct policydb *p = data->p; diff --git a/xen/xsm/flask/ss/conditional.h b/xen/xsm/flask/ss/conditional.h index 59ac6b4b57..500fe4305a 100644 --- a/xen/xsm/flask/ss/conditional.h +++ b/xen/xsm/flask/ss/conditional.h @@ -63,11 +63,11 @@ int cond_policydb_init(struct policydb* p); void cond_policydb_destroy(struct policydb* p); int cond_init_bool_indexes(struct policydb* p); -int cond_destroy_bool(void *key, void *datum, void *p); +int cf_check cond_destroy_bool(void *key, void *datum, void *p); -int cond_index_bool(void *key, void *datum, void *datap); +int cf_check cond_index_bool(void *key, void *datum, void *datap); -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); int cond_read_list(struct policydb *p, void *fp); void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd); diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c index 9426164353..ff2103c63e 100644 --- a/xen/xsm/flask/ss/policydb.c +++ b/xen/xsm/flask/ss/policydb.c @@ -257,12 +257,12 @@ out_free_symtab: * of a class, role, or user are needed. */ -static int common_index(void *key, void *datum, void *datap) +static int cf_check common_index(void *key, void *datum, void *datap) { return 0; } -static int class_index(void *key, void *datum, void *datap) +static int cf_check class_index(void *key, void *datum, void *datap) { struct policydb *p; struct class_datum *cladatum; @@ -276,7 +276,7 @@ static int class_index(void *key, void *datum, void *datap) return 0; } -static int role_index(void *key, void *datum, void *datap) +static int cf_check role_index(void *key, void *datum, void *datap) { struct policydb *p; struct role_datum *role; @@ -292,7 +292,7 @@ static int role_index(void *key, void *datum, void *datap) return 0; } -static int type_index(void *key, void *datum, void *datap) +static int cf_check type_index(void *key, void *datum, void *datap) { struct policydb *p; struct type_datum *typdatum; @@ -313,7 +313,7 @@ static int type_index(void *key, void *datum, void *datap) return 0; } -static int user_index(void *key, void *datum, void *datap) +static int cf_check user_index(void *key, void *datum, void *datap) { struct policydb *p; struct user_datum *usrdatum; @@ -329,7 +329,7 @@ static int user_index(void *key, void *datum, void *datap) return 0; } -static int sens_index(void *key, void *datum, void *datap) +static int cf_check sens_index(void *key, void *datum, void *datap) { struct policydb *p; struct level_datum *levdatum; @@ -348,7 +348,7 @@ static int sens_index(void *key, void *datum, void *datap) return 0; } -static int cat_index(void *key, void *datum, void *datap) +static int cf_check cat_index(void *key, void *datum, void *datap) { struct policydb *p; struct cat_datum *catdatum; @@ -506,14 +506,14 @@ out: * symbol data in the policy database. */ -static int perm_destroy(void *key, void *datum, void *p) +static int cf_check perm_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int common_destroy(void *key, void *datum, void *p) +static int cf_check common_destroy(void *key, void *datum, void *p) { struct common_datum *comdatum; @@ -525,7 +525,7 @@ static int common_destroy(void *key, void *datum, void *p) return 0; } -static int class_destroy(void *key, void *datum, void *p) +static int cf_check class_destroy(void *key, void *datum, void *p) { struct class_datum *cladatum; struct constraint_node *constraint, *ctemp; @@ -572,7 +572,7 @@ static int class_destroy(void *key, void *datum, void *p) return 0; } -static int role_destroy(void *key, void *datum, void *p) +static int cf_check role_destroy(void *key, void *datum, void *p) { struct role_datum *role; @@ -584,14 +584,14 @@ static int role_destroy(void *key, void *datum, void *p) return 0; } -static int type_destroy(void *key, void *datum, void *p) +static int cf_check type_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int user_destroy(void *key, void *datum, void *p) +static int cf_check user_destroy(void *key, void *datum, void *p) { struct user_datum *usrdatum; @@ -605,7 +605,7 @@ static int user_destroy(void *key, void *datum, void *p) return 0; } -static int sens_destroy(void *key, void *datum, void *p) +static int cf_check sens_destroy(void *key, void *datum, void *p) { struct level_datum *levdatum; @@ -617,7 +617,7 @@ static int sens_destroy(void *key, void *datum, void *p) return 0; } -static int cat_destroy(void *key, void *datum, void *p) +static int cf_check cat_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); @@ -989,7 +989,7 @@ bad: goto out; } -static int common_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check common_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct common_datum *comdatum; @@ -1151,7 +1151,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, return 0; } -static int class_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check class_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct class_datum *cladatum; @@ -1250,7 +1250,7 @@ bad: goto out; } -static int role_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check role_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct role_datum *role; @@ -1321,7 +1321,7 @@ bad: goto out; } -static int type_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check type_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct type_datum *typdatum; @@ -1415,7 +1415,7 @@ bad: return -EINVAL; } -static int user_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check user_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct user_datum *usrdatum; @@ -1479,7 +1479,7 @@ bad: goto out; } -static int sens_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check sens_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct level_datum *levdatum; @@ -1534,7 +1534,7 @@ bad: goto out; } -static int cat_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check cat_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cat_datum *catdatum; @@ -1591,7 +1591,8 @@ static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) cat_read, }; -static int user_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check user_bounds_sanity_check( + void *key, void *datum, void *datap) { struct user_datum *upper, *user; struct policydb *p = datap; @@ -1631,7 +1632,8 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int role_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check role_bounds_sanity_check( + void *key, void *datum, void *datap) { struct role_datum *upper, *role; struct policydb *p = datap; @@ -1671,7 +1673,8 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int type_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check type_bounds_sanity_check( + void *key, void *datum, void *datap) { struct type_datum *upper, *type; struct policydb *p = datap; diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 42686535f2..2f6d3d350d 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -283,7 +283,7 @@ mls_ops: * security_dump_masked_av - dumps masked permissions during * security_compute_av due to RBAC, MLS/Constraint and Type bounds. */ -static int dump_masked_av_helper(void *k, void *d, void *args) +static int cf_check dump_masked_av_helper(void *k, void *d, void *args) { struct perm_datum *pdatum = d; char **permission_names = args; @@ -1240,7 +1240,7 @@ static int validate_classes(struct policydb *p) } /* Clone the SID into the new SID table. */ -static int clone_sid(u32 sid, struct context *context, void *arg) +static int cf_check clone_sid(u32 sid, struct context *context, void *arg) { struct sidtab *s = arg; @@ -1277,7 +1277,7 @@ struct convert_context_args { * in the policy `p->newp'. Verify that the * context is valid under the new policy. */ -static int convert_context(u32 key, struct context *c, void *p) +static int cf_check convert_context(u32 key, struct context *c, void *p) { struct convert_context_args *args; struct context oldc; diff --git a/xen/xsm/flask/ss/symtab.c b/xen/xsm/flask/ss/symtab.c index d98c116d5b..0ce7e08c24 100644 --- a/xen/xsm/flask/ss/symtab.c +++ b/xen/xsm/flask/ss/symtab.c @@ -12,7 +12,7 @@ #include #include "symtab.h" -static unsigned int symhash(struct hashtab *h, const void *key) +static unsigned int cf_check symhash(struct hashtab *h, const void *key) { const char *p, *keyp; unsigned int size; @@ -26,7 +26,8 @@ static unsigned int symhash(struct hashtab *h, const void *key) return val & (h->size - 1); } -static int symcmp(struct hashtab *h, const void *key1, const void *key2) +static int cf_check symcmp( + struct hashtab *h, const void *key1, const void *key2) { const char *keyp1, *keyp2; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:46:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:46:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277974.474883 (Exim 4.92) (envelope-from ) id 1nN9m3-00039U-LM; Thu, 24 Feb 2022 08:46:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277974.474883; Thu, 24 Feb 2022 08:46:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9m3-00039M-Hu; Thu, 24 Feb 2022 08:46:55 +0000 Received: by outflank-mailman (input) for mailman id 277974; Thu, 24 Feb 2022 08:46:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9m2-00039F-N5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9m2-0000yc-MK for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9m2-0005MR-LX for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:46:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6IY7Mvav5Y5Lwxo2YafTJzdng67q0vIvwMe4cRBIeBQ=; b=W5LIgoFm2qq9nNKVVcd4j/w/js OMVLFuqt2FYTGZ38qp4fQGYa02lsqDfFZ35qASunqunbtBv5Be0k/TPp1ERCTz/jugYPIe9vNn0p2 2Yl2f55oj5PMbNQB8M8Eg2GsfTFq8ys7L+0u6ArhWXrTd0cMN0dmC+bswQq3RsxCit2c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xsm: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:46:54 +0000 commit a096eaf12a0d558240c937fe44176aaa98b750a7 Author: Andrew Cooper AuthorDate: Fri Oct 29 21:26:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith --- xen/include/xsm/dummy.h | 211 ++++++++++++++++++++++-------------------- xen/xsm/flask/flask_op.c | 2 +- xen/xsm/flask/hooks.c | 232 ++++++++++++++++++++++++++--------------------- xen/xsm/flask/private.h | 4 +- xen/xsm/silo.c | 24 ++--- 5 files changed, 257 insertions(+), 216 deletions(-) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index b024119896..58afc1d589 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -101,46 +101,48 @@ static always_inline int xsm_default_action( } } -static XSM_INLINE void xsm_security_domaininfo( +static XSM_INLINE void cf_check xsm_security_domaininfo( struct domain *d, struct xen_domctl_getdomaininfo *info) { return; } -static XSM_INLINE int xsm_domain_create( +static XSM_INLINE int cf_check xsm_domain_create( XSM_DEFAULT_ARG struct domain *d, uint32_t ssidref) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_getdomaininfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_getdomaininfo( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_domctl_scheduler_op( +static XSM_INLINE int cf_check xsm_domctl_scheduler_op( XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int cf_check xsm_sysctl_scheduler_op(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_set_target( +static XSM_INLINE int cf_check xsm_set_target( XSM_DEFAULT_ARG struct domain *d, struct domain *e) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_domctl( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( cmd ) @@ -157,91 +159,93 @@ static XSM_INLINE int xsm_domctl(XSM_DEFAULT_ARG struct domain *d, int cmd) } } -static XSM_INLINE int xsm_sysctl(XSM_DEFAULT_ARG int cmd) +static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) +static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_alloc_security_domain(struct domain *d) +static XSM_INLINE int cf_check xsm_alloc_security_domain(struct domain *d) { return 0; } -static XSM_INLINE void xsm_free_security_domain(struct domain *d) +static XSM_INLINE void cf_check xsm_free_security_domain(struct domain *d) { return; } -static XSM_INLINE int xsm_grant_mapref( +static XSM_INLINE int cf_check xsm_grant_mapref( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, uint32_t flags) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_unmapref( +static XSM_INLINE int cf_check xsm_grant_unmapref( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_setup( +static XSM_INLINE int cf_check xsm_grant_setup( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_transfer( +static XSM_INLINE int cf_check xsm_grant_transfer( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_copy( +static XSM_INLINE int cf_check xsm_grant_copy( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_grant_query_size( +static XSM_INLINE int cf_check xsm_grant_query_size( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_exchange(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_memory_exchange( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_memory_adjust_reservation( +static XSM_INLINE int cf_check xsm_memory_adjust_reservation( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_stat_reservation( +static XSM_INLINE int cf_check xsm_memory_stat_reservation( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_console_io( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_OTHER); if ( d->is_console ) @@ -253,26 +257,27 @@ static XSM_INLINE int xsm_console_io(XSM_DEFAULT_ARG struct domain *d, int cmd) return xsm_default_action(XSM_PRIV, d, NULL); } -static XSM_INLINE int xsm_profile(XSM_DEFAULT_ARG struct domain *d, int op) +static XSM_INLINE int cf_check xsm_profile( + XSM_DEFAULT_ARG struct domain *d, int op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_kexec(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_kexec(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_schedop_shutdown( +static XSM_INLINE int cf_check xsm_schedop_shutdown( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_memory_pin_page( +static XSM_INLINE int cf_check xsm_memory_pin_page( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2, struct page_info *page) { @@ -280,20 +285,20 @@ static XSM_INLINE int xsm_memory_pin_page( return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_claim_pages(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_unbound( +static XSM_INLINE int cf_check xsm_evtchn_unbound( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn, domid_t id2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_interdomain( +static XSM_INLINE int cf_check xsm_evtchn_interdomain( XSM_DEFAULT_ARG struct domain *d1, struct evtchn *chan1, struct domain *d2, struct evtchn *chan2) { @@ -301,89 +306,94 @@ static XSM_INLINE int xsm_evtchn_interdomain( return xsm_default_action(action, d1, d2); } -static XSM_INLINE void xsm_evtchn_close_post(struct evtchn *chn) +static XSM_INLINE void cf_check xsm_evtchn_close_post(struct evtchn *chn) { return; } -static XSM_INLINE int xsm_evtchn_send( +static XSM_INLINE int cf_check xsm_evtchn_send( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_evtchn_status( +static XSM_INLINE int cf_check xsm_evtchn_status( XSM_DEFAULT_ARG struct domain *d, struct evtchn *chn) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_evtchn_reset( +static XSM_INLINE int cf_check xsm_evtchn_reset( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_alloc_security_evtchns( +static XSM_INLINE int cf_check xsm_alloc_security_evtchns( struct evtchn chn[], unsigned int nr) { return 0; } -static XSM_INLINE void xsm_free_security_evtchns( +static XSM_INLINE void cf_check xsm_free_security_evtchns( struct evtchn chn[], unsigned int nr) { return; } -static XSM_INLINE char *xsm_show_security_evtchn( +static XSM_INLINE char *cf_check xsm_show_security_evtchn( struct domain *d, const struct evtchn *chn) { return NULL; } -static XSM_INLINE int xsm_init_hardware_domain(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_init_hardware_domain( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_get_pod_target( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_set_pod_target(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_set_pod_target( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_get_vnumainfo(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_get_vnumainfo( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static XSM_INLINE int xsm_get_device_group(XSM_DEFAULT_ARG uint32_t machine_bdf) +static XSM_INLINE int cf_check xsm_get_device_group( + XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_assign_device( +static XSM_INLINE int cf_check xsm_assign_device( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_device( +static XSM_INLINE int cf_check xsm_deassign_device( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -393,14 +403,14 @@ static XSM_INLINE int xsm_deassign_device( #endif /* HAS_PASSTHROUGH && HAS_PCI */ #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_DEVICE_TREE) -static XSM_INLINE int xsm_assign_dtdevice( +static XSM_INLINE int cf_check xsm_assign_dtdevice( XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_deassign_dtdevice( +static XSM_INLINE int cf_check xsm_deassign_dtdevice( XSM_DEFAULT_ARG struct domain *d, const char *dtpath) { XSM_ASSERT_ACTION(XSM_HOOK); @@ -409,142 +419,144 @@ static XSM_INLINE int xsm_deassign_dtdevice( #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static XSM_INLINE int xsm_resource_plug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_plug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_core(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_unplug_core(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_plug_pci( +static XSM_INLINE int cf_check xsm_resource_plug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_unplug_pci( +static XSM_INLINE int cf_check xsm_resource_unplug_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_pci( +static XSM_INLINE int cf_check xsm_resource_setup_pci( XSM_DEFAULT_ARG uint32_t machine_bdf) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) +static XSM_INLINE int cf_check xsm_resource_setup_gsi(XSM_DEFAULT_ARG int gsi) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_resource_setup_misc(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_resource_setup_misc(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) +static XSM_INLINE int cf_check xsm_page_offline(XSM_DEFAULT_ARG uint32_t cmd) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_hypfs_op(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_hypfs_op(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE long xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) +static XSM_INLINE long cf_check xsm_do_xsm_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } #ifdef CONFIG_COMPAT -static XSM_INLINE int xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) +static XSM_INLINE int cf_check xsm_do_compat_op(XEN_GUEST_HANDLE_PARAM(void) op) { return -ENOSYS; } #endif -static XSM_INLINE char *xsm_show_irq_sid(int irq) +static XSM_INLINE char *cf_check xsm_show_irq_sid(int irq) { return NULL; } -static XSM_INLINE int xsm_map_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_map_domain_pirq( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_map_domain_irq( +static XSM_INLINE int cf_check xsm_map_domain_irq( XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_pirq(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_unmap_domain_pirq( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_bind_pt_irq( +static XSM_INLINE int cf_check xsm_bind_pt_irq( XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unbind_pt_irq( +static XSM_INLINE int cf_check xsm_unbind_pt_irq( XSM_DEFAULT_ARG struct domain *d, struct xen_domctl_bind_pt_irq *bind) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_unmap_domain_irq( +static XSM_INLINE int cf_check xsm_unmap_domain_irq( XSM_DEFAULT_ARG struct domain *d, int irq, const void *data) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_irq_permission( +static XSM_INLINE int cf_check xsm_irq_permission( XSM_DEFAULT_ARG struct domain *d, int pirq, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_permission( +static XSM_INLINE int cf_check xsm_iomem_permission( XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_iomem_mapping( +static XSM_INLINE int cf_check xsm_iomem_mapping( XSM_DEFAULT_ARG struct domain *d, uint64_t s, uint64_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pci_config_permission( +static XSM_INLINE int cf_check xsm_pci_config_permission( XSM_DEFAULT_ARG struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) { @@ -552,41 +564,42 @@ static XSM_INLINE int xsm_pci_config_permission( return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_add_to_physmap( +static XSM_INLINE int cf_check xsm_add_to_physmap( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_remove_from_physmap( +static XSM_INLINE int cf_check xsm_remove_from_physmap( XSM_DEFAULT_ARG struct domain *d1, struct domain *d2) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d1, d2); } -static XSM_INLINE int xsm_map_gmfn_foreign( +static XSM_INLINE int cf_check xsm_map_gmfn_foreign( XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_hvm_param( +static XSM_INLINE int cf_check xsm_hvm_param( XSM_DEFAULT_ARG struct domain *d, unsigned long op) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_param_altp2mhvm(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_hvm_param_altp2mhvm( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_hvm_altp2mhvm_op( +static XSM_INLINE int cf_check xsm_hvm_altp2mhvm_op( XSM_DEFAULT_ARG struct domain *d, uint64_t mode, uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -606,7 +619,7 @@ static XSM_INLINE int xsm_hvm_altp2mhvm_op( } } -static XSM_INLINE int xsm_vm_event_control( +static XSM_INLINE int cf_check xsm_vm_event_control( XSM_DEFAULT_ARG struct domain *d, int mode, int op) { XSM_ASSERT_ACTION(XSM_PRIV); @@ -614,7 +627,7 @@ static XSM_INLINE int xsm_vm_event_control( } #ifdef CONFIG_MEM_ACCESS -static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -622,7 +635,7 @@ static XSM_INLINE int xsm_mem_access(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_PAGING -static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); @@ -630,59 +643,61 @@ static XSM_INLINE int xsm_mem_paging(XSM_DEFAULT_ARG struct domain *d) #endif #ifdef CONFIG_MEM_SHARING -static XSM_INLINE int xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_mem_sharing(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #endif -static XSM_INLINE int xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int cf_check xsm_platform_op(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } #ifdef CONFIG_X86 -static XSM_INLINE int xsm_do_mca(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_do_mca(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_shadow_control( +static XSM_INLINE int cf_check xsm_shadow_control( XSM_DEFAULT_ARG struct domain *d, uint32_t op) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mem_sharing_op( +static XSM_INLINE int cf_check xsm_mem_sharing_op( XSM_DEFAULT_ARG struct domain *d, struct domain *cd, int op) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, cd); } -static XSM_INLINE int xsm_apic(XSM_DEFAULT_ARG struct domain *d, int cmd) +static XSM_INLINE int cf_check xsm_apic( + XSM_DEFAULT_ARG struct domain *d, int cmd) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, d, NULL); } -static XSM_INLINE int xsm_machine_memory_map(XSM_DEFAULT_VOID) +static XSM_INLINE int cf_check xsm_machine_memory_map(XSM_DEFAULT_VOID) { XSM_ASSERT_ACTION(XSM_PRIV); return xsm_default_action(action, current->domain, NULL); } -static XSM_INLINE int xsm_domain_memory_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_domain_memory_map( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_mmu_update( +static XSM_INLINE int cf_check xsm_mmu_update( XSM_DEFAULT_ARG struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { @@ -695,42 +710,42 @@ static XSM_INLINE int xsm_mmu_update( return rc; } -static XSM_INLINE int xsm_mmuext_op( +static XSM_INLINE int cf_check xsm_mmuext_op( XSM_DEFAULT_ARG struct domain *d, struct domain *f) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_update_va_mapping( +static XSM_INLINE int cf_check xsm_update_va_mapping( XSM_DEFAULT_ARG struct domain *d, struct domain *f, l1_pgentry_t pte) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, f); } -static XSM_INLINE int xsm_priv_mapping( +static XSM_INLINE int cf_check xsm_priv_mapping( XSM_DEFAULT_ARG struct domain *d, struct domain *t) { XSM_ASSERT_ACTION(XSM_TARGET); return xsm_default_action(action, d, t); } -static XSM_INLINE int xsm_ioport_permission( +static XSM_INLINE int cf_check xsm_ioport_permission( XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_ioport_mapping( +static XSM_INLINE int cf_check xsm_ioport_mapping( XSM_DEFAULT_ARG struct domain *d, uint32_t s, uint32_t e, uint8_t allow) { XSM_ASSERT_ACTION(XSM_HOOK); return xsm_default_action(action, current->domain, d); } -static XSM_INLINE int xsm_pmu_op( +static XSM_INLINE int cf_check xsm_pmu_op( XSM_DEFAULT_ARG struct domain *d, unsigned int op) { XSM_ASSERT_ACTION(XSM_OTHER); @@ -748,30 +763,31 @@ static XSM_INLINE int xsm_pmu_op( #endif /* CONFIG_X86 */ -static XSM_INLINE int xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_dm_op(XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); } #ifdef CONFIG_ARGO -static XSM_INLINE int xsm_argo_enable(const struct domain *d) +static XSM_INLINE int cf_check xsm_argo_enable(const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_register_single_source( +static XSM_INLINE int cf_check xsm_argo_register_single_source( const struct domain *d, const struct domain *t) { return 0; } -static XSM_INLINE int xsm_argo_register_any_source(const struct domain *d) +static XSM_INLINE int cf_check xsm_argo_register_any_source( + const struct domain *d) { return 0; } -static XSM_INLINE int xsm_argo_send( +static XSM_INLINE int cf_check xsm_argo_send( const struct domain *d, const struct domain *t) { return 0; @@ -780,7 +796,7 @@ static XSM_INLINE int xsm_argo_send( #endif /* CONFIG_ARGO */ #include -static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) +static XSM_INLINE int cf_check xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) { XSM_ASSERT_ACTION(XSM_OTHER); switch ( op ) @@ -804,7 +820,8 @@ static XSM_INLINE int xsm_xen_version(XSM_DEFAULT_ARG uint32_t op) } } -static XSM_INLINE int xsm_domain_resource_map(XSM_DEFAULT_ARG struct domain *d) +static XSM_INLINE int cf_check xsm_domain_resource_map( + XSM_DEFAULT_ARG struct domain *d) { XSM_ASSERT_ACTION(XSM_DM_PRIV); return xsm_default_action(action, current->domain, d); diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 2d7ca3abae..707be72a3b 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -607,7 +607,7 @@ static int flask_relabel_domain(struct xen_flask_relabel *arg) #endif /* !COMPAT */ -ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) +ret_t cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op) { xen_flask_op_t op; int rv; diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 6ff1be28e4..63484e323c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -157,7 +157,7 @@ static int avc_unknown_permission(const char *name, int id) return rc; } -static int flask_domain_alloc_security(struct domain *d) +static int cf_check flask_domain_alloc_security(struct domain *d) { struct domain_security_struct *dsec; @@ -186,7 +186,7 @@ static int flask_domain_alloc_security(struct domain *d) return 0; } -static void flask_domain_free_security(struct domain *d) +static void cf_check flask_domain_free_security(struct domain *d) { struct domain_security_struct *dsec = d->ssid; @@ -197,8 +197,8 @@ static void flask_domain_free_security(struct domain *d) xfree(dsec); } -static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, - domid_t id2) +static int cf_check flask_evtchn_unbound( + struct domain *d1, struct evtchn *chn, domid_t id2) { u32 sid1, sid2, newsid; int rc; @@ -230,8 +230,9 @@ static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, return rc; } -static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, - struct domain *d2, struct evtchn *chn2) +static int cf_check flask_evtchn_interdomain( + struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2) { u32 sid1, sid2, newsid, reverse_sid; int rc; @@ -273,12 +274,12 @@ static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, return rc; } -static void flask_evtchn_close_post(struct evtchn *chn) +static void cf_check flask_evtchn_close_post(struct evtchn *chn) { chn->ssid.flask_sid = SECINITSID_UNLABELED; } -static int flask_evtchn_send(struct domain *d, struct evtchn *chn) +static int cf_check flask_evtchn_send(struct domain *d, struct evtchn *chn) { int rc; @@ -298,17 +299,18 @@ static int flask_evtchn_send(struct domain *d, struct evtchn *chn) return rc; } -static int flask_evtchn_status(struct domain *d, struct evtchn *chn) +static int cf_check flask_evtchn_status(struct domain *d, struct evtchn *chn) { return domain_has_evtchn(d, chn, EVENT__STATUS); } -static int flask_evtchn_reset(struct domain *d1, struct domain *d2) +static int cf_check flask_evtchn_reset(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET); } -static int flask_alloc_security_evtchns(struct evtchn chn[], unsigned int nr) +static int cf_check flask_alloc_security_evtchns( + struct evtchn chn[], unsigned int nr) { unsigned int i; @@ -318,7 +320,8 @@ static int flask_alloc_security_evtchns(struct evtchn chn[], unsigned int nr) return 0; } -static void flask_free_security_evtchns(struct evtchn chn[], unsigned int nr) +static void cf_check flask_free_security_evtchns( + struct evtchn chn[], unsigned int nr) { unsigned int i; @@ -329,7 +332,8 @@ static void flask_free_security_evtchns(struct evtchn chn[], unsigned int nr) chn[i].ssid.flask_sid = SECINITSID_UNLABELED; } -static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *chn) +static char *cf_check flask_show_security_evtchn( + struct domain *d, const struct evtchn *chn) { int irq; u32 sid = 0; @@ -355,13 +359,13 @@ static char *flask_show_security_evtchn(struct domain *d, const struct evtchn *c return ctx; } -static int flask_init_hardware_domain(struct domain *d) +static int cf_check flask_init_hardware_domain(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__CREATE_HARDWARE_DOMAIN); } -static int flask_grant_mapref(struct domain *d1, struct domain *d2, - uint32_t flags) +static int cf_check flask_grant_mapref( + struct domain *d1, struct domain *d2, uint32_t flags) { u32 perms = GRANT__MAP_READ; @@ -371,73 +375,75 @@ static int flask_grant_mapref(struct domain *d1, struct domain *d2, return domain_has_perm(d1, d2, SECCLASS_GRANT, perms); } -static int flask_grant_unmapref(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_unmapref(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__UNMAP); } -static int flask_grant_setup(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_setup(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__SETUP); } -static int flask_grant_transfer(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_transfer(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__TRANSFER); } -static int flask_grant_copy(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_copy(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__COPY); } -static int flask_grant_query_size(struct domain *d1, struct domain *d2) +static int cf_check flask_grant_query_size(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_GRANT, GRANT__QUERY); } -static int flask_get_pod_target(struct domain *d) +static int cf_check flask_get_pod_target(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPODTARGET); } -static int flask_set_pod_target(struct domain *d) +static int cf_check flask_set_pod_target(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPODTARGET); } -static int flask_memory_exchange(struct domain *d) +static int cf_check flask_memory_exchange(struct domain *d) { return current_has_perm(d, SECCLASS_MMU, MMU__EXCHANGE); } -static int flask_memory_adjust_reservation(struct domain *d1, struct domain *d2) +static int cf_check flask_memory_adjust_reservation( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__ADJUST); } -static int flask_memory_stat_reservation(struct domain *d1, struct domain *d2) +static int cf_check flask_memory_stat_reservation( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__STAT); } -static int flask_memory_pin_page(struct domain *d1, struct domain *d2, - struct page_info *page) +static int cf_check flask_memory_pin_page( + struct domain *d1, struct domain *d2, struct page_info *page) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PINPAGE); } -static int flask_claim_pages(struct domain *d) +static int cf_check flask_claim_pages(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SETCLAIM); } -static int flask_get_vnumainfo(struct domain *d) +static int cf_check flask_get_vnumainfo(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_VNUMAINFO); } -static int flask_console_io(struct domain *d, int cmd) +static int cf_check flask_console_io(struct domain *d, int cmd) { u32 perm; @@ -456,7 +462,7 @@ static int flask_console_io(struct domain *d, int cmd) return domain_has_xen(d, perm); } -static int flask_profile(struct domain *d, int op) +static int cf_check flask_profile(struct domain *d, int op) { u32 perm; @@ -488,23 +494,23 @@ static int flask_profile(struct domain *d, int op) return domain_has_xen(d, perm); } -static int flask_kexec(void) +static int cf_check flask_kexec(void) { return domain_has_xen(current->domain, XEN__KEXEC); } -static int flask_schedop_shutdown(struct domain *d1, struct domain *d2) +static int cf_check flask_schedop_shutdown(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_DOMAIN, DOMAIN__SHUTDOWN); } -static void flask_security_domaininfo(struct domain *d, - struct xen_domctl_getdomaininfo *info) +static void cf_check flask_security_domaininfo( + struct domain *d, struct xen_domctl_getdomaininfo *info) { info->ssidref = domain_sid(d); } -static int flask_domain_create(struct domain *d, u32 ssidref) +static int cf_check flask_domain_create(struct domain *d, u32 ssidref) { int rc; struct domain_security_struct *dsec = d->ssid; @@ -532,12 +538,12 @@ static int flask_domain_create(struct domain *d, u32 ssidref) return rc; } -static int flask_getdomaininfo(struct domain *d) +static int cf_check flask_getdomaininfo(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETDOMAININFO); } -static int flask_domctl_scheduler_op(struct domain *d, int op) +static int cf_check flask_domctl_scheduler_op(struct domain *d, int op) { switch ( op ) { @@ -554,7 +560,7 @@ static int flask_domctl_scheduler_op(struct domain *d, int op) } } -static int flask_sysctl_scheduler_op(int op) +static int cf_check flask_sysctl_scheduler_op(int op) { switch ( op ) { @@ -569,7 +575,7 @@ static int flask_sysctl_scheduler_op(int op) } } -static int flask_set_target(struct domain *d, struct domain *t) +static int cf_check flask_set_target(struct domain *d, struct domain *t) { int rc; struct domain_security_struct *dsec, *tsec; @@ -593,7 +599,7 @@ static int flask_set_target(struct domain *d, struct domain *t) return rc; } -static int flask_domctl(struct domain *d, int cmd) +static int cf_check flask_domctl(struct domain *d, int cmd) { switch ( cmd ) { @@ -757,7 +763,7 @@ static int flask_domctl(struct domain *d, int cmd) } } -static int flask_sysctl(int cmd) +static int cf_check flask_sysctl(int cmd) { switch ( cmd ) { @@ -835,7 +841,7 @@ static int flask_sysctl(int cmd) } } -static int flask_readconsole(uint32_t clear) +static int cf_check flask_readconsole(uint32_t clear) { u32 perms = XEN__READCONSOLE; @@ -853,7 +859,7 @@ static inline u32 resource_to_perm(uint8_t access) return RESOURCE__REMOVE; } -static char *flask_show_irq_sid (int irq) +static char *cf_check flask_show_irq_sid(int irq) { u32 sid, ctx_len; char *ctx; @@ -867,7 +873,7 @@ static char *flask_show_irq_sid (int irq) return ctx; } -static int flask_map_domain_pirq (struct domain *d) +static int cf_check flask_map_domain_pirq(struct domain *d) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD); } @@ -907,7 +913,7 @@ static u32 flask_iommu_resource_use_perm(const struct domain *d) return perm; } -static int flask_map_domain_irq (struct domain *d, int irq, const void *data) +static int cf_check flask_map_domain_irq(struct domain *d, int irq, const void *data) { u32 sid, dsid; int rc = -EPERM; @@ -933,7 +939,7 @@ static int flask_map_domain_irq (struct domain *d, int irq, const void *data) return rc; } -static int flask_unmap_domain_pirq (struct domain *d) +static int cf_check flask_unmap_domain_pirq(struct domain *d) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } @@ -954,7 +960,8 @@ static int flask_unmap_domain_msi (struct domain *d, int irq, const void *data, #endif } -static int flask_unmap_domain_irq (struct domain *d, int irq, const void *data) +static int cf_check flask_unmap_domain_irq( + struct domain *d, int irq, const void *data) { u32 sid; int rc = -EPERM; @@ -972,7 +979,8 @@ static int flask_unmap_domain_irq (struct domain *d, int irq, const void *data) return rc; } -static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static int cf_check flask_bind_pt_irq( + struct domain *d, struct xen_domctl_bind_pt_irq *bind) { u32 dsid, rsid; int rc = -EPERM; @@ -998,12 +1006,14 @@ static int flask_bind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *b return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_unbind_pt_irq (struct domain *d, struct xen_domctl_bind_pt_irq *bind) +static int cf_check flask_unbind_pt_irq( + struct domain *d, struct xen_domctl_bind_pt_irq *bind) { return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE); } -static int flask_irq_permission (struct domain *d, int pirq, uint8_t access) +static int cf_check flask_irq_permission( + struct domain *d, int pirq, uint8_t access) { /* the PIRQ number is not useful; real IRQ is checked during mapping */ return current_has_perm(d, SECCLASS_RESOURCE, resource_to_perm(access)); @@ -1016,7 +1026,8 @@ struct iomem_has_perm_data { u32 use_perm; }; -static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long end) +static int cf_check _iomem_has_perm( + void *v, u32 sid, unsigned long start, unsigned long end) { struct iomem_has_perm_data *data = v; struct avc_audit_data ad; @@ -1034,7 +1045,8 @@ static int _iomem_has_perm(void *v, u32 sid, unsigned long start, unsigned long return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad); } -static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t end, uint8_t access) +static int cf_check flask_iomem_permission( + struct domain *d, uint64_t start, uint64_t end, uint8_t access) { struct iomem_has_perm_data data; int rc; @@ -1056,12 +1068,14 @@ static int flask_iomem_permission(struct domain *d, uint64_t start, uint64_t end return security_iterate_iomem_sids(start, end, _iomem_has_perm, &data); } -static int flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) +static int cf_check flask_iomem_mapping(struct domain *d, uint64_t start, uint64_t end, uint8_t access) { return flask_iomem_permission(d, start, end, access); } -static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, uint8_t access) +static int cf_check flask_pci_config_permission( + struct domain *d, uint32_t machine_bdf, uint16_t start, uint16_t end, + uint8_t access) { u32 dsid, rsid; int rc = -EPERM; @@ -1085,12 +1099,12 @@ static int flask_pci_config_permission(struct domain *d, uint32_t machine_bdf, u } -static int flask_resource_plug_core(void) +static int cf_check flask_resource_plug_core(void) { return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__PLUG, NULL); } -static int flask_resource_unplug_core(void) +static int cf_check flask_resource_unplug_core(void) { return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__UNPLUG, NULL); } @@ -1100,7 +1114,7 @@ static int flask_resource_use_core(void) return avc_current_has_perm(SECINITSID_DOMXEN, SECCLASS_RESOURCE, RESOURCE__USE, NULL); } -static int flask_resource_plug_pci(uint32_t machine_bdf) +static int cf_check flask_resource_plug_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1115,7 +1129,7 @@ static int flask_resource_plug_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__PLUG, &ad); } -static int flask_resource_unplug_pci(uint32_t machine_bdf) +static int cf_check flask_resource_unplug_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1130,7 +1144,7 @@ static int flask_resource_unplug_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__UNPLUG, &ad); } -static int flask_resource_setup_pci(uint32_t machine_bdf) +static int cf_check flask_resource_setup_pci(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1145,7 +1159,7 @@ static int flask_resource_setup_pci(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad); } -static int flask_resource_setup_gsi(int gsi) +static int cf_check flask_resource_setup_gsi(int gsi) { u32 rsid; int rc = -EPERM; @@ -1158,12 +1172,12 @@ static int flask_resource_setup_gsi(int gsi) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__SETUP, &ad); } -static int flask_resource_setup_misc(void) +static int cf_check flask_resource_setup_misc(void) { return avc_current_has_perm(SECINITSID_XEN, SECCLASS_RESOURCE, RESOURCE__SETUP, NULL); } -static inline int flask_page_offline(uint32_t cmd) +static inline int cf_check flask_page_offline(uint32_t cmd) { switch (cmd) { case sysctl_page_offline: @@ -1177,27 +1191,28 @@ static inline int flask_page_offline(uint32_t cmd) } } -static inline int flask_hypfs_op(void) +static inline int cf_check flask_hypfs_op(void) { return domain_has_xen(current->domain, XEN__HYPFS_OP); } -static int flask_add_to_physmap(struct domain *d1, struct domain *d2) +static int cf_check flask_add_to_physmap(struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP); } -static int flask_remove_from_physmap(struct domain *d1, struct domain *d2) +static int cf_check flask_remove_from_physmap( + struct domain *d1, struct domain *d2) { return domain_has_perm(d1, d2, SECCLASS_MMU, MMU__PHYSMAP); } -static int flask_map_gmfn_foreign(struct domain *d, struct domain *t) +static int cf_check flask_map_gmfn_foreign(struct domain *d, struct domain *t) { return domain_has_perm(d, t, SECCLASS_MMU, MMU__MAP_READ | MMU__MAP_WRITE); } -static int flask_hvm_param(struct domain *d, unsigned long op) +static int cf_check flask_hvm_param(struct domain *d, unsigned long op) { u32 perm; @@ -1216,12 +1231,12 @@ static int flask_hvm_param(struct domain *d, unsigned long op) return current_has_perm(d, SECCLASS_HVM, perm); } -static int flask_hvm_param_altp2mhvm(struct domain *d) +static int cf_check flask_hvm_param_altp2mhvm(struct domain *d) { return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM); } -static int flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) +static int cf_check flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) { /* * Require both mode and XSM to allow the operation. Assume XSM rules @@ -1245,34 +1260,34 @@ static int flask_hvm_altp2mhvm_op(struct domain *d, uint64_t mode, uint32_t op) return current_has_perm(d, SECCLASS_HVM, HVM__ALTP2MHVM_OP); } -static int flask_vm_event_control(struct domain *d, int mode, int op) +static int cf_check flask_vm_event_control(struct domain *d, int mode, int op) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__VM_EVENT); } #ifdef CONFIG_MEM_ACCESS -static int flask_mem_access(struct domain *d) +static int cf_check flask_mem_access(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_ACCESS); } #endif #ifdef CONFIG_MEM_PAGING -static int flask_mem_paging(struct domain *d) +static int cf_check flask_mem_paging(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_PAGING); } #endif #ifdef CONFIG_MEM_SHARING -static int flask_mem_sharing(struct domain *d) +static int cf_check flask_mem_sharing(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__MEM_SHARING); } #endif #if defined(CONFIG_HAS_PASSTHROUGH) && defined(CONFIG_HAS_PCI) -static int flask_get_device_group(uint32_t machine_bdf) +static int cf_check flask_get_device_group(uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1296,7 +1311,7 @@ static int flask_test_assign_device(uint32_t machine_bdf) return avc_current_has_perm(rsid, SECCLASS_RESOURCE, RESOURCE__STAT_DEVICE, NULL); } -static int flask_assign_device(struct domain *d, uint32_t machine_bdf) +static int cf_check flask_assign_device(struct domain *d, uint32_t machine_bdf) { u32 dsid, rsid; int rc = -EPERM; @@ -1326,7 +1341,8 @@ static int flask_assign_device(struct domain *d, uint32_t machine_bdf) return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_deassign_device(struct domain *d, uint32_t machine_bdf) +static int cf_check flask_deassign_device( + struct domain *d, uint32_t machine_bdf) { u32 rsid; int rc = -EPERM; @@ -1357,7 +1373,7 @@ static int flask_test_assign_dtdevice(const char *dtpath) NULL); } -static int flask_assign_dtdevice(struct domain *d, const char *dtpath) +static int cf_check flask_assign_dtdevice(struct domain *d, const char *dtpath) { u32 dsid, rsid; int rc = -EPERM; @@ -1387,7 +1403,8 @@ static int flask_assign_dtdevice(struct domain *d, const char *dtpath) return avc_has_perm(dsid, rsid, SECCLASS_RESOURCE, dperm, &ad); } -static int flask_deassign_dtdevice(struct domain *d, const char *dtpath) +static int cf_check flask_deassign_dtdevice( + struct domain *d, const char *dtpath) { u32 rsid; int rc = -EPERM; @@ -1405,7 +1422,7 @@ static int flask_deassign_dtdevice(struct domain *d, const char *dtpath) } #endif /* HAS_PASSTHROUGH && HAS_DEVICE_TREE */ -static int flask_platform_op(uint32_t op) +static int cf_check flask_platform_op(uint32_t op) { switch ( op ) { @@ -1474,12 +1491,12 @@ static int flask_platform_op(uint32_t op) } #ifdef CONFIG_X86 -static int flask_do_mca(void) +static int cf_check flask_do_mca(void) { return domain_has_xen(current->domain, XEN__MCA_OP); } -static int flask_shadow_control(struct domain *d, uint32_t op) +static int cf_check flask_shadow_control(struct domain *d, uint32_t op) { u32 perm; @@ -1513,7 +1530,8 @@ struct ioport_has_perm_data { u32 use_perm; }; -static int _ioport_has_perm(void *v, u32 sid, unsigned long start, unsigned long end) +static int cf_check _ioport_has_perm( + void *v, u32 sid, unsigned long start, unsigned long end) { struct ioport_has_perm_data *data = v; struct avc_audit_data ad; @@ -1531,7 +1549,8 @@ static int _ioport_has_perm(void *v, u32 sid, unsigned long start, unsigned long return avc_has_perm(data->dsid, sid, SECCLASS_RESOURCE, data->use_perm, &ad); } -static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t end, uint8_t access) +static int cf_check flask_ioport_permission( + struct domain *d, uint32_t start, uint32_t end, uint8_t access) { int rc; struct ioport_has_perm_data data; @@ -1554,12 +1573,14 @@ static int flask_ioport_permission(struct domain *d, uint32_t start, uint32_t en return security_iterate_ioport_sids(start, end, _ioport_has_perm, &data); } -static int flask_ioport_mapping(struct domain *d, uint32_t start, uint32_t end, uint8_t access) +static int cf_check flask_ioport_mapping( + struct domain *d, uint32_t start, uint32_t end, uint8_t access) { return flask_ioport_permission(d, start, end, access); } -static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op) +static int cf_check flask_mem_sharing_op( + struct domain *d, struct domain *cd, int op) { int rc = current_has_perm(cd, SECCLASS_HVM, HVM__MEM_SHARING); if ( rc ) @@ -1567,7 +1588,7 @@ static int flask_mem_sharing_op(struct domain *d, struct domain *cd, int op) return domain_has_perm(d, cd, SECCLASS_HVM, HVM__SHARE_MEM); } -static int flask_apic(struct domain *d, int cmd) +static int cf_check flask_apic(struct domain *d, int cmd) { u32 perm; @@ -1587,18 +1608,18 @@ static int flask_apic(struct domain *d, int cmd) return domain_has_xen(d, perm); } -static int flask_machine_memory_map(void) +static int cf_check flask_machine_memory_map(void) { return avc_current_has_perm(SECINITSID_XEN, SECCLASS_MMU, MMU__MEMORYMAP, NULL); } -static int flask_domain_memory_map(struct domain *d) +static int cf_check flask_domain_memory_map(struct domain *d) { return current_has_perm(d, SECCLASS_MMU, MMU__MEMORYMAP); } -static int flask_mmu_update(struct domain *d, struct domain *t, - struct domain *f, uint32_t flags) +static int cf_check flask_mmu_update( + struct domain *d, struct domain *t, struct domain *f, uint32_t flags) { int rc = 0; u32 map_perms = 0; @@ -1620,13 +1641,13 @@ static int flask_mmu_update(struct domain *d, struct domain *t, return rc; } -static int flask_mmuext_op(struct domain *d, struct domain *f) +static int cf_check flask_mmuext_op(struct domain *d, struct domain *f) { return domain_has_perm(d, f, SECCLASS_MMU, MMU__MMUEXT_OP); } -static int flask_update_va_mapping(struct domain *d, struct domain *f, - l1_pgentry_t pte) +static int cf_check flask_update_va_mapping( + struct domain *d, struct domain *f, l1_pgentry_t pte) { u32 map_perms = MMU__MAP_READ; if ( !(l1e_get_flags(pte) & _PAGE_PRESENT) ) @@ -1637,12 +1658,12 @@ static int flask_update_va_mapping(struct domain *d, struct domain *f, return domain_has_perm(d, f, SECCLASS_MMU, map_perms); } -static int flask_priv_mapping(struct domain *d, struct domain *t) +static int cf_check flask_priv_mapping(struct domain *d, struct domain *t) { return domain_has_perm(d, t, SECCLASS_MMU, MMU__TARGET_HACK); } -static int flask_pmu_op (struct domain *d, unsigned int op) +static int cf_check flask_pmu_op(struct domain *d, unsigned int op) { u32 dsid = domain_sid(d); @@ -1666,12 +1687,12 @@ static int flask_pmu_op (struct domain *d, unsigned int op) } #endif /* CONFIG_X86 */ -static int flask_dm_op(struct domain *d) +static int cf_check flask_dm_op(struct domain *d) { return current_has_perm(d, SECCLASS_HVM, HVM__DM); } -static int flask_xen_version (uint32_t op) +static int cf_check flask_xen_version(uint32_t op) { u32 dsid = domain_sid(current->domain); @@ -1711,32 +1732,33 @@ static int flask_xen_version (uint32_t op) } } -static int flask_domain_resource_map(struct domain *d) +static int cf_check flask_domain_resource_map(struct domain *d) { return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__RESOURCE_MAP); } #ifdef CONFIG_ARGO -static int flask_argo_enable(const struct domain *d) +static int cf_check flask_argo_enable(const struct domain *d) { return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, ARGO__ENABLE, NULL); } -static int flask_argo_register_single_source(const struct domain *d, - const struct domain *t) +static int cf_check flask_argo_register_single_source( + const struct domain *d, const struct domain *t) { return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__REGISTER_SINGLE_SOURCE); } -static int flask_argo_register_any_source(const struct domain *d) +static int cf_check flask_argo_register_any_source(const struct domain *d) { return avc_has_perm(domain_sid(d), SECINITSID_XEN, SECCLASS_ARGO, ARGO__REGISTER_ANY_SOURCE, NULL); } -static int flask_argo_send(const struct domain *d, const struct domain *t) +static int cf_check flask_argo_send( + const struct domain *d, const struct domain *t) { return domain_has_perm(d, t, SECCLASS_ARGO, ARGO__SEND); } diff --git a/xen/xsm/flask/private.h b/xen/xsm/flask/private.h index 73b0de8724..429f213cce 100644 --- a/xen/xsm/flask/private.h +++ b/xen/xsm/flask/private.h @@ -3,7 +3,7 @@ #include -long do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); -int compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +long cf_check do_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); +int cf_check compat_flask_op(XEN_GUEST_HANDLE_PARAM(void) u_flask_op); #endif /* XSM_FLASK_PRIVATE */ diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 3550dded7b..4d5fc98e7e 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -33,8 +33,8 @@ static bool silo_mode_dom_check(const struct domain *ldom, is_control_domain(rdom) || ldom == rdom); } -static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn, - domid_t id2) +static int cf_check silo_evtchn_unbound( + struct domain *d1, struct evtchn *chn, domid_t id2) { int rc = -EPERM; struct domain *d2 = rcu_lock_domain_by_any_id(id2); @@ -51,30 +51,31 @@ static int silo_evtchn_unbound(struct domain *d1, struct evtchn *chn, return rc; } -static int silo_evtchn_interdomain(struct domain *d1, struct evtchn *chan1, - struct domain *d2, struct evtchn *chan2) +static int cf_check silo_evtchn_interdomain( + struct domain *d1, struct evtchn *chan1, + struct domain *d2, struct evtchn *chan2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_evtchn_interdomain(d1, chan1, d2, chan2); return -EPERM; } -static int silo_grant_mapref(struct domain *d1, struct domain *d2, - uint32_t flags) +static int cf_check silo_grant_mapref( + struct domain *d1, struct domain *d2, uint32_t flags) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_mapref(d1, d2, flags); return -EPERM; } -static int silo_grant_transfer(struct domain *d1, struct domain *d2) +static int cf_check silo_grant_transfer(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_transfer(d1, d2); return -EPERM; } -static int silo_grant_copy(struct domain *d1, struct domain *d2) +static int cf_check silo_grant_copy(struct domain *d1, struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_grant_copy(d1, d2); @@ -83,15 +84,16 @@ static int silo_grant_copy(struct domain *d1, struct domain *d2) #ifdef CONFIG_ARGO -static int silo_argo_register_single_source(const struct domain *d1, - const struct domain *d2) +static int cf_check silo_argo_register_single_source( + const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_argo_register_single_source(d1, d2); return -EPERM; } -static int silo_argo_send(const struct domain *d1, const struct domain *d2) +static int cf_check silo_argo_send( + const struct domain *d1, const struct domain *d2) { if ( silo_mode_dom_check(d1, d2) ) return xsm_argo_send(d1, d2); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277975.474887 (Exim 4.92) (envelope-from ) id 1nN9mD-0003Ce-P2; Thu, 24 Feb 2022 08:47:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277975.474887; Thu, 24 Feb 2022 08:47:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mD-0003CW-LZ; Thu, 24 Feb 2022 08:47:05 +0000 Received: by outflank-mailman (input) for mailman id 277975; Thu, 24 Feb 2022 08:47:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mC-0003CL-R4 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mC-0000zQ-QJ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9mC-0005NZ-PV for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f8gS9D+lX7an3YPLVgzySiSE8y56BsFL4qRz0mngSL0=; b=5TNyl1dYayghaCB50z3+Ebodl/ eFT/gUZpr2fvDdr6f5iweQu58LtN4uZjk+XsdYGG/qdc7OgJ7pcrHorAR386wiPS/2QhSPCOP/gXT Y5iYKXfRNqnyiALx4etVyUvYmPjNxu7rgrgvUQgVHDcGjQwKSDgnpw1zeo8hjtML6fhc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/sched: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:04 +0000 commit 15268d2ea32a194c30c79e67ba0ddc8dfb0e29fb Author: Andrew Cooper AuthorDate: Thu Oct 28 10:56:53 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/sched: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Dario Faggioli --- xen/common/sched/arinc653.c | 20 +++++++-------- xen/common/sched/core.c | 8 +++--- xen/common/sched/credit.c | 49 ++++++++++++++++++------------------ xen/common/sched/credit2.c | 51 +++++++++++++++++++------------------- xen/common/sched/null.c | 60 +++++++++++++++++++++++---------------------- xen/common/sched/rt.c | 42 +++++++++++++++---------------- 6 files changed, 115 insertions(+), 115 deletions(-) diff --git a/xen/common/sched/arinc653.c b/xen/common/sched/arinc653.c index 5421918221..a82c0d7314 100644 --- a/xen/common/sched/arinc653.c +++ b/xen/common/sched/arinc653.c @@ -343,7 +343,7 @@ arinc653_sched_get( *
  • !0 = error * */ -static int +static int cf_check a653sched_init(struct scheduler *ops) { a653sched_priv_t *prv; @@ -366,7 +366,7 @@ a653sched_init(struct scheduler *ops) * * @param ops Pointer to this instance of the scheduler structure */ -static void +static void cf_check a653sched_deinit(struct scheduler *ops) { xfree(SCHED_PRIV(ops)); @@ -381,7 +381,7 @@ a653sched_deinit(struct scheduler *ops) * * @return Pointer to the allocated data */ -static void * +static void *cf_check a653sched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -442,7 +442,7 @@ a653sched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, * * @param ops Pointer to this instance of the scheduler structure */ -static void +static void cf_check a653sched_free_udata(const struct scheduler *ops, void *priv) { a653sched_priv_t *sched_priv = SCHED_PRIV(ops); @@ -469,7 +469,7 @@ a653sched_free_udata(const struct scheduler *ops, void *priv) * @param ops Pointer to this instance of the scheduler structure * @param unit Pointer to struct sched_unit */ -static void +static void cf_check a653sched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { if ( AUNIT(unit) != NULL ) @@ -489,7 +489,7 @@ a653sched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) * @param ops Pointer to this instance of the scheduler structure * @param unit Pointer to struct sched_unit */ -static void +static void cf_check a653sched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { if ( AUNIT(unit) != NULL ) @@ -505,7 +505,7 @@ a653sched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) * @param ops Pointer to this instance of the scheduler structure * @param now Current time */ -static void +static void cf_check a653sched_do_schedule( const struct scheduler *ops, struct sched_unit *prev, @@ -604,7 +604,7 @@ a653sched_do_schedule( * * @return Scheduler resource to run on */ -static struct sched_resource * +static struct sched_resource *cf_check a653sched_pick_resource(const struct scheduler *ops, const struct sched_unit *unit) { @@ -634,7 +634,7 @@ a653sched_pick_resource(const struct scheduler *ops, * @param pdata scheduler specific PCPU data (we don't have any) * @param vdata scheduler specific UNIT data of the idle unit */ -static spinlock_t * +static spinlock_t *cf_check a653_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -656,7 +656,7 @@ a653_switch_sched(struct scheduler *new_ops, unsigned int cpu, * @param ops Pointer to this instance of the scheduler structure * @param sc Pointer to the scheduler operation specified by Domain 0 */ -static int +static int cf_check a653sched_adjust_global(const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 4e60500c7c..19ab678181 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -98,13 +98,13 @@ static bool scheduler_active; static void sched_set_affinity( struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft); -static struct sched_resource * +static struct sched_resource *cf_check sched_idle_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { return unit->res; } -static void * +static void *cf_check sched_idle_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -112,12 +112,12 @@ sched_idle_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return ZERO_BLOCK_PTR; } -static void +static void cf_check sched_idle_free_udata(const struct scheduler *ops, void *priv) { } -static void sched_idle_schedule( +static void cf_check sched_idle_schedule( const struct scheduler *ops, struct sched_unit *unit, s_time_t now, bool tasklet_work_scheduled) { diff --git a/xen/common/sched/credit.c b/xen/common/sched/credit.c index 5635271f6f..4d3bd8cba6 100644 --- a/xen/common/sched/credit.c +++ b/xen/common/sched/credit.c @@ -507,7 +507,7 @@ static inline void __runq_tickle(const struct csched_unit *new) SCHED_STAT_CRANK(tickled_no_cpu); } -static void +static void cf_check csched_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) { const struct csched_private *prv = CSCHED_PRIV(ops); @@ -524,7 +524,7 @@ csched_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) xfree(pcpu); } -static void +static void cf_check csched_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { struct csched_private *prv = CSCHED_PRIV(ops); @@ -566,7 +566,7 @@ csched_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check csched_alloc_pdata(const struct scheduler *ops, int cpu) { struct csched_pcpu *spc; @@ -615,7 +615,7 @@ init_pdata(struct csched_private *prv, struct csched_pcpu *spc, int cpu) } /* Change the scheduler of cpu to us (Credit). */ -static spinlock_t * +static spinlock_t *cf_check csched_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -848,7 +848,7 @@ _csched_cpu_pick(const struct scheduler *ops, const struct sched_unit *unit, return cpu; } -static struct sched_resource * +static struct sched_resource *cf_check csched_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct csched_unit *svc = CSCHED_UNIT(unit); @@ -985,9 +985,8 @@ csched_unit_acct(struct csched_private *prv, unsigned int cpu) } } -static void * -csched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, - void *dd) +static void *cf_check csched_alloc_udata( + const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct csched_unit *svc; @@ -1007,7 +1006,7 @@ csched_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return svc; } -static void +static void cf_check csched_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit *svc = unit->priv; @@ -1032,7 +1031,7 @@ csched_unit_insert(const struct scheduler *ops, struct sched_unit *unit) SCHED_STAT_CRANK(unit_insert); } -static void +static void cf_check csched_free_udata(const struct scheduler *ops, void *priv) { struct csched_unit *svc = priv; @@ -1042,7 +1041,7 @@ csched_free_udata(const struct scheduler *ops, void *priv) xfree(svc); } -static void +static void cf_check csched_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct csched_private *prv = CSCHED_PRIV(ops); @@ -1069,7 +1068,7 @@ csched_unit_remove(const struct scheduler *ops, struct sched_unit *unit) BUG_ON( sdom == NULL ); } -static void +static void cf_check csched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1094,7 +1093,7 @@ csched_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) runq_remove(svc); } -static void +static void cf_check csched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1156,7 +1155,7 @@ csched_unit_wake(const struct scheduler *ops, struct sched_unit *unit) __runq_tickle(svc); } -static void +static void cf_check csched_unit_yield(const struct scheduler *ops, struct sched_unit *unit) { struct csched_unit * const svc = CSCHED_UNIT(unit); @@ -1165,7 +1164,7 @@ csched_unit_yield(const struct scheduler *ops, struct sched_unit *unit) set_bit(CSCHED_FLAG_UNIT_YIELD, &svc->flags); } -static int +static int cf_check csched_dom_cntl( const struct scheduler *ops, struct domain *d, @@ -1210,7 +1209,7 @@ csched_dom_cntl( return rc; } -static void +static void cf_check csched_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft) { @@ -1238,7 +1237,7 @@ __csched_set_tslice(struct csched_private *prv, unsigned int timeslice_ms) prv->credit = prv->credits_per_tslice * prv->ncpus; } -static int +static int cf_check csched_sys_cntl(const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { @@ -1281,7 +1280,7 @@ csched_sys_cntl(const struct scheduler *ops, return rc; } -static void * +static void *cf_check csched_alloc_domdata(const struct scheduler *ops, struct domain *dom) { struct csched_dom *sdom; @@ -1299,7 +1298,7 @@ csched_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check csched_free_domdata(const struct scheduler *ops, void *data) { xfree(data); @@ -1809,7 +1808,7 @@ csched_load_balance(struct csched_private *prv, int cpu, * This function is in the critical path. It is designed to be simple and * fast for the common case. */ -static void csched_schedule( +static void cf_check csched_schedule( const struct scheduler *ops, struct sched_unit *unit, s_time_t now, bool tasklet_work_scheduled) { @@ -2026,7 +2025,7 @@ csched_dump_unit(const struct csched_unit *svc) printk("\n"); } -static void +static void cf_check csched_dump_pcpu(const struct scheduler *ops, int cpu) { const struct list_head *runq; @@ -2079,7 +2078,7 @@ csched_dump_pcpu(const struct scheduler *ops, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void +static void cf_check csched_dump(const struct scheduler *ops) { struct list_head *iter_sdom, *iter_svc; @@ -2143,7 +2142,7 @@ csched_dump(const struct scheduler *ops) spin_unlock_irqrestore(&prv->lock, flags); } -static int __init +static int __init cf_check csched_global_init(void) { if ( sched_credit_tslice_ms > XEN_SYSCTL_CSCHED_TSLICE_MAX || @@ -2173,7 +2172,7 @@ csched_global_init(void) return 0; } -static int +static int cf_check csched_init(struct scheduler *ops) { struct csched_private *prv; @@ -2215,7 +2214,7 @@ csched_init(struct scheduler *ops) return 0; } -static void +static void cf_check csched_deinit(struct scheduler *ops) { struct csched_private *prv; diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index d96e2749dd..0e3f89e537 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -2164,7 +2164,7 @@ csched2_unit_check(const struct sched_unit *unit) #define CSCHED2_UNIT_CHECK(unit) #endif -static void * +static void *cf_check csched2_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { @@ -2208,7 +2208,7 @@ csched2_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, return svc; } -static void +static void cf_check csched2_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2230,7 +2230,7 @@ csched2_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) __clear_bit(__CSFLAG_delayed_runq_add, &svc->flags); } -static void +static void cf_check csched2_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2285,7 +2285,7 @@ out: return; } -static void +static void cf_check csched2_unit_yield(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2293,7 +2293,7 @@ csched2_unit_yield(const struct scheduler *ops, struct sched_unit *unit) __set_bit(__CSFLAG_unit_yield, &svc->flags); } -static void +static void cf_check csched2_context_saved(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2335,7 +2335,7 @@ csched2_context_saved(const struct scheduler *ops, struct sched_unit *unit) } #define MAX_LOAD (STIME_MAX) -static struct sched_resource * +static struct sched_resource *cf_check csched2_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct csched2_private *prv = csched2_priv(ops); @@ -2867,8 +2867,7 @@ retry: return; } -static void -csched2_unit_migrate( +static void cf_check csched2_unit_migrate( const struct scheduler *ops, struct sched_unit *unit, unsigned int new_cpu) { struct csched2_unit * const svc = csched2_unit(unit); @@ -2894,7 +2893,7 @@ csched2_unit_migrate( sched_set_res(unit, get_sched_res(new_cpu)); } -static int +static int cf_check csched2_dom_cntl( const struct scheduler *ops, struct domain *d, @@ -3100,7 +3099,7 @@ csched2_dom_cntl( return rc; } -static void +static void cf_check csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, const cpumask_t *hard, const cpumask_t *soft) { @@ -3116,8 +3115,8 @@ csched2_aff_cntl(const struct scheduler *ops, struct sched_unit *unit, __clear_bit(__CSFLAG_pinned, &svc->flags); } -static int csched2_sys_cntl(const struct scheduler *ops, - struct xen_sysctl_scheduler_op *sc) +static int cf_check csched2_sys_cntl( + const struct scheduler *ops, struct xen_sysctl_scheduler_op *sc) { struct xen_sysctl_credit2_schedule *params = &sc->u.sched_credit2; struct csched2_private *prv = csched2_priv(ops); @@ -3148,7 +3147,7 @@ static int csched2_sys_cntl(const struct scheduler *ops, return 0; } -static void * +static void *cf_check csched2_alloc_domdata(const struct scheduler *ops, struct domain *dom) { struct csched2_private *prv = csched2_priv(ops); @@ -3180,7 +3179,7 @@ csched2_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check csched2_free_domdata(const struct scheduler *ops, void *data) { struct csched2_dom *sdom = data; @@ -3200,7 +3199,7 @@ csched2_free_domdata(const struct scheduler *ops, void *data) } } -static void +static void cf_check csched2_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { const struct csched2_unit *svc = unit->priv; @@ -3231,7 +3230,7 @@ csched2_unit_insert(const struct scheduler *ops, struct sched_unit *unit) CSCHED2_UNIT_CHECK(unit); } -static void +static void cf_check csched2_free_udata(const struct scheduler *ops, void *priv) { struct csched2_unit *svc = priv; @@ -3239,7 +3238,7 @@ csched2_free_udata(const struct scheduler *ops, void *priv) xfree(svc); } -static void +static void cf_check csched2_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct csched2_unit * const svc = csched2_unit(unit); @@ -3558,7 +3557,7 @@ runq_candidate(struct csched2_runqueue_data *rqd, * This function is in the critical path. It is designed to be simple and * fast for the common case. */ -static void csched2_schedule( +static void cf_check csched2_schedule( const struct scheduler *ops, struct sched_unit *currunit, s_time_t now, bool tasklet_work_scheduled) { @@ -3790,7 +3789,7 @@ dump_pcpu(const struct scheduler *ops, int cpu) } } -static void +static void cf_check csched2_dump(const struct scheduler *ops) { struct list_head *iter_sdom; @@ -3898,7 +3897,7 @@ csched2_dump(const struct scheduler *ops) read_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check csched2_alloc_pdata(const struct scheduler *ops, int cpu) { struct csched2_pcpu *spc; @@ -3988,7 +3987,7 @@ init_pdata(struct csched2_private *prv, struct csched2_pcpu *spc, } /* Change the scheduler of cpu to us (Credit2). */ -static spinlock_t * +static spinlock_t *cf_check csched2_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -4026,7 +4025,7 @@ csched2_switch_sched(struct scheduler *new_ops, unsigned int cpu, return &rqd->lock; } -static void +static void cf_check csched2_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { unsigned long flags; @@ -4086,7 +4085,7 @@ csched2_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) return; } -static void +static void cf_check csched2_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) { struct csched2_private *prv = csched2_priv(ops); @@ -4115,7 +4114,7 @@ csched2_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) xfree(pcpu); } -static int __init +static int __init cf_check csched2_global_init(void) { if ( opt_load_precision_shift < LOADAVG_PRECISION_SHIFT_MIN ) @@ -4142,7 +4141,7 @@ csched2_global_init(void) return 0; } -static int +static int cf_check csched2_init(struct scheduler *ops) { struct csched2_private *prv; @@ -4190,7 +4189,7 @@ csched2_init(struct scheduler *ops) return 0; } -static void +static void cf_check csched2_deinit(struct scheduler *ops) { struct csched2_private *prv; diff --git a/xen/common/sched/null.c b/xen/common/sched/null.c index 82d5d1baab..65a0a6c531 100644 --- a/xen/common/sched/null.c +++ b/xen/common/sched/null.c @@ -130,7 +130,7 @@ static inline bool unit_check_affinity(struct sched_unit *unit, return cpumask_test_cpu(cpu, cpumask_scratch_cpu(cpu)); } -static int null_init(struct scheduler *ops) +static int cf_check null_init(struct scheduler *ops) { struct null_private *prv; @@ -152,7 +152,7 @@ static int null_init(struct scheduler *ops) return 0; } -static void null_deinit(struct scheduler *ops) +static void cf_check null_deinit(struct scheduler *ops) { xfree(ops->sched_data); ops->sched_data = NULL; @@ -166,7 +166,8 @@ static void init_pdata(struct null_private *prv, struct null_pcpu *npc, npc->unit = NULL; } -static void null_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) +static void cf_check null_deinit_pdata( + const struct scheduler *ops, void *pcpu, int cpu) { struct null_private *prv = null_priv(ops); struct null_pcpu *npc = pcpu; @@ -177,7 +178,7 @@ static void null_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) npc->unit = NULL; } -static void *null_alloc_pdata(const struct scheduler *ops, int cpu) +static void *cf_check null_alloc_pdata(const struct scheduler *ops, int cpu) { struct null_pcpu *npc; @@ -188,13 +189,14 @@ static void *null_alloc_pdata(const struct scheduler *ops, int cpu) return npc; } -static void null_free_pdata(const struct scheduler *ops, void *pcpu, int cpu) +static void cf_check null_free_pdata( + const struct scheduler *ops, void *pcpu, int cpu) { xfree(pcpu); } -static void *null_alloc_udata(const struct scheduler *ops, - struct sched_unit *unit, void *dd) +static void *cf_check null_alloc_udata( + const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct null_unit *nvc; @@ -210,15 +212,15 @@ static void *null_alloc_udata(const struct scheduler *ops, return nvc; } -static void null_free_udata(const struct scheduler *ops, void *priv) +static void cf_check null_free_udata(const struct scheduler *ops, void *priv) { struct null_unit *nvc = priv; xfree(nvc); } -static void * null_alloc_domdata(const struct scheduler *ops, - struct domain *d) +static void *cf_check null_alloc_domdata( + const struct scheduler *ops, struct domain *d) { struct null_private *prv = null_priv(ops); struct null_dom *ndom; @@ -237,7 +239,7 @@ static void * null_alloc_domdata(const struct scheduler *ops, return ndom; } -static void null_free_domdata(const struct scheduler *ops, void *data) +static void cf_check null_free_domdata(const struct scheduler *ops, void *data) { struct null_dom *ndom = data; struct null_private *prv = null_priv(ops); @@ -426,9 +428,8 @@ static bool unit_deassign(struct null_private *prv, const struct sched_unit *uni } /* Change the scheduler of cpu to us (null). */ -static spinlock_t *null_switch_sched(struct scheduler *new_ops, - unsigned int cpu, - void *pdata, void *vdata) +static spinlock_t *cf_check null_switch_sched( + struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { struct sched_resource *sr = get_sched_res(cpu); struct null_private *prv = null_priv(new_ops); @@ -450,8 +451,8 @@ static spinlock_t *null_switch_sched(struct scheduler *new_ops, return &sr->_lock; } -static void null_unit_insert(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_insert( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -516,8 +517,8 @@ static void null_unit_insert(const struct scheduler *ops, SCHED_STAT_CRANK(unit_insert); } -static void null_unit_remove(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_remove( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -556,8 +557,8 @@ static void null_unit_remove(const struct scheduler *ops, SCHED_STAT_CRANK(unit_remove); } -static void null_unit_wake(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_wake( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -632,8 +633,8 @@ static void null_unit_wake(const struct scheduler *ops, cpumask_raise_softirq(cpumask_scratch_cpu(cpu), SCHEDULE_SOFTIRQ); } -static void null_unit_sleep(const struct scheduler *ops, - struct sched_unit *unit) +static void cf_check null_unit_sleep( + const struct scheduler *ops, struct sched_unit *unit) { struct null_private *prv = null_priv(ops); unsigned int cpu = sched_unit_master(unit); @@ -667,15 +668,15 @@ static void null_unit_sleep(const struct scheduler *ops, SCHED_STAT_CRANK(unit_sleep); } -static struct sched_resource * +static struct sched_resource *cf_check null_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { ASSERT(!is_idle_unit(unit)); return pick_res(null_priv(ops), unit); } -static void null_unit_migrate(const struct scheduler *ops, - struct sched_unit *unit, unsigned int new_cpu) +static void cf_check null_unit_migrate( + const struct scheduler *ops, struct sched_unit *unit, unsigned int new_cpu) { struct null_private *prv = null_priv(ops); struct null_unit *nvc = null_unit(unit); @@ -801,8 +802,9 @@ static inline void null_unit_check(struct sched_unit *unit) * - the unit assigned to the pCPU, if there's one and it can run; * - the idle unit, otherwise. */ -static void null_schedule(const struct scheduler *ops, struct sched_unit *prev, - s_time_t now, bool tasklet_work_scheduled) +static void cf_check null_schedule( + const struct scheduler *ops, struct sched_unit *prev, s_time_t now, + bool tasklet_work_scheduled) { unsigned int bs; const unsigned int cur_cpu = smp_processor_id(); @@ -939,7 +941,7 @@ static inline void dump_unit(const struct null_private *prv, sched_unit_master(nvc->unit) : -1); } -static void null_dump_pcpu(const struct scheduler *ops, int cpu) +static void cf_check null_dump_pcpu(const struct scheduler *ops, int cpu) { struct null_private *prv = null_priv(ops); const struct null_pcpu *npc = get_sched_res(cpu)->sched_priv; @@ -968,7 +970,7 @@ static void null_dump_pcpu(const struct scheduler *ops, int cpu) pcpu_schedule_unlock_irqrestore(lock, flags, cpu); } -static void null_dump(const struct scheduler *ops) +static void cf_check null_dump(const struct scheduler *ops) { struct null_private *prv = null_priv(ops); struct list_head *iter; diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c index 5ea6f01f26..d6de25531b 100644 --- a/xen/common/sched/rt.c +++ b/xen/common/sched/rt.c @@ -269,13 +269,13 @@ unit_on_q(const struct rt_unit *svc) return !list_empty(&svc->q_elem); } -static struct rt_unit * +static struct rt_unit *cf_check q_elem(struct list_head *elem) { return list_entry(elem, struct rt_unit, q_elem); } -static struct rt_unit * +static struct rt_unit *cf_check replq_elem(struct list_head *elem) { return list_entry(elem, struct rt_unit, replq_elem); @@ -348,7 +348,7 @@ rt_dump_unit(const struct scheduler *ops, const struct rt_unit *svc) svc->flags, CPUMASK_PR(mask)); } -static void +static void cf_check rt_dump_pcpu(const struct scheduler *ops, int cpu) { struct rt_private *prv = rt_priv(ops); @@ -366,7 +366,7 @@ rt_dump_pcpu(const struct scheduler *ops, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void +static void cf_check rt_dump(const struct scheduler *ops) { struct list_head *runq, *depletedq, *replq, *iter; @@ -636,7 +636,7 @@ replq_reinsert(const struct scheduler *ops, struct rt_unit *svc) * Valid resource of an unit is intesection of unit's affinity * and available resources */ -static struct sched_resource * +static struct sched_resource *cf_check rt_res_pick_locked(const struct sched_unit *unit, unsigned int locked_cpu) { cpumask_t *cpus = cpumask_scratch_cpu(locked_cpu); @@ -659,7 +659,7 @@ rt_res_pick_locked(const struct sched_unit *unit, unsigned int locked_cpu) * Valid resource of an unit is intesection of unit's affinity * and available resources */ -static struct sched_resource * +static struct sched_resource *cf_check rt_res_pick(const struct scheduler *ops, const struct sched_unit *unit) { struct sched_resource *res; @@ -672,7 +672,7 @@ rt_res_pick(const struct scheduler *ops, const struct sched_unit *unit) /* * Init/Free related code */ -static int +static int cf_check rt_init(struct scheduler *ops) { int rc = -ENOMEM; @@ -701,7 +701,7 @@ rt_init(struct scheduler *ops) return rc; } -static void +static void cf_check rt_deinit(struct scheduler *ops) { struct rt_private *prv = rt_priv(ops); @@ -714,7 +714,7 @@ rt_deinit(struct scheduler *ops) } /* Change the scheduler of cpu to us (RTDS). */ -static spinlock_t * +static spinlock_t *cf_check rt_switch_sched(struct scheduler *new_ops, unsigned int cpu, void *pdata, void *vdata) { @@ -750,7 +750,7 @@ rt_switch_sched(struct scheduler *new_ops, unsigned int cpu, return &prv->lock; } -static void +static void cf_check rt_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) { unsigned long flags; @@ -782,7 +782,7 @@ rt_deinit_pdata(const struct scheduler *ops, void *pcpu, int cpu) spin_unlock_irqrestore(&prv->lock, flags); } -static void * +static void *cf_check rt_alloc_domdata(const struct scheduler *ops, struct domain *dom) { unsigned long flags; @@ -804,7 +804,7 @@ rt_alloc_domdata(const struct scheduler *ops, struct domain *dom) return sdom; } -static void +static void cf_check rt_free_domdata(const struct scheduler *ops, void *data) { struct rt_dom *sdom = data; @@ -822,7 +822,7 @@ rt_free_domdata(const struct scheduler *ops, void *data) } } -static void * +static void * cf_check rt_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) { struct rt_unit *svc; @@ -850,7 +850,7 @@ rt_alloc_udata(const struct scheduler *ops, struct sched_unit *unit, void *dd) return svc; } -static void +static void cf_check rt_free_udata(const struct scheduler *ops, void *priv) { struct rt_unit *svc = priv; @@ -865,7 +865,7 @@ rt_free_udata(const struct scheduler *ops, void *priv) * It inserts units of moving domain to the scheduler's RunQ in * dest. cpupool. */ -static void +static void cf_check rt_unit_insert(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit *svc = rt_unit(unit); @@ -901,7 +901,7 @@ rt_unit_insert(const struct scheduler *ops, struct sched_unit *unit) /* * Remove rt_unit svc from the old scheduler in source cpupool. */ -static void +static void cf_check rt_unit_remove(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1042,7 +1042,7 @@ runq_pick(const struct scheduler *ops, const cpumask_t *mask, unsigned int cpu) * schedule function for rt scheduler. * The lock is already grabbed in schedule.c, no need to lock here */ -static void +static void cf_check rt_schedule(const struct scheduler *ops, struct sched_unit *currunit, s_time_t now, bool tasklet_work_scheduled) { @@ -1129,7 +1129,7 @@ rt_schedule(const struct scheduler *ops, struct sched_unit *currunit, * Remove UNIT from RunQ * The lock is already grabbed in schedule.c, no need to lock here */ -static void +static void cf_check rt_unit_sleep(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1244,7 +1244,7 @@ runq_tickle(const struct scheduler *ops, const struct rt_unit *new) * The lock is already grabbed in schedule.c, no need to lock here * TODO: what if these two units belongs to the same domain? */ -static void +static void cf_check rt_unit_wake(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit * const svc = rt_unit(unit); @@ -1314,7 +1314,7 @@ rt_unit_wake(const struct scheduler *ops, struct sched_unit *unit) * scurr has finished context switch, insert it back to the RunQ, * and then pick the highest priority unit from runq to run */ -static void +static void cf_check rt_context_saved(const struct scheduler *ops, struct sched_unit *unit) { struct rt_unit *svc = rt_unit(unit); @@ -1341,7 +1341,7 @@ out: /* * set/get each unit info of each domain */ -static int +static int cf_check rt_dom_cntl( const struct scheduler *ops, struct domain *d, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277976.474891 (Exim 4.92) (envelope-from ) id 1nN9mO-0003G1-Sb; Thu, 24 Feb 2022 08:47:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277976.474891; Thu, 24 Feb 2022 08:47:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mO-0003Ft-PU; Thu, 24 Feb 2022 08:47:16 +0000 Received: by outflank-mailman (input) for mailman id 277976; Thu, 24 Feb 2022 08:47:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mM-0003FT-UI for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mM-0000za-Tb for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9mM-0005OT-So for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0yPZKLpHkRUGUiOEDM/h3uZLiejqbRPMD1DLO6UVvKM=; b=XKqqTyrZFM/3aqSwTQ0Cp5RLJt wfAM50T7bh/lrSfoOHrvuimKvHwBvoTBnIpjbn2Y+iak9bid+nnm6kSqlO++vlinStfGVwk9lKVb3 QjpPtSA3YOUt+Ou2ZRLkbv2dn7ROOLFCa2bo7TYR8v3Jktvr8fqLgdP52wQ1WQfEuajo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/evtchn: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:14 +0000 commit fcbae94ea4f7aa62d1c0741577bdcc68caa224a1 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:35:51 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/evtchn: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/event_2l.c | 21 ++++++++++++--------- xen/common/event_channel.c | 3 ++- xen/common/event_fifo.c | 30 ++++++++++++++++-------------- 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/xen/common/event_2l.c b/xen/common/event_2l.c index 7424320e52..d40dd51ab5 100644 --- a/xen/common/event_2l.c +++ b/xen/common/event_2l.c @@ -16,7 +16,8 @@ #include -static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn) +static void cf_check evtchn_2l_set_pending( + struct vcpu *v, struct evtchn *evtchn) { struct domain *d = v->domain; unsigned int port = evtchn->port; @@ -41,12 +42,14 @@ static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn) evtchn_check_pollers(d, port); } -static void evtchn_2l_clear_pending(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_2l_clear_pending( + struct domain *d, struct evtchn *evtchn) { guest_clear_bit(d, evtchn->port, &shared_info(d, evtchn_pending)); } -static void evtchn_2l_unmask(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_2l_unmask( + struct domain *d, struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; unsigned int port = evtchn->port; @@ -64,8 +67,8 @@ static void evtchn_2l_unmask(struct domain *d, struct evtchn *evtchn) } } -static bool evtchn_2l_is_pending(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_2l_is_pending( + const struct domain *d, const struct evtchn *evtchn) { evtchn_port_t port = evtchn->port; unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); @@ -75,8 +78,8 @@ static bool evtchn_2l_is_pending(const struct domain *d, guest_test_bit(d, port, &shared_info(d, evtchn_pending))); } -static bool evtchn_2l_is_masked(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_2l_is_masked( + const struct domain *d, const struct evtchn *evtchn) { evtchn_port_t port = evtchn->port; unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); @@ -86,8 +89,8 @@ static bool evtchn_2l_is_masked(const struct domain *d, guest_test_bit(d, port, &shared_info(d, evtchn_mask))); } -static void evtchn_2l_print_state(struct domain *d, - const struct evtchn *evtchn) +static void cf_check evtchn_2l_print_state( + struct domain *d, const struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 2026bc30dc..183e78ac17 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -99,7 +99,8 @@ static xen_event_channel_notification_t __read_mostly xen_consumers[NR_XEN_CONSUMERS]; /* Default notification action: wake up from wait_on_xen_event_channel(). */ -static void default_xen_notification_fn(struct vcpu *v, unsigned int port) +static void cf_check default_xen_notification_fn( + struct vcpu *v, unsigned int port) { /* Consumer needs notification only if blocked. */ if ( test_and_clear_bit(_VPF_blocked_in_xen, &v->pause_flags) ) diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index 2fb01b82db..ed4d3beb10 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -78,7 +78,7 @@ static inline event_word_t *evtchn_fifo_word_from_port(const struct domain *d, return d->evtchn_fifo->event_array[p] + w; } -static void evtchn_fifo_init(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_init(struct domain *d, struct evtchn *evtchn) { event_word_t *word; @@ -158,7 +158,8 @@ static bool_t evtchn_fifo_set_link(struct domain *d, event_word_t *word, return 1; } -static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn) +static void cf_check evtchn_fifo_set_pending( + struct vcpu *v, struct evtchn *evtchn) { struct domain *d = v->domain; unsigned int port; @@ -317,7 +318,8 @@ static void evtchn_fifo_set_pending(struct vcpu *v, struct evtchn *evtchn) evtchn_check_pollers(d, port); } -static void evtchn_fifo_clear_pending(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_clear_pending( + struct domain *d, struct evtchn *evtchn) { event_word_t *word; @@ -334,7 +336,7 @@ static void evtchn_fifo_clear_pending(struct domain *d, struct evtchn *evtchn) guest_clear_bit(d, EVTCHN_FIFO_PENDING, word); } -static void evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) +static void cf_check evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) { struct vcpu *v = d->vcpu[evtchn->notify_vcpu_id]; event_word_t *word; @@ -350,32 +352,32 @@ static void evtchn_fifo_unmask(struct domain *d, struct evtchn *evtchn) evtchn_fifo_set_pending(v, evtchn); } -static bool evtchn_fifo_is_pending(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_pending( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return word && guest_test_bit(d, EVTCHN_FIFO_PENDING, word); } -static bool_t evtchn_fifo_is_masked(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_masked( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return !word || guest_test_bit(d, EVTCHN_FIFO_MASKED, word); } -static bool_t evtchn_fifo_is_busy(const struct domain *d, - const struct evtchn *evtchn) +static bool cf_check evtchn_fifo_is_busy( + const struct domain *d, const struct evtchn *evtchn) { const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); return word && guest_test_bit(d, EVTCHN_FIFO_LINKED, word); } -static int evtchn_fifo_set_priority(struct domain *d, struct evtchn *evtchn, - unsigned int priority) +static int cf_check evtchn_fifo_set_priority( + struct domain *d, struct evtchn *evtchn, unsigned int priority) { if ( priority > EVTCHN_FIFO_PRIORITY_MIN ) return -EINVAL; @@ -390,8 +392,8 @@ static int evtchn_fifo_set_priority(struct domain *d, struct evtchn *evtchn, return 0; } -static void evtchn_fifo_print_state(struct domain *d, - const struct evtchn *evtchn) +static void cf_check evtchn_fifo_print_state( + struct domain *d, const struct evtchn *evtchn) { event_word_t *word; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277979.474906 (Exim 4.92) (envelope-from ) id 1nN9mY-0003Z2-AZ; Thu, 24 Feb 2022 08:47:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277979.474906; Thu, 24 Feb 2022 08:47:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mY-0003Yt-6y; Thu, 24 Feb 2022 08:47:26 +0000 Received: by outflank-mailman (input) for mailman id 277979; Thu, 24 Feb 2022 08:47:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mX-0003Ke-1N for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mX-0000zu-0e for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9mW-0005PR-WD for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yOS/+p/1ax9hYyNdsXpDwChWDsOTS4vm9/5WdH75Ki0=; b=dSXSgM2sVtA7+8jo+2uhBqFA6X CQFv2Zs+by12iJ+pDhN7wjxMo6dlMkrfCbCzEt745ECR/sp63aw21CNOTgC8SCGpSaSG4sZq4j/nz DCdGzZxCdbDINUPnVqbEn+l+rIYbi2OpGgCV/XqWFr+KUNHX1iOp8f5+O7AUIBIaG6Ls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/hypfs: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:24 +0000 commit 0cccb0416e5480822a54bd74066f73c14238b168 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:42:42 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/hypfs: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Juergen Gross --- xen/common/hypfs.c | 57 +++++++++++++++++++++++----------------------- xen/common/sched/cpupool.c | 25 ++++++++++---------- xen/include/xen/hypfs.h | 49 +++++++++++++++++++-------------------- 3 files changed, 65 insertions(+), 66 deletions(-) diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 1526bcc528..0d22396f5d 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -113,12 +113,13 @@ static void hypfs_unlock(void) } } -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry) +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry) { return entry; } -void hypfs_node_exit(const struct hypfs_entry *entry) +void cf_check hypfs_node_exit(const struct hypfs_entry *entry) { } @@ -289,16 +290,14 @@ static int hypfs_get_path_user(char *buf, return 0; } -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { return ERR_PTR(-ENOTDIR); } -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { struct hypfs_entry *entry; @@ -360,7 +359,7 @@ static struct hypfs_entry *hypfs_get_entry(const char *path) return hypfs_get_entry_rel(&hypfs_root, path + 1); } -unsigned int hypfs_getsize(const struct hypfs_entry *entry) +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry) { return entry->size; } @@ -396,7 +395,7 @@ int hypfs_read_dyndir_id_entry(const struct hypfs_entry_dir *template, return 0; } -static const struct hypfs_entry *hypfs_dyndir_enter( +static const struct hypfs_entry *cf_check hypfs_dyndir_enter( const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; @@ -407,7 +406,7 @@ static const struct hypfs_entry *hypfs_dyndir_enter( return data->template->e.funcs->enter(&data->template->e); } -static struct hypfs_entry *hypfs_dyndir_findentry( +static struct hypfs_entry *cf_check hypfs_dyndir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { const struct hypfs_dyndir_id *data; @@ -418,8 +417,8 @@ static struct hypfs_entry *hypfs_dyndir_findentry( return data->template->e.funcs->findentry(data->template, name, name_len); } -static int hypfs_read_dyndir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check hypfs_read_dyndir( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; @@ -463,8 +462,8 @@ unsigned int hypfs_dynid_entry_size(const struct hypfs_entry *template, return DIRENTRY_SIZE(snprintf(NULL, 0, template->name, id)); } -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_dir *d; const struct hypfs_entry *e; @@ -510,8 +509,8 @@ int hypfs_read_dir(const struct hypfs_entry *entry, return 0; } -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_leaf( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_leaf *l; unsigned int size = entry->funcs->getsize(entry); @@ -555,9 +554,9 @@ static int hypfs_read(const struct hypfs_entry *entry, return ret; } -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_leaf( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { char *buf; int ret; @@ -596,9 +595,9 @@ int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_bool( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { bool buf; @@ -618,9 +617,9 @@ int hypfs_write_bool(struct hypfs_entry_leaf *leaf, return 0; } -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_custom( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { struct param_hypfs *p; char *buf; @@ -653,9 +652,9 @@ int hypfs_write_custom(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_deny( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { return -EACCES; } diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index b9d4babd0d..07f984a659 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1026,8 +1026,8 @@ static struct notifier_block cpu_nfb = { static HYPFS_DIR_INIT(cpupool_pooldir, "%u"); -static int cpupool_dir_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_dir_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { int ret = 0; struct cpupool *c; @@ -1050,7 +1050,8 @@ static int cpupool_dir_read(const struct hypfs_entry *entry, return ret; } -static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check cpupool_dir_getsize( + const struct hypfs_entry *entry) { const struct cpupool *c; unsigned int size = 0; @@ -1061,7 +1062,7 @@ static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) return size; } -static const struct hypfs_entry *cpupool_dir_enter( +static const struct hypfs_entry *cf_check cpupool_dir_enter( const struct hypfs_entry *entry) { struct hypfs_dyndir_id *data; @@ -1076,14 +1077,14 @@ static const struct hypfs_entry *cpupool_dir_enter( return entry; } -static void cpupool_dir_exit(const struct hypfs_entry *entry) +static void cf_check cpupool_dir_exit(const struct hypfs_entry *entry) { spin_unlock(&cpupool_lock); hypfs_free_dyndata(); } -static struct hypfs_entry *cpupool_dir_findentry( +static struct hypfs_entry *cf_check cpupool_dir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { unsigned long id; @@ -1102,8 +1103,8 @@ static struct hypfs_entry *cpupool_dir_findentry( return hypfs_gen_dyndir_id_entry(&cpupool_pooldir, id, cpupool); } -static int cpupool_gran_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_gran_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1121,7 +1122,7 @@ static int cpupool_gran_read(const struct hypfs_entry *entry, return copy_to_guest(uaddr, gran, strlen(gran) + 1) ? -EFAULT : 0; } -static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check hypfs_gran_getsize(const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1136,9 +1137,9 @@ static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) return strlen(gran) + 1; } -static int cpupool_gran_write(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +static int cf_check cpupool_gran_write( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { const struct hypfs_dyndir_id *data; struct cpupool *cpupool; diff --git a/xen/include/xen/hypfs.h b/xen/include/xen/hypfs.h index e9d4c2555b..1b65a9188c 100644 --- a/xen/include/xen/hypfs.h +++ b/xen/include/xen/hypfs.h @@ -168,31 +168,30 @@ void hypfs_add_dyndir(struct hypfs_entry_dir *parent, struct hypfs_entry_dir *template); int hypfs_add_leaf(struct hypfs_entry_dir *parent, struct hypfs_entry_leaf *leaf, bool nofault); -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry); -void hypfs_node_exit(const struct hypfs_entry *entry); -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -unsigned int hypfs_getsize(const struct hypfs_entry *entry); -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry); +void cf_check hypfs_node_exit(const struct hypfs_entry *entry); +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_read_leaf(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_write_deny(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_leaf(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_bool(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_custom(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry); +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); void *hypfs_alloc_dyndata(unsigned long size); #define hypfs_alloc_dyndata(type) ((type *)hypfs_alloc_dyndata(sizeof(type))) void *hypfs_get_dyndata(void); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277981.474910 (Exim 4.92) (envelope-from ) id 1nN9mi-0003fG-C6; Thu, 24 Feb 2022 08:47:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277981.474910; Thu, 24 Feb 2022 08:47:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mi-0003f8-98; Thu, 24 Feb 2022 08:47:36 +0000 Received: by outflank-mailman (input) for mailman id 277981; Thu, 24 Feb 2022 08:47:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mh-0003eg-5E for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mh-00010E-4Y for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9mh-0005Qj-3v for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SqB1cPVGmzMCHsE3tjkvg7cMHyfW+hbqELahJB3nysg=; b=EUQRJkTGILJ7zinMqgwzV3Wjve sfSO4rfJ1jN/Kkr0C8EUy/YppncAwyXEVQEXWFxDWO4wI21A6eeToqly1Sk4u6GleNmcxXNbfyUno XHa7DMO4EUwSPjQu+YxxTSHI2zy3c4U57pzYxD+0ACxZJUS8WtIwNsg/4yZ6E9f0VFks=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/tasklet: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:35 +0000 commit 69f14d2ad9f7b23cdf2aad3b907b06c7f94cffab Author: Andrew Cooper AuthorDate: Thu Oct 28 10:58:37 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/tasklet: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The function pointer cast in hvm_vcpu_initialise() is undefined behaviour. While it happens to function correctly, it is not compatible with control flow typechecking, so introduce a new hvm_assert_evtchn_irq_tasklet() to handle the parameter type conversion in a legal way. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 7 ++++++- xen/arch/x86/hvm/vlapic.c | 2 +- xen/arch/x86/include/asm/shadow.h | 2 +- xen/arch/x86/mm/shadow/common.c | 2 +- xen/common/domain.c | 2 +- xen/common/keyhandler.c | 6 +++--- xen/common/livepatch.c | 2 +- xen/common/stop_machine.c | 2 +- xen/common/trace.c | 2 +- xen/drivers/char/console.c | 2 +- xen/drivers/passthrough/amd/iommu_guest.c | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 4 ++-- xen/drivers/passthrough/vtd/iommu.c | 2 +- 13 files changed, 21 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 0a19353068..5ec10f3080 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1528,6 +1528,11 @@ static int __init cf_check hvm_register_CPU_save_and_restore(void) } __initcall(hvm_register_CPU_save_and_restore); +static void cf_check hvm_assert_evtchn_irq_tasklet(void *v) +{ + hvm_assert_evtchn_irq(v); +} + int hvm_vcpu_initialise(struct vcpu *v) { int rc; @@ -1552,7 +1557,7 @@ int hvm_vcpu_initialise(struct vcpu *v) goto fail3; softirq_tasklet_init(&v->arch.hvm.assert_evtchn_irq_tasklet, - (void (*)(void *))hvm_assert_evtchn_irq, v); + hvm_assert_evtchn_irq_tasklet, v); v->arch.hvm.inject_event.vector = HVM_EVENT_VECTOR_UNSET; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index b8c84458ff..fe375912be 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -312,7 +312,7 @@ static void vlapic_init_sipi_one(struct vcpu *target, uint32_t icr) vcpu_unpause(target); } -static void vlapic_init_sipi_action(void *data) +static void cf_check vlapic_init_sipi_action(void *data) { struct vcpu *origin = data; uint32_t icr = vcpu_vlapic(origin)->init_sipi.icr; diff --git a/xen/arch/x86/include/asm/shadow.h b/xen/arch/x86/include/asm/shadow.h index e25f9604d8..7ef76cc063 100644 --- a/xen/arch/x86/include/asm/shadow.h +++ b/xen/arch/x86/include/asm/shadow.h @@ -233,7 +233,7 @@ static inline bool pv_l1tf_check_l4e(struct domain *d, l4_pgentry_t l4e) return pv_l1tf_check_pte(d, 4, l4e.l4); } -void pv_l1tf_tasklet(void *data); +void cf_check pv_l1tf_tasklet(void *data); static inline void pv_l1tf_domain_init(struct domain *d) { diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index b8730a9441..fb370af90b 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -3242,7 +3242,7 @@ void shadow_audit_tables(struct vcpu *v) #ifdef CONFIG_PV -void pv_l1tf_tasklet(void *data) +void cf_check pv_l1tf_tasklet(void *data) { struct domain *d = data; diff --git a/xen/common/domain.c b/xen/common/domain.c index c5716cd72f..f3d06df76c 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1820,7 +1820,7 @@ struct migrate_info { static DEFINE_PER_CPU(struct migrate_info *, continue_info); -static void continue_hypercall_tasklet_handler(void *data) +static void cf_check continue_hypercall_tasklet_handler(void *data) { struct migrate_info *info = data; struct vcpu *v = info->vcpu; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 2c916d528a..b568484ca6 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -73,7 +73,7 @@ static struct keyhandler { #undef KEYHANDLER }; -static void keypress_action(void *unused) +static void cf_check keypress_action(void *unused) { handle_keypress(keypress_key, NULL); } @@ -206,7 +206,7 @@ static void dump_registers(unsigned char key, struct cpu_user_regs *regs) static DECLARE_TASKLET(dump_hwdom_tasklet, NULL, NULL); -static void dump_hwdom_action(void *data) +static void cf_check dump_hwdom_action(void *data) { struct vcpu *v = data; @@ -437,7 +437,7 @@ static void read_clocks(unsigned char key) maxdif_cycles, sumdif_cycles/count, count, dif_cycles); } -static void run_all_nonirq_keyhandlers(void *unused) +static void cf_check run_all_nonirq_keyhandlers(void *unused) { /* Fire all the non-IRQ-context diagnostic keyhandlers */ struct keyhandler *h; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 701efd87a1..4e1c29ab78 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -1591,7 +1591,7 @@ static int schedule_work(struct payload *data, uint32_t cmd, uint32_t timeout) return 0; } -static void tasklet_fn(void *unused) +static void cf_check tasklet_fn(void *unused) { this_cpu(work_to_do) = 1; } diff --git a/xen/common/stop_machine.c b/xen/common/stop_machine.c index a122bd4afe..3adbe380de 100644 --- a/xen/common/stop_machine.c +++ b/xen/common/stop_machine.c @@ -141,7 +141,7 @@ int stop_machine_run(int (*fn)(void *), void *data, unsigned int cpu) return ret; } -static void stopmachine_action(void *data) +static void cf_check stopmachine_action(void *data) { unsigned int cpu = (unsigned long)data; enum stopmachine_state state = STOPMACHINE_START; diff --git a/xen/common/trace.c b/xen/common/trace.c index b5358508f8..a7c092fcbb 100644 --- a/xen/common/trace.c +++ b/xen/common/trace.c @@ -663,7 +663,7 @@ static inline void insert_lost_records(struct t_buf *buf) * Notification is performed in qtasklet to avoid deadlocks with contexts * which __trace_var() may be called from (e.g., scheduler critical regions). */ -static void trace_notify_dom0(void *unused) +static void cf_check trace_notify_dom0(void *unused) { send_global_virq(VIRQ_TBUF); } diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 4694be83db..d74b65f6bf 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -574,7 +574,7 @@ static void serial_rx(char c, struct cpu_user_regs *regs) __serial_rx(c, regs); } -static void notify_dom0_con_ring(void *unused) +static void cf_check notify_dom0_con_ring(void *unused) { send_global_virq(VIRQ_CON_RING); } diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c index 85828490ff..361ff864d8 100644 --- a/xen/drivers/passthrough/amd/iommu_guest.c +++ b/xen/drivers/passthrough/amd/iommu_guest.c @@ -456,7 +456,7 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd) return 0; } -static void guest_iommu_process_command(void *data) +static void cf_check guest_iommu_process_command(void *data) { unsigned long opcode, tail, head, cmd_mfn; cmd_entry_t *cmd; diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index f1ed755582..34a9e49f1c 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -26,7 +26,7 @@ static int __initdata nr_amd_iommus; static bool __initdata pci_init; -static void do_amd_iommu_irq(void *data); +static void cf_check do_amd_iommu_irq(void *data); static DECLARE_SOFTIRQ_TASKLET(amd_iommu_irq_tasklet, do_amd_iommu_irq, NULL); unsigned int __read_mostly amd_iommu_acpi_info; @@ -692,7 +692,7 @@ static void iommu_check_ppr_log(struct amd_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } -static void do_amd_iommu_irq(void *unused) +static void cf_check do_amd_iommu_irq(void *unused) { struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6ed32922c4..42181e12be 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1049,7 +1049,7 @@ clear_overflow: } } -static void do_iommu_page_fault(void *unused) +static void cf_check do_iommu_page_fault(void *unused) { struct acpi_drhd_unit *drhd; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277985.474914 (Exim 4.92) (envelope-from ) id 1nN9ms-0003og-G0; Thu, 24 Feb 2022 08:47:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277985.474914; Thu, 24 Feb 2022 08:47:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ms-0003oZ-Ct; Thu, 24 Feb 2022 08:47:46 +0000 Received: by outflank-mailman (input) for mailman id 277985; Thu, 24 Feb 2022 08:47:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mr-0003o3-9z for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9mr-00010g-9I for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9mr-0005RU-8g for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hKoQaQ2RVzZOf8m3kUJ8Sx1txA84w8k2OisK7Lzmmqw=; b=yJdBDn2C5VNO3yjfisHD07NI6K OBJwhCcP37Tgx+gNGCuA3llCskr7GOsFkk5o3dMU8aWWdAF7Y6uVKRZCj4HN8BWPWHTm77qb/Y29E iz2z+Mx1CTfvdTp5X4dY9PE7xIzutp95eIbw/vk+/3itshSCKqQplkSyhestyzzJ3bcw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/keyhandler: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:45 +0000 commit ef0434ae38030d0a002805c72f5c2819c20d9dcc Author: Andrew Cooper AuthorDate: Thu Oct 28 11:18:45 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/keyhandler: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Tweak {IRQ_,}KEYHANDLER() to use a named initialiser instead of requiring a pointer cast to compile in the IRQ case. Reposition iommu_dump_page_tables() to avoid a forward declaration. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/hvm/irq.c | 2 +- xen/arch/x86/hvm/svm/vmcb.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/io_apic.c | 2 +- xen/arch/x86/irq.c | 2 +- xen/arch/x86/mm/p2m-ept.c | 2 +- xen/arch/x86/mm/shadow/common.c | 4 +-- xen/arch/x86/msi.c | 2 +- xen/arch/x86/nmi.c | 4 +-- xen/arch/x86/numa.c | 2 +- xen/arch/x86/time.c | 2 +- xen/common/debugtrace.c | 2 +- xen/common/event_channel.c | 2 +- xen/common/grant_table.c | 2 +- xen/common/kexec.c | 2 +- xen/common/keyhandler.c | 35 ++++++++++++--------- xen/common/livepatch.c | 2 +- xen/common/page_alloc.c | 4 +-- xen/common/perfc.c | 4 +-- xen/common/sched/cpupool.c | 2 +- xen/common/spinlock.c | 4 +-- xen/common/timer.c | 2 +- xen/drivers/char/console.c | 8 ++--- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_intr.c | 2 +- xen/drivers/passthrough/iommu.c | 52 +++++++++++++++----------------- xen/drivers/passthrough/pci.c | 2 +- xen/drivers/passthrough/vtd/extern.h | 2 +- xen/drivers/passthrough/vtd/utils.c | 2 +- xen/include/xen/perfc.h | 4 +-- xen/include/xen/sched.h | 2 +- xen/include/xen/spinlock.h | 4 +-- 33 files changed, 86 insertions(+), 83 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 22c8bb0c2d..0142671bb8 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -377,7 +377,7 @@ static void print_acpi_power(uint32_t cpu, struct acpi_processor_power *power) print_hw_residencies(cpu); } -static void dump_cx(unsigned char key) +static void cf_check dump_cx(unsigned char key) { unsigned int cpu; diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index 6045c9149b..a7f8991a7b 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -635,7 +635,7 @@ static void irq_dump(struct domain *d) hvm_irq->callback_via_asserted ? "" : " not"); } -static void dump_irq_info(unsigned char key) +static void cf_check dump_irq_info(unsigned char key) { struct domain *d; diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index efa085032b..9583096577 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -226,7 +226,7 @@ void svm_destroy_vmcb(struct vcpu *v) svm->vmcb = NULL; } -static void vmcb_dump(unsigned char ch) +static void cf_check vmcb_dump(unsigned char ch) { struct domain *d; struct vcpu *v; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 2b6bafe9d5..d2cafd8ca1 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2117,7 +2117,7 @@ void vmcs_dump_vcpu(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmcs_dump(unsigned char ch) +static void cf_check vmcs_dump(unsigned char ch) { struct domain *d; struct vcpu *v; diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 4135a9c060..4c5eaef862 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1268,7 +1268,7 @@ static void __init print_IO_APIC(void) __print_IO_APIC(1); } -static void _print_IO_APIC_keyhandler(unsigned char key) +static void cf_check _print_IO_APIC_keyhandler(unsigned char key) { __print_IO_APIC(0); } diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index d9bd355113..f43b926ed2 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2424,7 +2424,7 @@ void free_domain_pirqs(struct domain *d) pcidevs_unlock(); } -static void dump_irqs(unsigned char key) +static void cf_check dump_irqs(unsigned char key) { int i, irq, pirq; struct irq_desc *desc; diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index b7ee441d45..a8a6ad6295 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -1433,7 +1433,7 @@ static const char *memory_type_to_str(unsigned int x) return memory_types[x][0] ? memory_types[x] : "?"; } -static void ept_dump_p2m_table(unsigned char key) +static void cf_check ept_dump_p2m_table(unsigned char key) { struct domain *d; ept_entry_t *table, *ept_entry; diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index fb370af90b..83dedc8870 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -98,7 +98,7 @@ void shadow_vcpu_init(struct vcpu *v) #if SHADOW_AUDIT int shadow_audit_enable = 0; -static void shadow_audit_key(unsigned char key) +static void cf_check shadow_audit_key(unsigned char key) { shadow_audit_enable = !shadow_audit_enable; printk("%s shadow_audit_enable=%d\n", @@ -1046,7 +1046,7 @@ void shadow_blow_tables_per_domain(struct domain *d) /* Blow all shadows of all shadowed domains: this can be used to cause the * guest's pagetables to be re-shadowed if we suspect that the shadows * have somehow got out of sync */ -static void shadow_blow_all_tables(unsigned char c) +static void cf_check shadow_blow_all_tables(unsigned char c) { struct domain *d; printk("'%c' pressed -> blowing all shadow tables\n", c); diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index d1497254b1..77a4fbf13f 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -1411,7 +1411,7 @@ void __init early_msi_init(void) return; } -static void dump_msi(unsigned char key) +static void cf_check dump_msi(unsigned char key) { unsigned int irq; diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 0a1c9b8e9a..302eaf2ff3 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -577,13 +577,13 @@ void self_nmi(void) local_irq_restore(flags); } -static void do_nmi_trigger(unsigned char key) +static void cf_check do_nmi_trigger(unsigned char key) { printk("Triggering NMI on APIC ID %x\n", get_apic_id()); self_nmi(); } -static void do_nmi_stats(unsigned char key) +static void cf_check do_nmi_stats(unsigned char key) { const struct vcpu *v; unsigned int cpu; diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 5de9db4e99..680b7d9002 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -369,7 +369,7 @@ unsigned int __init arch_get_dma_bitsize(void) + PAGE_SHIFT, 32); } -static void dump_numa(unsigned char key) +static void cf_check dump_numa(unsigned char key) { s_time_t now = NOW(); unsigned int i, j, n; diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 32111358a7..10efe13c84 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2539,7 +2539,7 @@ int tsc_set_info(struct domain *d, } /* vtsc may incur measurable performance degradation, diagnose with this */ -static void dump_softtsc(unsigned char key) +static void cf_check dump_softtsc(unsigned char key) { struct domain *d; int domcnt = 0; diff --git a/xen/common/debugtrace.c b/xen/common/debugtrace.c index 160d00b796..a272e5e437 100644 --- a/xen/common/debugtrace.c +++ b/xen/common/debugtrace.c @@ -233,7 +233,7 @@ void debugtrace_printk(const char *fmt, ...) spin_unlock_irqrestore(&debugtrace_lock, flags); } -static void debugtrace_key(unsigned char key) +static void cf_check debugtrace_key(unsigned char key) { debugtrace_toggle(); } diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 183e78ac17..ffb042a241 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -1629,7 +1629,7 @@ static void domain_dump_evtchn_info(struct domain *d) spin_unlock(&d->event_lock); } -static void dump_evtchn_info(unsigned char key) +static void cf_check dump_evtchn_info(unsigned char key) { struct domain *d; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1078e3e16c..1e0762b064 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -4275,7 +4275,7 @@ static void gnttab_usage_print(struct domain *rd) printk("no active grant table entries\n"); } -static void gnttab_usage_print_all(unsigned char key) +static void cf_check gnttab_usage_print_all(unsigned char key) { struct domain *d; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index b222a5fd78..a2ffb6530c 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -408,7 +408,7 @@ static long cf_check kexec_reboot(void *_image) return 0; } -static void do_crashdump_trigger(unsigned char key) +static void cf_check do_crashdump_trigger(unsigned char key) { printk("'%c' pressed -> triggering crashdump\n", key); kexec_crash(CRASHREASON_DEBUGKEY); diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index b568484ca6..5dc650a37c 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -26,10 +26,11 @@ static unsigned char keypress_key; static bool_t alt_key_handling; -static keyhandler_fn_t show_handlers, dump_hwdom_registers, - dump_domains, read_clocks; -static irq_keyhandler_fn_t do_toggle_alt_key, dump_registers, - reboot_machine, run_all_keyhandlers, do_debug_key; +static keyhandler_fn_t cf_check show_handlers, cf_check dump_hwdom_registers, + cf_check dump_domains, cf_check read_clocks; +static irq_keyhandler_fn_t cf_check do_toggle_alt_key, cf_check dump_registers, + cf_check reboot_machine, cf_check run_all_keyhandlers, + cf_check do_debug_key; static struct keyhandler { union { @@ -43,10 +44,10 @@ static struct keyhandler { } key_table[128] __read_mostly = { #define KEYHANDLER(k, f, desc, diag) \ - [k] = { { (f) }, desc, 0, diag } + [k] = { { .fn = (f) }, desc, 0, diag } #define IRQ_KEYHANDLER(k, f, desc, diag) \ - [k] = { { (keyhandler_fn_t *)(f) }, desc, 1, diag } + [k] = { { .irq_fn = (f) }, desc, 1, diag } IRQ_KEYHANDLER('A', do_toggle_alt_key, "toggle alternative key handling", 0), IRQ_KEYHANDLER('d', dump_registers, "dump registers", 1), @@ -124,7 +125,7 @@ void register_irq_keyhandler(unsigned char key, irq_keyhandler_fn_t fn, key_table[key].diagnostic = diagnostic; } -static void show_handlers(unsigned char key) +static void cf_check show_handlers(unsigned char key) { unsigned int i; @@ -170,7 +171,8 @@ void dump_execstate(struct cpu_user_regs *regs) watchdog_enable(); } -static void dump_registers(unsigned char key, struct cpu_user_regs *regs) +static void cf_check dump_registers( + unsigned char key, struct cpu_user_regs *regs) { unsigned int cpu; @@ -224,7 +226,7 @@ static void cf_check dump_hwdom_action(void *data) } } -static void dump_hwdom_registers(unsigned char key) +static void cf_check dump_hwdom_registers(unsigned char key) { struct vcpu *v; @@ -246,13 +248,14 @@ static void dump_hwdom_registers(unsigned char key) } } -static void reboot_machine(unsigned char key, struct cpu_user_regs *regs) +static void cf_check reboot_machine( + unsigned char key, struct cpu_user_regs *regs) { printk("'%c' pressed -> rebooting machine\n", key); machine_restart(0); } -static void dump_domains(unsigned char key) +static void cf_check dump_domains(unsigned char key) { struct domain *d; const struct sched_unit *unit; @@ -372,7 +375,7 @@ static void cf_check read_clocks_slave(void *unused) local_irq_enable(); } -static void read_clocks(unsigned char key) +static void cf_check read_clocks(unsigned char key) { unsigned int cpu = smp_processor_id(), min_stime_cpu, max_stime_cpu; unsigned int min_cycles_cpu, max_cycles_cpu; @@ -461,7 +464,8 @@ static void cf_check run_all_nonirq_keyhandlers(void *unused) static DECLARE_TASKLET(run_all_keyhandlers_tasklet, run_all_nonirq_keyhandlers, NULL); -static void run_all_keyhandlers(unsigned char key, struct cpu_user_regs *regs) +static void cf_check run_all_keyhandlers( + unsigned char key, struct cpu_user_regs *regs) { struct keyhandler *h; unsigned int k; @@ -494,7 +498,7 @@ static void do_debugger_trap_fatal(struct cpu_user_regs *regs) barrier(); } -static void do_debug_key(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_debug_key(unsigned char key, struct cpu_user_regs *regs) { printk("'%c' pressed -> trapping into debugger\n", key); if ( regs ) @@ -503,7 +507,8 @@ static void do_debug_key(unsigned char key, struct cpu_user_regs *regs) run_in_exception_handler(do_debugger_trap_fatal); } -static void do_toggle_alt_key(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_toggle_alt_key( + unsigned char key, struct cpu_user_regs *regs) { alt_key_handling = !alt_key_handling; printk("'%c' pressed -> using %s key handling\n", key, diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 4e1c29ab78..e8714920dc 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2068,7 +2068,7 @@ static const char *state2str(unsigned int state) return names[state]; } -static void livepatch_printall(unsigned char key) +static void cf_check livepatch_printall(unsigned char key) { struct payload *data; const void *binary_id = NULL; diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 827617502e..3caf5c954b 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -2522,7 +2522,7 @@ unsigned long avail_node_heap_pages(unsigned int nodeid) } -static void pagealloc_info(unsigned char key) +static void cf_check pagealloc_info(unsigned char key) { unsigned int zone = MEMZONE_XEN; unsigned long n, total = 0; @@ -2572,7 +2572,7 @@ void scrub_one_page(struct page_info *pg) #endif } -static void dump_heap(unsigned char key) +static void cf_check dump_heap(unsigned char key) { s_time_t now = NOW(); int i, j; diff --git a/xen/common/perfc.c b/xen/common/perfc.c index 3abe35892a..7400667bf0 100644 --- a/xen/common/perfc.c +++ b/xen/common/perfc.c @@ -28,7 +28,7 @@ static const struct { DEFINE_PER_CPU(perfc_t[NUM_PERFCOUNTERS], perfcounters); -void perfc_printall(unsigned char key) +void cf_check perfc_printall(unsigned char key) { unsigned int i, j; s_time_t now = NOW(); @@ -115,7 +115,7 @@ void perfc_printall(unsigned char key) } } -void perfc_reset(unsigned char key) +void cf_check perfc_reset(unsigned char key) { unsigned int i, j; s_time_t now = NOW(); diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index 07f984a659..a6da497050 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -956,7 +956,7 @@ const cpumask_t *cpupool_valid_cpus(const struct cpupool *pool) return pool->cpu_valid; } -void dump_runq(unsigned char key) +void cf_check dump_runq(unsigned char key) { s_time_t now = NOW(); struct cpupool *c; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5ce7e33638..25bfbf3c47 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -393,7 +393,7 @@ static void spinlock_profile_print_elem(struct lock_profile *data, data->lock_cnt, data->time_hold, data->block_cnt, data->time_block); } -void spinlock_profile_printall(unsigned char key) +void cf_check spinlock_profile_printall(unsigned char key) { s_time_t now = NOW(); s_time_t diff; @@ -413,7 +413,7 @@ static void spinlock_profile_reset_elem(struct lock_profile *data, data->time_block = 0; } -void spinlock_profile_reset(unsigned char key) +void cf_check spinlock_profile_reset(unsigned char key) { s_time_t now = NOW(); diff --git a/xen/common/timer.c b/xen/common/timer.c index 700f191a70..9b5016d5ed 100644 --- a/xen/common/timer.c +++ b/xen/common/timer.c @@ -546,7 +546,7 @@ static void dump_timer(struct timer *t, s_time_t now) (t->expires - now) / 1000, t, t->function, t->data); } -static void dump_timerq(unsigned char key) +static void cf_check dump_timerq(unsigned char key) { struct timer *t; struct timers *ts; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index d74b65f6bf..380765ab02 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -280,7 +280,7 @@ static int *__read_mostly upper_thresh_adj = &xenlog_upper_thresh; static int *__read_mostly lower_thresh_adj = &xenlog_lower_thresh; static const char *__read_mostly thresh_adj = "standard"; -static void do_toggle_guest(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_toggle_guest(unsigned char key, struct cpu_user_regs *regs) { if ( upper_thresh_adj == &xenlog_upper_thresh ) { @@ -307,13 +307,13 @@ static void do_adj_thresh(unsigned char key) loglvl_str(*upper_thresh_adj)); } -static void do_inc_thresh(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_inc_thresh(unsigned char key, struct cpu_user_regs *regs) { ++*lower_thresh_adj; do_adj_thresh(key); } -static void do_dec_thresh(unsigned char key, struct cpu_user_regs *regs) +static void cf_check do_dec_thresh(unsigned char key, struct cpu_user_regs *regs) { if ( *lower_thresh_adj ) --*lower_thresh_adj; @@ -424,7 +424,7 @@ void console_serial_puts(const char *s, size_t nr) pv_console_puts(s, nr); } -static void dump_console_ring_key(unsigned char key) +static void cf_check dump_console_ring_key(unsigned char key) { uint32_t idx, len, sofar, c; unsigned int order; diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 04517c1a02..99be9aafcc 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -297,7 +297,7 @@ unsigned int amd_iommu_read_ioapic_from_ire( int amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg); int amd_setup_hpet_msi(struct msi_desc *msi_desc); -void amd_iommu_dump_intremap_tables(unsigned char key); +void cf_check amd_iommu_dump_intremap_tables(unsigned char key); extern struct ioapic_sbdf { u16 bdf, seg; diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index b166a04666..e7804413c7 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -844,7 +844,7 @@ static int dump_intremap_mapping(const struct amd_iommu *iommu, return 0; } -void amd_iommu_dump_intremap_tables(unsigned char key) +void cf_check amd_iommu_dump_intremap_tables(unsigned char key) { if ( !shared_intremap_table ) { diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 6ee267d2bf..e220fea72c 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -22,8 +22,6 @@ #include #include -static void iommu_dump_page_tables(unsigned char key); - unsigned int __read_mostly iommu_dev_iotlb_timeout = 1000; integer_param("iommu_dev_iotlb_timeout", iommu_dev_iotlb_timeout); @@ -224,6 +222,31 @@ int iommu_domain_init(struct domain *d, unsigned int opts) return 0; } +static void cf_check iommu_dump_page_tables(unsigned char key) +{ + struct domain *d; + + ASSERT(iommu_enabled); + + rcu_read_lock(&domlist_read_lock); + + for_each_domain(d) + { + if ( is_hardware_domain(d) || !is_iommu_enabled(d) ) + continue; + + if ( iommu_use_hap_pt(d) ) + { + printk("%pd sharing page tables\n", d); + continue; + } + + iommu_vcall(dom_iommu(d)->platform_ops, dump_page_tables, d); + } + + rcu_read_unlock(&domlist_read_lock); +} + void __hwdom_init iommu_hwdom_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -584,31 +607,6 @@ bool_t iommu_has_feature(struct domain *d, enum iommu_feature feature) return is_iommu_enabled(d) && test_bit(feature, dom_iommu(d)->features); } -static void iommu_dump_page_tables(unsigned char key) -{ - struct domain *d; - - ASSERT(iommu_enabled); - - rcu_read_lock(&domlist_read_lock); - - for_each_domain(d) - { - if ( is_hardware_domain(d) || !is_iommu_enabled(d) ) - continue; - - if ( iommu_use_hap_pt(d) ) - { - printk("%pd sharing page tables\n", d); - continue; - } - - iommu_vcall(dom_iommu(d)->platform_ops, dump_page_tables, d); - } - - rcu_read_unlock(&domlist_read_lock); -} - /* * Local variables: * mode: C diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 099312365d..18af4e5088 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1351,7 +1351,7 @@ static int _dump_pci_devices(struct pci_seg *pseg, void *arg) return 0; } -static void dump_pci_devices(unsigned char ch) +static void cf_check dump_pci_devices(unsigned char ch) { printk("==== PCI devices ====\n"); pcidevs_lock(); diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index 52b82f7132..ccf8df7be4 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -31,7 +31,7 @@ extern const struct iommu_init_ops intel_iommu_init_ops; void print_iommu_regs(struct acpi_drhd_unit *drhd); void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn); -keyhandler_fn_t vtd_dump_iommu_info; +keyhandler_fn_t cf_check vtd_dump_iommu_info; bool intel_iommu_supports_eim(void); int intel_iommu_enable_eim(void); diff --git a/xen/drivers/passthrough/vtd/utils.c b/xen/drivers/passthrough/vtd/utils.c index 56dfdff9bd..47922dc8e8 100644 --- a/xen/drivers/passthrough/vtd/utils.c +++ b/xen/drivers/passthrough/vtd/utils.c @@ -154,7 +154,7 @@ void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn) } while ( --level ); } -void vtd_dump_iommu_info(unsigned char key) +void cf_check vtd_dump_iommu_info(unsigned char key) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; diff --git a/xen/include/xen/perfc.h b/xen/include/xen/perfc.h index 6846e7119f..bb010b0aae 100644 --- a/xen/include/xen/perfc.h +++ b/xen/include/xen/perfc.h @@ -96,8 +96,8 @@ DECLARE_PER_CPU(perfc_t[NUM_PERFCOUNTERS], perfcounters); struct xen_sysctl_perfc_op; int perfc_control(struct xen_sysctl_perfc_op *); -extern void perfc_printall(unsigned char key); -extern void perfc_reset(unsigned char key); +extern void cf_check perfc_printall(unsigned char key); +extern void cf_check perfc_reset(unsigned char key); #else /* CONFIG_PERF_COUNTERS */ diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 24a9a87f83..10ea969c7a 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -1145,7 +1145,7 @@ int cpupool_move_domain(struct domain *d, struct cpupool *c); int cpupool_do_sysctl(struct xen_sysctl_cpupool_op *op); unsigned int cpupool_get_id(const struct domain *d); const cpumask_t *cpupool_valid_cpus(const struct cpupool *pool); -extern void dump_runq(unsigned char key); +extern void cf_check dump_runq(unsigned char key); void arch_do_physinfo(struct xen_sysctl_physinfo *pi); diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 9fa4e600c1..961891bea4 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -129,8 +129,8 @@ void _lock_profile_deregister_struct(int32_t, struct lock_profile_qhead *); _lock_profile_deregister_struct(type, &((ptr)->profile_head)) extern int spinlock_profile_control(struct xen_sysctl_lockprof_op *pc); -extern void spinlock_profile_printall(unsigned char key); -extern void spinlock_profile_reset(unsigned char key); +extern void cf_check spinlock_profile_printall(unsigned char key); +extern void cf_check spinlock_profile_reset(unsigned char key); #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:47:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:47:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277989.474918 (Exim 4.92) (envelope-from ) id 1nN9n2-0003yr-Hf; Thu, 24 Feb 2022 08:47:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277989.474918; Thu, 24 Feb 2022 08:47:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9n2-0003yj-Ej; Thu, 24 Feb 2022 08:47:56 +0000 Received: by outflank-mailman (input) for mailman id 277989; Thu, 24 Feb 2022 08:47:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9n1-0003xo-DQ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9n1-000110-Ce for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9n1-0005S5-Bq for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:47:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pmWX5f9pZOvAKDEIKpmceUZuQPcV6y5b23A+2+A4u8k=; b=QgjKKJKAtNMsNaxp+k/7szOi2H PZfs87LOkwhLcEqzF57cYepCfPkTAXrH/hOQ7USb6BWMzkNogZZYGd/BbzyU0B8yPRJkGaLX4u084 92Q8g6wnT2FNQP8t+Zx7dbOgmlzIYXT7RN2NeBRsJXe6wseWtSQhRInbo8pDi7whJC94=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/vpci: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:47:55 +0000 commit 4ed7d5525f7675b364dcde5c248d841d44559d36 Author: Andrew Cooper AuthorDate: Fri Oct 29 11:57:06 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/vpci: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/vpci/header.c | 18 +++++++++--------- xen/drivers/vpci/msi.c | 42 +++++++++++++++++++++--------------------- xen/drivers/vpci/msix.c | 20 ++++++++++---------- xen/drivers/vpci/vpci.c | 16 ++++++++-------- xen/include/xen/vpci.h | 8 ++++---- 5 files changed, 52 insertions(+), 52 deletions(-) diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c index 40ff79c33f..a1c928a0d2 100644 --- a/xen/drivers/vpci/header.c +++ b/xen/drivers/vpci/header.c @@ -33,8 +33,8 @@ struct map_data { bool map; }; -static int map_range(unsigned long s, unsigned long e, void *data, - unsigned long *c) +static int cf_check map_range( + unsigned long s, unsigned long e, void *data, unsigned long *c) { const struct map_data *map = data; int rc; @@ -332,8 +332,8 @@ static int modify_bars(const struct pci_dev *pdev, uint16_t cmd, bool rom_only) return 0; } -static void cmd_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t cmd, void *data) +static void cf_check cmd_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t cmd, void *data) { uint16_t current_cmd = pci_conf_read16(pdev->sbdf, reg); @@ -353,8 +353,8 @@ static void cmd_write(const struct pci_dev *pdev, unsigned int reg, pci_conf_write16(pdev->sbdf, reg, cmd); } -static void bar_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check bar_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_bar *bar = data; bool hi = false; @@ -397,8 +397,8 @@ static void bar_write(const struct pci_dev *pdev, unsigned int reg, pci_conf_write32(pdev->sbdf, reg, val); } -static void rom_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check rom_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_header *header = &pdev->vpci->header; struct vpci_bar *rom = data; @@ -445,7 +445,7 @@ static void rom_write(const struct pci_dev *pdev, unsigned int reg, rom->addr = val & PCI_ROM_ADDRESS_MASK; } -static int init_bars(struct pci_dev *pdev) +static int cf_check init_bars(struct pci_dev *pdev) { uint16_t cmd; uint64_t addr, size; diff --git a/xen/drivers/vpci/msi.c b/xen/drivers/vpci/msi.c index 5757a7aed2..8f2b59e61a 100644 --- a/xen/drivers/vpci/msi.c +++ b/xen/drivers/vpci/msi.c @@ -22,8 +22,8 @@ #include -static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check control_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; @@ -34,8 +34,8 @@ static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, (msi->address64 ? PCI_MSI_FLAGS_64BIT : 0); } -static void control_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check control_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; unsigned int vectors = min_t(uint8_t, @@ -89,16 +89,16 @@ static void update_msi(const struct pci_dev *pdev, struct vpci_msi *msi) } /* Handlers for the address field (32bit or low part of a 64bit address). */ -static uint32_t address_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check address_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->address; } -static void address_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check address_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -110,16 +110,16 @@ static void address_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the high part of a 64bit address field. */ -static uint32_t address_hi_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check address_hi_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->address >> 32; } -static void address_hi_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check address_hi_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -131,16 +131,16 @@ static void address_hi_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the data field. */ -static uint32_t data_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check data_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->data; } -static void data_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check data_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; @@ -150,16 +150,16 @@ static void data_write(const struct pci_dev *pdev, unsigned int reg, } /* Handlers for the MSI mask bits. */ -static uint32_t mask_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check mask_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msi *msi = data; return msi->mask; } -static void mask_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check mask_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msi *msi = data; uint32_t dmask = msi->mask ^ val; @@ -182,7 +182,7 @@ static void mask_write(const struct pci_dev *pdev, unsigned int reg, msi->mask = val; } -static int init_msi(struct pci_dev *pdev) +static int cf_check init_msi(struct pci_dev *pdev) { uint8_t slot = PCI_SLOT(pdev->devfn), func = PCI_FUNC(pdev->devfn); unsigned int pos = pci_find_cap_offset(pdev->seg, pdev->bus, slot, func, diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..2ab4079412 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -27,8 +27,8 @@ ((addr) >= vmsix_table_addr(vpci, nr) && \ (addr) < vmsix_table_addr(vpci, nr) + vmsix_table_size(vpci, nr)) -static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check control_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { const struct vpci_msix *msix = data; @@ -65,8 +65,8 @@ static void update_entry(struct vpci_msix_entry *entry, entry->updated = false; } -static void control_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check control_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { struct vpci_msix *msix = data; bool new_masked = val & PCI_MSIX_FLAGS_MASKALL; @@ -156,7 +156,7 @@ static struct vpci_msix *msix_find(const struct domain *d, unsigned long addr) return NULL; } -static int msix_accept(struct vcpu *v, unsigned long addr) +static int cf_check msix_accept(struct vcpu *v, unsigned long addr) { return !!msix_find(v->domain, addr); } @@ -182,8 +182,8 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } -static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, - unsigned long *data) +static int cf_check msix_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { const struct domain *d = v->domain; struct vpci_msix *msix = msix_find(d, addr); @@ -259,8 +259,8 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, return X86EMUL_OKAY; } -static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, - unsigned long data) +static int cf_check msix_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) { const struct domain *d = v->domain; struct vpci_msix *msix = msix_find(d, addr); @@ -428,7 +428,7 @@ int vpci_make_msix_hole(const struct pci_dev *pdev) return 0; } -static int init_msix(struct pci_dev *pdev) +static int cf_check init_msix(struct pci_dev *pdev) { struct domain *d = pdev->domain; uint8_t slot = PCI_SLOT(pdev->devfn), func = PCI_FUNC(pdev->devfn); diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index fb0947179b..f3b32d66cb 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -106,25 +106,25 @@ static int vpci_register_cmp(const struct vpci_register *r1, } /* Dummy hooks, writes are ignored, reads return 1's */ -static uint32_t vpci_ignored_read(const struct pci_dev *pdev, unsigned int reg, - void *data) +static uint32_t cf_check vpci_ignored_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { return ~(uint32_t)0; } -static void vpci_ignored_write(const struct pci_dev *pdev, unsigned int reg, - uint32_t val, void *data) +static void cf_check vpci_ignored_write( + const struct pci_dev *pdev, unsigned int reg, uint32_t val, void *data) { } -uint32_t vpci_hw_read16(const struct pci_dev *pdev, unsigned int reg, - void *data) +uint32_t cf_check vpci_hw_read16( + const struct pci_dev *pdev, unsigned int reg, void *data) { return pci_conf_read16(pdev->sbdf, reg); } -uint32_t vpci_hw_read32(const struct pci_dev *pdev, unsigned int reg, - void *data) +uint32_t cf_check vpci_hw_read32( + const struct pci_dev *pdev, unsigned int reg, void *data) { return pci_conf_read32(pdev->sbdf, reg); } diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index e8ac1eb395..bcad1516ae 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -46,10 +46,10 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, uint32_t data); /* Passthrough handlers. */ -uint32_t vpci_hw_read16(const struct pci_dev *pdev, unsigned int reg, - void *data); -uint32_t vpci_hw_read32(const struct pci_dev *pdev, unsigned int reg, - void *data); +uint32_t cf_check vpci_hw_read16( + const struct pci_dev *pdev, unsigned int reg, void *data); +uint32_t cf_check vpci_hw_read32( + const struct pci_dev *pdev, unsigned int reg, void *data); /* * Check for pending vPCI operations on this vcpu. Returns true if the vcpu -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277992.474922 (Exim 4.92) (envelope-from ) id 1nN9nC-00044l-Kv; Thu, 24 Feb 2022 08:48:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277992.474922; Thu, 24 Feb 2022 08:48:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nC-00044d-Hm; Thu, 24 Feb 2022 08:48:06 +0000 Received: by outflank-mailman (input) for mailman id 277992; Thu, 24 Feb 2022 08:48:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nB-00044J-GS for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nB-00011o-Fl for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9nB-0005Su-F7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WfaQ0AUXSlQDVx7cChif+/2+hRb9UFLrWInFFy2DyBA=; b=Wk6QEXrEchevB9ipM/Afg2cxde CBJ+vhvdBlciusl5otwTMd0jHbgIMTUt1uatHSkWm4UUZIyqJTJWo6igDlOm0qRdOVGc0KzqVJvJh hRoJncCSE4QYBpof9HogPDB3Cj0QZl81LwXFbwgL60+KgcFVJYTEEIaayNYfoQsmPH9U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/decompress: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:48:05 +0000 commit b22f4b696d3e7b811ed976add0b92f72b590dec1 Author: Andrew Cooper AuthorDate: Fri Oct 29 20:57:23 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/decompress: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/bunzip2.c | 2 +- xen/common/decompress.c | 2 +- xen/common/unlzma.c | 2 +- xen/common/zstd/zstd_common.c | 4 ++-- xen/common/zstd/zstd_internal.h | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c index 2087cfbbed..782b589a8b 100644 --- a/xen/common/bunzip2.c +++ b/xen/common/bunzip2.c @@ -607,7 +607,7 @@ decode_next_byte: goto decode_next_byte; } -static int __init nofill(void *buf, unsigned int len) +static int __init cf_check nofill(void *buf, unsigned int len) { return -1; } diff --git a/xen/common/decompress.c b/xen/common/decompress.c index 79e60f4802..989336983f 100644 --- a/xen/common/decompress.c +++ b/xen/common/decompress.c @@ -3,7 +3,7 @@ #include #include -static void __init error(const char *msg) +static void __init cf_check error(const char *msg) { printk("%s\n", msg); } diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c index d0ef78eef0..6cd99023ad 100644 --- a/xen/common/unlzma.c +++ b/xen/common/unlzma.c @@ -76,7 +76,7 @@ struct rc { #define RC_MODEL_TOTAL_BITS 11 -static int __init nofill(void *buffer, unsigned int len) +static int __init cf_check nofill(void *buffer, unsigned int len) { return -1; } diff --git a/xen/common/zstd/zstd_common.c b/xen/common/zstd/zstd_common.c index 9a85e938cd..5c44e5db76 100644 --- a/xen/common/zstd/zstd_common.c +++ b/xen/common/zstd/zstd_common.c @@ -54,12 +54,12 @@ void *__init ZSTD_stackAllocAll(void *opaque, size_t *size) return stack_push(stack, *size); } -void *__init ZSTD_stackAlloc(void *opaque, size_t size) +void *__init cf_check ZSTD_stackAlloc(void *opaque, size_t size) { ZSTD_stack *stack = (ZSTD_stack *)opaque; return stack_push(stack, size); } -void __init ZSTD_stackFree(void *opaque, void *address) +void __init cf_check ZSTD_stackFree(void *opaque, void *address) { (void)opaque; (void)address; diff --git a/xen/common/zstd/zstd_internal.h b/xen/common/zstd/zstd_internal.h index b7dd14f6ce..94f8c58622 100644 --- a/xen/common/zstd/zstd_internal.h +++ b/xen/common/zstd/zstd_internal.h @@ -351,8 +351,8 @@ typedef struct { ZSTD_customMem ZSTD_initStack(void *workspace, size_t workspaceSize); void *ZSTD_stackAllocAll(void *opaque, size_t *size); -void *ZSTD_stackAlloc(void *opaque, size_t size); -void ZSTD_stackFree(void *opaque, void *address); +void *cf_check ZSTD_stackAlloc(void *opaque, size_t size); +void cf_check ZSTD_stackFree(void *opaque, void *address); /*====== common function ======*/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277994.474926 (Exim 4.92) (envelope-from ) id 1nN9nM-00049J-MO; Thu, 24 Feb 2022 08:48:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277994.474926; Thu, 24 Feb 2022 08:48:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nM-00049B-JI; Thu, 24 Feb 2022 08:48:16 +0000 Received: by outflank-mailman (input) for mailman id 277994; Thu, 24 Feb 2022 08:48:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nL-00048y-K2 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nL-000121-JG for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9nL-0005TW-Ib for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E+3DiTRs9I7WJXlojrp37SWlj1HF/px4Q1wYIdIOdqQ=; b=GT1IZ3hFe3ypxFlvcZ3O2MmZKb q2MLEFGKuf1//iXVzuFv+WnqkR3tUMcF/49CRzP8stttC0GKIX0bFqmCllLvDUPC0tZMEAqkc9jdJ 1d8TJcvc+VEpKfzlrGaAEe6lChGxokZ7s2ZomfhC/1vKn525oY+JekRMFwJDpVWO3/b8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/iommu: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:48:15 +0000 commit 991a06d71a73cae097a55e60f38c2ae38ef36e10 Author: Andrew Cooper AuthorDate: Fri Oct 29 18:30:29 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/iommu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. AMD's parse_ppr_log_entry() has no external callers, so becomes static. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/compat/memory.c | 4 +- xen/drivers/passthrough/amd/iommu.h | 41 ++++++++-------- xen/drivers/passthrough/amd/iommu_init.c | 22 ++++----- xen/drivers/passthrough/amd/iommu_intr.c | 18 +++---- xen/drivers/passthrough/amd/iommu_map.c | 22 +++++---- xen/drivers/passthrough/amd/pci_amd_iommu.c | 32 ++++++------- xen/drivers/passthrough/pci.c | 7 +-- xen/drivers/passthrough/vtd/dmar.c | 3 +- xen/drivers/passthrough/vtd/extern.h | 36 +++++++------- xen/drivers/passthrough/vtd/intremap.c | 14 +++--- xen/drivers/passthrough/vtd/iommu.c | 73 +++++++++++++++-------------- xen/drivers/passthrough/vtd/qinval.c | 28 +++++------ 12 files changed, 152 insertions(+), 148 deletions(-) diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index ec8ba54bb6..077ded4a75 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -23,8 +23,8 @@ struct get_reserved_device_memory { unsigned int used_entries; }; -static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, - u32 id, void *ctxt) +static int cf_check get_reserved_device_memory( + xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 99be9aafcc..03811fedea 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -236,25 +236,26 @@ int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); int cf_check iov_adjust_irq_affinities(void); -int amd_iommu_quarantine_init(struct domain *d); +int cf_check amd_iommu_quarantine_init(struct domain *d); /* mapping functions */ -int __must_check amd_iommu_map_page(struct domain *d, dfn_t dfn, - mfn_t mfn, unsigned int flags, - unsigned int *flush_flags); -int __must_check amd_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags); +int __must_check cf_check amd_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags); +int __must_check cf_check amd_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags); int __must_check amd_iommu_alloc_root(struct domain *d); int amd_iommu_reserve_domain_unity_map(struct domain *domain, const struct ivrs_unity_map *map, unsigned int flag); int amd_iommu_reserve_domain_unity_unmap(struct domain *d, const struct ivrs_unity_map *map); -int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); -int __must_check amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags); -int __must_check amd_iommu_flush_iotlb_all(struct domain *d); +int cf_check amd_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt); +int __must_check cf_check amd_iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags); +int __must_check cf_check amd_iommu_flush_iotlb_all(struct domain *d); /* device table functions */ int get_dma_requestor_id(uint16_t seg, uint16_t bdf); @@ -282,21 +283,21 @@ void amd_iommu_flush_all_caches(struct amd_iommu *iommu); struct amd_iommu *find_iommu_for_device(int seg, int bdf); /* interrupt remapping */ -bool iov_supports_xt(void); +bool cf_check iov_supports_xt(void); int amd_iommu_setup_ioapic_remapping(void); void *amd_iommu_alloc_intremap_table( const struct amd_iommu *, unsigned long **, unsigned int nr); -int amd_iommu_free_intremap_table( +int cf_check amd_iommu_free_intremap_table( const struct amd_iommu *, struct ivrs_mappings *, uint16_t); unsigned int amd_iommu_intremap_table_order( const void *irt, const struct amd_iommu *iommu); -void amd_iommu_ioapic_update_ire( +void cf_check amd_iommu_ioapic_update_ire( unsigned int apic, unsigned int reg, unsigned int value); -unsigned int amd_iommu_read_ioapic_from_ire( +unsigned int cf_check amd_iommu_read_ioapic_from_ire( unsigned int apic, unsigned int reg); -int amd_iommu_msi_msg_update_ire( +int cf_check amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg); -int amd_setup_hpet_msi(struct msi_desc *msi_desc); +int cf_check amd_setup_hpet_msi(struct msi_desc *msi_desc); void cf_check amd_iommu_dump_intremap_tables(unsigned char key); extern struct ioapic_sbdf { @@ -327,9 +328,9 @@ extern void *shared_intremap_table; extern unsigned long *shared_intremap_inuse; /* power management support */ -void amd_iommu_resume(void); -int __must_check amd_iommu_suspend(void); -void amd_iommu_crash_shutdown(void); +void cf_check amd_iommu_resume(void); +int __must_check cf_check amd_iommu_suspend(void); +void cf_check amd_iommu_crash_shutdown(void); /* guest iommu support */ #ifdef CONFIG_HVM diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 34a9e49f1c..06b4d2b1fe 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -258,8 +258,8 @@ static void register_iommu_exclusion_range(struct amd_iommu *iommu) writel(entry, iommu->mmio_base+IOMMU_EXCLUSION_BASE_LOW_OFFSET); } -static void set_iommu_event_log_control(struct amd_iommu *iommu, - bool enable) +static void cf_check set_iommu_event_log_control( + struct amd_iommu *iommu, bool enable) { /* Reset head and tail pointer manually before enablement */ if ( enable ) @@ -275,8 +275,8 @@ static void set_iommu_event_log_control(struct amd_iommu *iommu, writeq(iommu->ctrl.raw, iommu->mmio_base + IOMMU_CONTROL_MMIO_OFFSET); } -static void set_iommu_ppr_log_control(struct amd_iommu *iommu, - bool enable) +static void cf_check set_iommu_ppr_log_control( + struct amd_iommu *iommu, bool enable) { /* Reset head and tail pointer manually before enablement */ if ( enable ) @@ -527,7 +527,7 @@ static hw_irq_controller iommu_x2apic_type = { .set_affinity = set_x2apic_affinity, }; -static void parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) +static void cf_check parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) { u32 code; static const char *const event_str[] = { @@ -628,7 +628,7 @@ static void iommu_check_event_log(struct amd_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } -void parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) +static void cf_check parse_ppr_log_entry(struct amd_iommu *iommu, u32 entry[]) { u16 device_id; @@ -1243,7 +1243,7 @@ static int __init alloc_ivrs_mappings(u16 seg) return 0; } -static int __init amd_iommu_setup_device_table( +static int __init cf_check amd_iommu_setup_device_table( u16 seg, struct ivrs_mappings *ivrs_mappings) { struct amd_iommu_dte *dt = IVRS_MAPPINGS_DEVTAB(ivrs_mappings); @@ -1543,7 +1543,7 @@ static void invalidate_all_domain_pages(void) amd_iommu_flush_all_pages(d); } -static int _invalidate_all_devices( +static int cf_check _invalidate_all_devices( u16 seg, struct ivrs_mappings *ivrs_mappings) { unsigned int bdf; @@ -1569,14 +1569,14 @@ static void invalidate_all_devices(void) iterate_ivrs_mappings(_invalidate_all_devices); } -int amd_iommu_suspend(void) +int cf_check amd_iommu_suspend(void) { amd_iommu_crash_shutdown(); return 0; } -void amd_iommu_crash_shutdown(void) +void cf_check amd_iommu_crash_shutdown(void) { struct amd_iommu *iommu; @@ -1584,7 +1584,7 @@ void amd_iommu_crash_shutdown(void) disable_iommu(iommu); } -void amd_iommu_resume(void) +void cf_check amd_iommu_resume(void) { struct amd_iommu *iommu; diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index e7804413c7..cebf9ceca7 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -349,7 +349,7 @@ static int update_intremap_entry_from_ioapic( return 0; } -void amd_iommu_ioapic_update_ire( +void cf_check amd_iommu_ioapic_update_ire( unsigned int apic, unsigned int reg, unsigned int value) { struct IO_APIC_route_entry old_rte = { 0 }; @@ -455,7 +455,7 @@ void amd_iommu_ioapic_update_ire( } } -unsigned int amd_iommu_read_ioapic_from_ire( +unsigned int cf_check amd_iommu_read_ioapic_from_ire( unsigned int apic, unsigned int reg) { unsigned int idx; @@ -608,7 +608,7 @@ static struct amd_iommu *_find_iommu_for_device(int seg, int bdf) return ERR_PTR(-EINVAL); } -int amd_iommu_msi_msg_update_ire( +int cf_check amd_iommu_msi_msg_update_ire( struct msi_desc *msi_desc, struct msi_msg *msg) { struct pci_dev *pdev = msi_desc->dev; @@ -653,7 +653,7 @@ int amd_iommu_msi_msg_update_ire( return rc; } -int amd_iommu_free_intremap_table( +int cf_check amd_iommu_free_intremap_table( const struct amd_iommu *iommu, struct ivrs_mappings *ivrs_mapping, uint16_t bdf) { @@ -727,7 +727,7 @@ void *amd_iommu_alloc_intremap_table( return tb; } -bool __init iov_supports_xt(void) +bool __init cf_check iov_supports_xt(void) { unsigned int apic; @@ -756,7 +756,7 @@ bool __init iov_supports_xt(void) return true; } -int __init amd_setup_hpet_msi(struct msi_desc *msi_desc) +int __init cf_check amd_setup_hpet_msi(struct msi_desc *msi_desc) { const struct amd_iommu *iommu; spinlock_t *lock; @@ -826,9 +826,9 @@ static void dump_intremap_table(const struct amd_iommu *iommu, } } -static int dump_intremap_mapping(const struct amd_iommu *iommu, - struct ivrs_mappings *ivrs_mapping, - uint16_t unused) +static int cf_check dump_intremap_mapping( + const struct amd_iommu *iommu, struct ivrs_mappings *ivrs_mapping, + uint16_t unused) { unsigned long flags; diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c index b0330157ea..bf5df5fe5d 100644 --- a/xen/drivers/passthrough/amd/iommu_map.c +++ b/xen/drivers/passthrough/amd/iommu_map.c @@ -276,8 +276,9 @@ static int iommu_pde_from_dfn(struct domain *d, unsigned long dfn, return 0; } -int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, - unsigned int flags, unsigned int *flush_flags) +int cf_check amd_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); int rc; @@ -326,8 +327,8 @@ int amd_iommu_map_page(struct domain *d, dfn_t dfn, mfn_t mfn, return 0; } -int amd_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags) +int cf_check amd_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags) { unsigned long pt_mfn = 0; struct domain_iommu *hd = dom_iommu(d); @@ -370,9 +371,9 @@ static unsigned long flush_count(unsigned long dfn, unsigned long page_count, return end - start; } -int amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags) +int cf_check amd_iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags) { unsigned long dfn_l = dfn_x(dfn); @@ -410,7 +411,7 @@ int amd_iommu_flush_iotlb_pages(struct domain *d, dfn_t dfn, return 0; } -int amd_iommu_flush_iotlb_all(struct domain *d) +int cf_check amd_iommu_flush_iotlb_all(struct domain *d) { amd_iommu_flush_all_pages(d); @@ -462,7 +463,8 @@ int amd_iommu_reserve_domain_unity_unmap(struct domain *d, return rc; } -int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) +int cf_check amd_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt) { unsigned int seg = 0 /* XXX */, bdf; const struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); @@ -537,7 +539,7 @@ int amd_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) return 0; } -int __init amd_iommu_quarantine_init(struct domain *d) +int __init cf_check amd_iommu_quarantine_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); unsigned long end_gfn = diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 9642bba43a..e57f555d00 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -197,7 +197,7 @@ int __init acpi_ivrs_init(void) return 0; } -static int __init iov_detect(void) +static int __init cf_check iov_detect(void) { if ( !iommu_enable && !iommu_intremap ) return 0; @@ -217,7 +217,7 @@ static int __init iov_detect(void) return 0; } -static int iov_enable_xt(void) +static int cf_check iov_enable_xt(void) { int rc; @@ -253,7 +253,7 @@ int amd_iommu_alloc_root(struct domain *d) unsigned int __read_mostly amd_iommu_max_paging_mode = 6; int __read_mostly amd_iommu_min_paging_mode = 1; -static int amd_iommu_domain_init(struct domain *d) +static int cf_check amd_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -275,9 +275,9 @@ static int amd_iommu_domain_init(struct domain *d) return 0; } -static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev); +static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev); -static void __hwdom_init amd_iommu_hwdom_init(struct domain *d) +static void __hwdom_init cf_check amd_iommu_hwdom_init(struct domain *d) { const struct amd_iommu *iommu; @@ -350,8 +350,9 @@ static void amd_iommu_disable_domain_device(const struct domain *domain, spin_unlock_irqrestore(&iommu->lock, flags); } -static int reassign_device(struct domain *source, struct domain *target, - u8 devfn, struct pci_dev *pdev) +static int cf_check reassign_device( + struct domain *source, struct domain *target, u8 devfn, + struct pci_dev *pdev) { struct amd_iommu *iommu; int bdf, rc; @@ -404,9 +405,8 @@ static int reassign_device(struct domain *source, struct domain *target, return 0; } -static int amd_iommu_assign_device(struct domain *d, u8 devfn, - struct pci_dev *pdev, - u32 flag) +static int cf_check amd_iommu_assign_device( + struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(pdev->seg); int bdf = PCI_BDF2(pdev->bus, devfn); @@ -435,7 +435,7 @@ static int amd_iommu_assign_device(struct domain *d, u8 devfn, return rc; } -static void amd_iommu_clear_root_pgtable(struct domain *d) +static void cf_check amd_iommu_clear_root_pgtable(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -444,13 +444,13 @@ static void amd_iommu_clear_root_pgtable(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } -static void amd_iommu_domain_destroy(struct domain *d) +static void cf_check amd_iommu_domain_destroy(struct domain *d) { iommu_identity_map_teardown(d); ASSERT(!dom_iommu(d)->arch.amd.root_table); } -static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) +static int cf_check amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; @@ -525,7 +525,7 @@ static int amd_iommu_add_device(u8 devfn, struct pci_dev *pdev) return amd_iommu_setup_domain_device(pdev->domain, iommu, devfn, pdev); } -static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) +static int cf_check amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct amd_iommu *iommu; u16 bdf; @@ -562,7 +562,7 @@ static int amd_iommu_remove_device(u8 devfn, struct pci_dev *pdev) return 0; } -static int amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) +static int cf_check amd_iommu_group_id(u16 seg, u8 bus, u8 devfn) { int bdf = PCI_BDF2(bus, devfn); @@ -616,7 +616,7 @@ static void amd_dump_page_table_level(struct page_info *pg, int level, unmap_domain_page(table_vaddr); } -static void amd_dump_page_tables(struct domain *d) +static void cf_check amd_dump_page_tables(struct domain *d) { const struct domain_iommu *hd = dom_iommu(d); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 18af4e5088..22cb3872c2 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -1098,7 +1098,7 @@ void pci_check_disable_device(u16 seg, u8 bus, u8 devfn) * scan pci devices to add all existed PCI devices to alldevs_list, * and setup pci hierarchy in array bus2bridge. */ -static int __init _scan_pci_devices(struct pci_seg *pseg, void *arg) +static int __init cf_check _scan_pci_devices(struct pci_seg *pseg, void *arg) { struct pci_dev *pdev; int bus, dev, func; @@ -1176,7 +1176,8 @@ static void __hwdom_init setup_one_hwdom_device(const struct setup_hwdom *ctxt, ctxt->d->domain_id, err); } -static int __hwdom_init _setup_hwdom_pci_devices(struct pci_seg *pseg, void *arg) +static int __hwdom_init cf_check _setup_hwdom_pci_devices( + struct pci_seg *pseg, void *arg) { struct setup_hwdom *ctxt = arg; int bus, devfn; @@ -1333,7 +1334,7 @@ bool_t pcie_aer_get_firmware_first(const struct pci_dev *pdev) } #endif -static int _dump_pci_devices(struct pci_seg *pseg, void *arg) +static int cf_check _dump_pci_devices(struct pci_seg *pseg, void *arg) { struct pci_dev *pdev; diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index b8e91f5be1..63f8642e12 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -1046,7 +1046,8 @@ bool_t __init platform_supports_x2apic(void) return cpu_has_x2apic && ((dmar_flags & mask) == ACPI_DMAR_INTR_REMAP); } -int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt) +int cf_check intel_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt) { struct acpi_rmrr_unit *rmrr, *rmrr_cur = NULL; unsigned int i; diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h index ccf8df7be4..e6535548e1 100644 --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -33,9 +33,9 @@ void print_iommu_regs(struct acpi_drhd_unit *drhd); void print_vtd_entries(struct vtd_iommu *iommu, int bus, int devfn, u64 gmfn); keyhandler_fn_t cf_check vtd_dump_iommu_info; -bool intel_iommu_supports_eim(void); -int intel_iommu_enable_eim(void); -void intel_iommu_disable_eim(void); +bool cf_check intel_iommu_supports_eim(void); +int cf_check intel_iommu_enable_eim(void); +void cf_check intel_iommu_disable_eim(void); int enable_qinval(struct vtd_iommu *iommu); void disable_qinval(struct vtd_iommu *iommu); @@ -51,15 +51,13 @@ int iommu_flush_iec_global(struct vtd_iommu *iommu); int iommu_flush_iec_index(struct vtd_iommu *iommu, u8 im, u16 iidx); void clear_fault_bits(struct vtd_iommu *iommu); -int __must_check vtd_flush_context_reg(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, - uint8_t function_mask, uint64_t type, - bool flush_non_present_entry); -int __must_check vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, - uint64_t addr, unsigned int size_order, - uint64_t type, - bool flush_non_present_entry, - bool flush_dev_iotlb); +int __must_check cf_check vtd_flush_context_reg( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry); +int __must_check cf_check vtd_flush_iotlb_reg( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb); struct vtd_iommu *ioapic_to_iommu(unsigned int apic_id); struct vtd_iommu *hpet_to_iommu(unsigned int hpet_id); @@ -86,17 +84,19 @@ int domain_context_mapping_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn, const struct pci_dev *); int domain_context_unmap_one(struct domain *domain, struct vtd_iommu *iommu, u8 bus, u8 devfn); -int intel_iommu_get_reserved_device_memory(iommu_grdm_t *func, void *ctxt); +int cf_check intel_iommu_get_reserved_device_memory( + iommu_grdm_t *func, void *ctxt); -unsigned int io_apic_read_remap_rte(unsigned int apic, unsigned int reg); -void io_apic_write_remap_rte(unsigned int apic, - unsigned int reg, unsigned int value); +unsigned int cf_check io_apic_read_remap_rte( + unsigned int apic, unsigned int reg); +void cf_check io_apic_write_remap_rte( + unsigned int apic, unsigned int reg, unsigned int value); struct msi_desc; struct msi_msg; -int msi_msg_write_remap_rte(struct msi_desc *, struct msi_msg *); +int cf_check msi_msg_write_remap_rte(struct msi_desc *, struct msi_msg *); -int intel_setup_hpet_msi(struct msi_desc *); +int cf_check intel_setup_hpet_msi(struct msi_desc *); int is_igd_vt_enabled_quirk(void); bool is_azalia_tlb_enabled(const struct acpi_drhd_unit *); diff --git a/xen/drivers/passthrough/vtd/intremap.c b/xen/drivers/passthrough/vtd/intremap.c index 01152f2006..e6ba89591b 100644 --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -142,7 +142,7 @@ static void set_hpet_source_id(unsigned int id, struct iremap_entry *ire) set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_13_IGNORE_3, hpetid_to_bdf(id)); } -bool __init intel_iommu_supports_eim(void) +bool __init cf_check intel_iommu_supports_eim(void) { struct acpi_drhd_unit *drhd; unsigned int apic; @@ -414,7 +414,7 @@ static int ioapic_rte_to_remap_entry(struct vtd_iommu *iommu, return 0; } -unsigned int io_apic_read_remap_rte( +unsigned int cf_check io_apic_read_remap_rte( unsigned int apic, unsigned int reg) { unsigned int ioapic_pin = (reg - 0x10) / 2; @@ -438,7 +438,7 @@ unsigned int io_apic_read_remap_rte( return (*(((u32 *)&old_rte) + 0)); } -void io_apic_write_remap_rte( +void cf_check io_apic_write_remap_rte( unsigned int apic, unsigned int reg, unsigned int value) { unsigned int ioapic_pin = (reg - 0x10) / 2; @@ -639,7 +639,7 @@ static int msi_msg_to_remap_entry( return 0; } -int msi_msg_write_remap_rte( +int cf_check msi_msg_write_remap_rte( struct msi_desc *msi_desc, struct msi_msg *msg) { struct pci_dev *pdev = msi_desc->dev; @@ -651,7 +651,7 @@ int msi_msg_write_remap_rte( : -EINVAL; } -int __init intel_setup_hpet_msi(struct msi_desc *msi_desc) +int __init cf_check intel_setup_hpet_msi(struct msi_desc *msi_desc) { struct vtd_iommu *iommu = hpet_to_iommu(msi_desc->hpet_id); unsigned long flags; @@ -802,7 +802,7 @@ out: * This function is used to enable Interrupt remapping when * enable x2apic */ -int intel_iommu_enable_eim(void) +int cf_check intel_iommu_enable_eim(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -856,7 +856,7 @@ int intel_iommu_enable_eim(void) * This function is used to disable Interrupt remapping when * suspend local apic */ -void intel_iommu_disable_eim(void) +void cf_check intel_iommu_disable_eim(void) { struct acpi_drhd_unit *drhd; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 42181e12be..1a1cf14785 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -59,7 +59,7 @@ static unsigned int __read_mostly nr_iommus; static struct iommu_ops vtd_ops; static struct tasklet vtd_fault_tasklet; -static int setup_hwdom_device(u8 devfn, struct pci_dev *); +static int cf_check setup_hwdom_device(u8 devfn, struct pci_dev *); static void setup_hwdom_rmrr(struct domain *d); static bool domid_mapping(const struct vtd_iommu *iommu) @@ -426,9 +426,9 @@ static void iommu_flush_write_buffer(struct vtd_iommu *iommu) } /* return value determine if we need a write buffer flush */ -int vtd_flush_context_reg(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, uint8_t function_mask, - uint64_t type, bool flush_non_present_entry) +int cf_check vtd_flush_context_reg( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry) { unsigned long flags; @@ -493,9 +493,10 @@ static int __must_check iommu_flush_context_device(struct vtd_iommu *iommu, } /* return value determine if we need a write buffer flush */ -int vtd_flush_iotlb_reg(struct vtd_iommu *iommu, uint16_t did, uint64_t addr, - unsigned int size_order, uint64_t type, - bool flush_non_present_entry, bool flush_dev_iotlb) +int cf_check vtd_flush_iotlb_reg( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb) { int tlb_offset = ecap_iotlb_offset(iommu->ecap); uint64_t val = type | DMA_TLB_IVT; @@ -704,10 +705,9 @@ static int __must_check iommu_flush_iotlb(struct domain *d, dfn_t dfn, return ret; } -static int __must_check iommu_flush_iotlb_pages(struct domain *d, - dfn_t dfn, - unsigned long page_count, - unsigned int flush_flags) +static int __must_check cf_check iommu_flush_iotlb_pages( + struct domain *d, dfn_t dfn, unsigned long page_count, + unsigned int flush_flags) { ASSERT(page_count && !dfn_eq(dfn, INVALID_DFN)); ASSERT(flush_flags); @@ -716,7 +716,7 @@ static int __must_check iommu_flush_iotlb_pages(struct domain *d, page_count); } -static int __must_check iommu_flush_iotlb_all(struct domain *d) +static int __must_check cf_check iommu_flush_iotlb_all(struct domain *d) { return iommu_flush_iotlb(d, INVALID_DFN, 0, 0); } @@ -1345,7 +1345,7 @@ void __init iommu_free(struct acpi_drhd_unit *drhd) agaw = 64; \ agaw; }) -static int intel_iommu_domain_init(struct domain *d) +static int cf_check intel_iommu_domain_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -1359,7 +1359,7 @@ static int intel_iommu_domain_init(struct domain *d) return 0; } -static void __hwdom_init intel_iommu_hwdom_init(struct domain *d) +static void __hwdom_init cf_check intel_iommu_hwdom_init(struct domain *d) { struct acpi_drhd_unit *drhd; @@ -1808,7 +1808,7 @@ static int domain_context_unmap(struct domain *domain, u8 devfn, return ret; } -static void iommu_clear_root_pgtable(struct domain *d) +static void cf_check iommu_clear_root_pgtable(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); @@ -1817,7 +1817,7 @@ static void iommu_clear_root_pgtable(struct domain *d) spin_unlock(&hd->arch.mapping_lock); } -static void iommu_domain_teardown(struct domain *d) +static void cf_check iommu_domain_teardown(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); const struct acpi_drhd_unit *drhd; @@ -1835,9 +1835,9 @@ static void iommu_domain_teardown(struct domain *d) XFREE(hd->arch.vtd.iommu_bitmap); } -static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, - mfn_t mfn, unsigned int flags, - unsigned int *flush_flags) +static int __must_check cf_check intel_iommu_map_page( + struct domain *d, dfn_t dfn, mfn_t mfn, unsigned int flags, + unsigned int *flush_flags) { struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, *pte, old, new = {}; @@ -1906,8 +1906,8 @@ static int __must_check intel_iommu_map_page(struct domain *d, dfn_t dfn, return rc; } -static int __must_check intel_iommu_unmap_page(struct domain *d, dfn_t dfn, - unsigned int *flush_flags) +static int __must_check cf_check intel_iommu_unmap_page( + struct domain *d, dfn_t dfn, unsigned int *flush_flags) { /* Do nothing if VT-d shares EPT page table */ if ( iommu_use_hap_pt(d) ) @@ -1922,8 +1922,8 @@ static int __must_check intel_iommu_unmap_page(struct domain *d, dfn_t dfn, return 0; } -static int intel_iommu_lookup_page(struct domain *d, dfn_t dfn, mfn_t *mfn, - unsigned int *flags) +static int cf_check intel_iommu_lookup_page( + struct domain *d, dfn_t dfn, mfn_t *mfn, unsigned int *flags) { struct domain_iommu *hd = dom_iommu(d); struct dma_pte *page, val; @@ -1975,7 +1975,7 @@ static int __init vtd_ept_page_compatible(struct vtd_iommu *iommu) (ept_has_1gb(ept_cap) && opt_hap_1gb) <= cap_sps_1gb(vtd_cap); } -static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) +static int cf_check intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; @@ -2018,7 +2018,7 @@ static int intel_iommu_add_device(u8 devfn, struct pci_dev *pdev) return 0; } -static int intel_iommu_enable_device(struct pci_dev *pdev) +static int cf_check intel_iommu_enable_device(struct pci_dev *pdev) { struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev); int ret = drhd ? ats_device(pdev, drhd) : -ENODEV; @@ -2033,7 +2033,7 @@ static int intel_iommu_enable_device(struct pci_dev *pdev) return ret >= 0 ? 0 : ret; } -static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) +static int cf_check intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) { struct acpi_rmrr_unit *rmrr; u16 bdf; @@ -2060,7 +2060,8 @@ static int intel_iommu_remove_device(u8 devfn, struct pci_dev *pdev) return domain_context_unmap(pdev->domain, devfn, pdev); } -static int __hwdom_init setup_hwdom_device(u8 devfn, struct pci_dev *pdev) +static int __hwdom_init cf_check setup_hwdom_device( + u8 devfn, struct pci_dev *pdev) { return domain_context_mapping(pdev->domain, devfn, pdev); } @@ -2266,7 +2267,7 @@ static struct iommu_state { uint32_t fectl; } *__read_mostly iommu_state; -static int __init vtd_setup(void) +static int __init cf_check vtd_setup(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2401,7 +2402,7 @@ static int __init vtd_setup(void) return ret; } -static int reassign_device_ownership( +static int cf_check reassign_device_ownership( struct domain *source, struct domain *target, u8 devfn, struct pci_dev *pdev) @@ -2479,7 +2480,7 @@ static int reassign_device_ownership( return ret; } -static int intel_iommu_assign_device( +static int cf_check intel_iommu_assign_device( struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { struct domain *s = pdev->domain; @@ -2561,7 +2562,7 @@ static int intel_iommu_assign_device( return ret; } -static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) +static int cf_check intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) { u8 secbus; @@ -2571,7 +2572,7 @@ static int intel_iommu_group_id(u16 seg, u8 bus, u8 devfn) return PCI_BDF2(bus, devfn); } -static int __must_check vtd_suspend(void) +static int __must_check cf_check vtd_suspend(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2614,7 +2615,7 @@ static int __must_check vtd_suspend(void) return 0; } -static void vtd_crash_shutdown(void) +static void cf_check vtd_crash_shutdown(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2635,7 +2636,7 @@ static void vtd_crash_shutdown(void) } } -static void vtd_resume(void) +static void cf_check vtd_resume(void) { struct acpi_drhd_unit *drhd; struct vtd_iommu *iommu; @@ -2713,7 +2714,7 @@ static void vtd_dump_page_table_level(paddr_t pt_maddr, int level, paddr_t gpa, unmap_vtd_domain_page(pt_vaddr); } -static void vtd_dump_page_tables(struct domain *d) +static void cf_check vtd_dump_page_tables(struct domain *d) { const struct domain_iommu *hd = dom_iommu(d); @@ -2723,7 +2724,7 @@ static void vtd_dump_page_tables(struct domain *d) agaw_to_level(hd->arch.vtd.agaw), 0, 0); } -static int __init intel_iommu_quarantine_init(struct domain *d) +static int __init cf_check intel_iommu_quarantine_init(struct domain *d) { struct domain_iommu *hd = dom_iommu(d); struct page_info *pg; diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index 9f291f47e5..beeb65f0de 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -322,9 +322,9 @@ int iommu_flush_iec_index(struct vtd_iommu *iommu, u8 im, u16 iidx) return queue_invalidate_iec_sync(iommu, IEC_INDEX_INVL, im, iidx); } -static int __must_check flush_context_qi(struct vtd_iommu *iommu, u16 did, - u16 sid, u8 fm, u64 type, - bool flush_non_present_entry) +static int __must_check cf_check flush_context_qi( + struct vtd_iommu *iommu, u16 did, u16 sid, u8 fm, u64 type, + bool flush_non_present_entry) { ASSERT(iommu->qinval_maddr); @@ -346,11 +346,9 @@ static int __must_check flush_context_qi(struct vtd_iommu *iommu, u16 did, type >> DMA_CCMD_INVL_GRANU_OFFSET); } -static int __must_check flush_iotlb_qi(struct vtd_iommu *iommu, u16 did, - u64 addr, - unsigned int size_order, u64 type, - bool flush_non_present_entry, - bool flush_dev_iotlb) +static int __must_check cf_check flush_iotlb_qi( + struct vtd_iommu *iommu, u16 did, u64 addr, unsigned int size_order, + u64 type, bool flush_non_present_entry, bool flush_dev_iotlb) { u8 dr = 0, dw = 0; int ret = 0, rc; @@ -461,18 +459,18 @@ int enable_qinval(struct vtd_iommu *iommu) return 0; } -static int vtd_flush_context_noop(struct vtd_iommu *iommu, uint16_t did, - uint16_t source_id, uint8_t function_mask, - uint64_t type, bool flush_non_present_entry) +static int cf_check vtd_flush_context_noop( + struct vtd_iommu *iommu, uint16_t did, uint16_t source_id, + uint8_t function_mask, uint64_t type, bool flush_non_present_entry) { WARN(); return -EIO; } -static int vtd_flush_iotlb_noop(struct vtd_iommu *iommu, uint16_t did, - uint64_t addr, unsigned int size_order, - uint64_t type, bool flush_non_present_entry, - bool flush_dev_iotlb) +static int cf_check vtd_flush_iotlb_noop( + struct vtd_iommu *iommu, uint16_t did, uint64_t addr, + unsigned int size_order, uint64_t type, bool flush_non_present_entry, + bool flush_dev_iotlb) { WARN(); return -EIO; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277995.474930 (Exim 4.92) (envelope-from ) id 1nN9nW-0004D3-PH; Thu, 24 Feb 2022 08:48:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277995.474930; Thu, 24 Feb 2022 08:48:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nW-0004Cv-MS; Thu, 24 Feb 2022 08:48:26 +0000 Received: by outflank-mailman (input) for mailman id 277995; Thu, 24 Feb 2022 08:48:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nV-0004Ci-Mq for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nV-00012B-MD for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9nV-0005UC-LY for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xdoMsH6nAx6pZ4YmaobiuG1sScstfLAk9TdtcysXY3U=; b=TG2akpPx6F/3u5yrOLyom0NjgS OhIN9s3Vrlms2RM5aVMXlQAAz4bBxsgsdrTFaPl38SJkS7cozFfjSCqLoBLkIIJpb6SYkFftWuYSX KAoB8TsSlUWyGdN2DMwuZZLf6htOk0f5TGYIFhlnQJzP+UEtuenNv50Bywyr7+5qSj9E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/video: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:48:25 +0000 commit 17a69ac9d1e59fda240f996a27440d324bf020f8 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:41:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/video: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/video/lfb.c | 4 ++-- xen/drivers/video/lfb.h | 4 ++-- xen/drivers/video/vesa.c | 4 ++-- xen/drivers/video/vga.c | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/drivers/video/lfb.c b/xen/drivers/video/lfb.c index 9254b5e902..a6fb837974 100644 --- a/xen/drivers/video/lfb.c +++ b/xen/drivers/video/lfb.c @@ -53,7 +53,7 @@ static void lfb_show_line( } /* Fast mode which redraws all modified parts of a 2D text buffer. */ -void lfb_redraw_puts(const char *s, size_t nr) +void cf_check lfb_redraw_puts(const char *s, size_t nr) { unsigned int i, min_redraw_y = lfb.ypos; @@ -98,7 +98,7 @@ void lfb_redraw_puts(const char *s, size_t nr) } /* Slower line-based scroll mode which interacts better with dom0. */ -void lfb_scroll_puts(const char *s, size_t nr) +void cf_check lfb_scroll_puts(const char *s, size_t nr) { unsigned int i; diff --git a/xen/drivers/video/lfb.h b/xen/drivers/video/lfb.h index e743ccdd6b..42161402d6 100644 --- a/xen/drivers/video/lfb.h +++ b/xen/drivers/video/lfb.h @@ -35,8 +35,8 @@ struct lfb_prop { unsigned int text_rows; }; -void lfb_redraw_puts(const char *s, size_t nr); -void lfb_scroll_puts(const char *s, size_t nr); +void cf_check lfb_redraw_puts(const char *s, size_t nr); +void cf_check lfb_scroll_puts(const char *s, size_t nr); void lfb_carriage_return(void); void lfb_free(void); diff --git a/xen/drivers/video/vesa.c b/xen/drivers/video/vesa.c index c8f81a5cc5..c41f6b8d40 100644 --- a/xen/drivers/video/vesa.c +++ b/xen/drivers/video/vesa.c @@ -17,7 +17,7 @@ #define vlfb_info vga_console_info.u.vesa_lfb -static void lfb_flush(void); +static void cf_check lfb_flush(void); static unsigned char *__read_mostly lfb; static const struct font_desc *__initdata font; @@ -140,7 +140,7 @@ void __init vesa_init(void) video_puts = lfb_redraw_puts; } -static void lfb_flush(void) +static void cf_check lfb_flush(void) { __asm__ __volatile__ ("sfence" : : : "memory"); } diff --git a/xen/drivers/video/vga.c b/xen/drivers/video/vga.c index 5e58f83c97..e624ebff4f 100644 --- a/xen/drivers/video/vga.c +++ b/xen/drivers/video/vga.c @@ -19,8 +19,8 @@ static int vgacon_keep; static unsigned int xpos, ypos; static unsigned char *video; -static void vga_text_puts(const char *s, size_t nr); -static void vga_noop_puts(const char *s, size_t nr) {} +static void cf_check vga_text_puts(const char *s, size_t nr); +static void cf_check vga_noop_puts(const char *s, size_t nr) {} void (*video_puts)(const char *, size_t nr) = vga_noop_puts; /* @@ -179,7 +179,7 @@ void __init video_endboot(void) } } -static void vga_text_puts(const char *s, size_t nr) +static void cf_check vga_text_puts(const char *s, size_t nr) { for ( ; nr > 0; nr--, s++ ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277996.474934 (Exim 4.92) (envelope-from ) id 1nN9ng-0004GA-Qs; Thu, 24 Feb 2022 08:48:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277996.474934; Thu, 24 Feb 2022 08:48:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ng-0004G2-Ny; Thu, 24 Feb 2022 08:48:36 +0000 Received: by outflank-mailman (input) for mailman id 277996; Thu, 24 Feb 2022 08:48:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nf-0004Fn-Q6 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nf-00012M-PO for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9nf-0005Un-Oh for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jEsRiQu+3sI9U5hxKg0f1nWHaF2koCM4kn4l2mZ8OYQ=; b=op8pm/OHZtcRDqgdzmzr4iSEgJ a8t3wkNv9fKh5dMsCl8bTT7xQz1S+7WtrZl0jHk8+/A5DpMMSzlYh2SIsftY584wVsYcmO8w5VN2D ceMTd3rrYxPrUnc4CBJOJmI+fiBQLbWmUDSddWWTtE3u9qOfSbWdDgv1CAYJm5iaX73M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/console: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:48:35 +0000 commit 780c89eefa22514b1a91b959bf7828504c6aed31 Author: Andrew Cooper AuthorDate: Thu Oct 28 14:06:28 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/console: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/char/console.c | 4 ++-- xen/drivers/char/ehci-dbgp.c | 24 +++++++++++++----------- xen/drivers/char/ns16550.c | 26 +++++++++++++------------- 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 380765ab02..d9d6556c22 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -552,7 +552,7 @@ static void __serial_rx(char c, struct cpu_user_regs *regs) #endif } -static void serial_rx(char c, struct cpu_user_regs *regs) +static void cf_check serial_rx(char c, struct cpu_user_regs *regs) { static int switch_code_count = 0; @@ -1286,7 +1286,7 @@ void panic(const char *fmt, ...) * ************************************************************** */ -static void suspend_steal_fn(const char *str, size_t nr) { } +static void cf_check suspend_steal_fn(const char *str, size_t nr) { } static int suspend_steal_id; int console_suspend(void) diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index a6b57fdf2d..e205c0da6a 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1000,13 +1000,15 @@ err: typedef void (*set_debug_port_t)(struct ehci_dbgp *, unsigned int); -static void default_set_debug_port(struct ehci_dbgp *dbgp, unsigned int port) +static void cf_check default_set_debug_port( + struct ehci_dbgp *dbgp, unsigned int port) { } static set_debug_port_t __read_mostly set_debug_port = default_set_debug_port; -static void nvidia_set_debug_port(struct ehci_dbgp *dbgp, unsigned int port) +static void cf_check nvidia_set_debug_port( + struct ehci_dbgp *dbgp, unsigned int port) { uint32_t dword = pci_conf_read32(PCI_SBDF(0, dbgp->bus, dbgp->slot, dbgp->func), 0x74); @@ -1167,7 +1169,7 @@ static inline void _ehci_dbgp_flush(struct ehci_dbgp *dbgp) dbgp->out.chunk = 0; } -static void ehci_dbgp_flush(struct serial_port *port) +static void cf_check ehci_dbgp_flush(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; s_time_t goal; @@ -1196,7 +1198,7 @@ static void ehci_dbgp_flush(struct serial_port *port) set_timer(&dbgp->timer, goal); } -static void ehci_dbgp_putc(struct serial_port *port, char c) +static void cf_check ehci_dbgp_putc(struct serial_port *port, char c) { struct ehci_dbgp *dbgp = port->uart; @@ -1209,7 +1211,7 @@ static void ehci_dbgp_putc(struct serial_port *port, char c) ehci_dbgp_flush(port); } -static int ehci_dbgp_tx_ready(struct serial_port *port) +static int cf_check ehci_dbgp_tx_ready(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1228,7 +1230,7 @@ static int ehci_dbgp_tx_ready(struct serial_port *port) (dbgp->state == dbgp_idle) * DBGP_MAX_PACKET; } -static int ehci_dbgp_getc(struct serial_port *port, char *pc) +static int cf_check ehci_dbgp_getc(struct serial_port *port, char *pc) { struct ehci_dbgp *dbgp = port->uart; @@ -1309,7 +1311,7 @@ static bool_t ehci_dbgp_setup_preirq(struct ehci_dbgp *dbgp) return 0; } -static void __init ehci_dbgp_init_preirq(struct serial_port *port) +static void __init cf_check ehci_dbgp_init_preirq(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; u32 debug_port, offset; @@ -1358,7 +1360,7 @@ static void ehci_dbgp_setup_postirq(struct ehci_dbgp *dbgp) set_timer(&dbgp->timer, NOW() + MILLISECS(1)); } -static void __init ehci_dbgp_init_postirq(struct serial_port *port) +static void __init cf_check ehci_dbgp_init_postirq(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1409,12 +1411,12 @@ static int ehci_dbgp_check_release(struct ehci_dbgp *dbgp) return 0; } -static void __init ehci_dbgp_endboot(struct serial_port *port) +static void __init cf_check ehci_dbgp_endboot(struct serial_port *port) { ehci_dbgp_check_release(port->uart); } -static void ehci_dbgp_suspend(struct serial_port *port) +static void cf_check ehci_dbgp_suspend(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; @@ -1431,7 +1433,7 @@ static void ehci_dbgp_suspend(struct serial_port *port) dbgp->state = dbgp_unsafe; } -static void ehci_dbgp_resume(struct serial_port *port) +static void cf_check ehci_dbgp_resume(struct serial_port *port) { struct ehci_dbgp *dbgp = port->uart; diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 990cad39fe..8df1ee4d5c 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -174,7 +174,7 @@ static void handle_dw_usr_busy_quirk(struct ns16550 *uart) } } -static void ns16550_interrupt( +static void cf_check ns16550_interrupt( int irq, void *dev_id, struct cpu_user_regs *regs) { struct serial_port *port = dev_id; @@ -239,7 +239,7 @@ static void cf_check ns16550_poll(void *data) #endif } -static int ns16550_tx_ready(struct serial_port *port) +static int cf_check ns16550_tx_ready(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -250,13 +250,13 @@ static int ns16550_tx_ready(struct serial_port *port) uart->lsr_mask ) == uart->lsr_mask ) ? uart->fifo_size : 0; } -static void ns16550_putc(struct serial_port *port, char c) +static void cf_check ns16550_putc(struct serial_port *port, char c) { struct ns16550 *uart = port->uart; ns_write_reg(uart, UART_THR, c); } -static int ns16550_getc(struct serial_port *port, char *pc) +static int cf_check ns16550_getc(struct serial_port *port, char *pc) { struct ns16550 *uart = port->uart; @@ -344,7 +344,7 @@ static void ns16550_setup_preirq(struct ns16550 *uart) UART_FCR_ENABLE | UART_FCR_CLRX | UART_FCR_CLTX | UART_FCR_TRG14); } -static void __init ns16550_init_preirq(struct serial_port *port) +static void __init cf_check ns16550_init_preirq(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -373,7 +373,7 @@ static void __init ns16550_init_preirq(struct serial_port *port) uart->fifo_size = 16; } -static void __init ns16550_init_irq(struct serial_port *port) +static void __init cf_check ns16550_init_irq(struct serial_port *port) { #ifdef NS16550_PCI struct ns16550 *uart = port->uart; @@ -399,7 +399,7 @@ static void ns16550_setup_postirq(struct ns16550 *uart) set_timer(&uart->timer, NOW() + MILLISECS(uart->timeout_ms)); } -static void __init ns16550_init_postirq(struct serial_port *port) +static void __init cf_check ns16550_init_postirq(struct serial_port *port) { struct ns16550 *uart = port->uart; int rc, bits; @@ -491,7 +491,7 @@ static void __init ns16550_init_postirq(struct serial_port *port) ns16550_setup_postirq(uart); } -static void ns16550_suspend(struct serial_port *port) +static void cf_check ns16550_suspend(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -543,7 +543,7 @@ static void cf_check ns16550_delayed_resume(void *data) _ns16550_resume(port); } -static void ns16550_resume(struct serial_port *port) +static void cf_check ns16550_resume(struct serial_port *port) { struct ns16550 *uart = port->uart; @@ -569,7 +569,7 @@ static void ns16550_resume(struct serial_port *port) _ns16550_resume(port); } -static void __init ns16550_endboot(struct serial_port *port) +static void __init cf_check ns16550_endboot(struct serial_port *port) { #ifdef CONFIG_HAS_IOPORTS struct ns16550 *uart = port->uart; @@ -583,13 +583,13 @@ static void __init ns16550_endboot(struct serial_port *port) #endif } -static int __init ns16550_irq(struct serial_port *port) +static int __init cf_check ns16550_irq(struct serial_port *port) { struct ns16550 *uart = port->uart; return ((uart->irq > 0) ? uart->irq : -1); } -static void ns16550_start_tx(struct serial_port *port) +static void cf_check ns16550_start_tx(struct serial_port *port) { struct ns16550 *uart = port->uart; u8 ier = ns_read_reg(uart, UART_IER); @@ -599,7 +599,7 @@ static void ns16550_start_tx(struct serial_port *port) ns_write_reg(uart, UART_IER, ier | UART_IER_ETHREI); } -static void ns16550_stop_tx(struct serial_port *port) +static void cf_check ns16550_stop_tx(struct serial_port *port) { struct ns16550 *uart = port->uart; u8 ier = ns_read_reg(uart, UART_IER); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277997.474938 (Exim 4.92) (envelope-from ) id 1nN9nq-0004Ja-Sl; Thu, 24 Feb 2022 08:48:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277997.474938; Thu, 24 Feb 2022 08:48:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9nq-0004JS-PW; Thu, 24 Feb 2022 08:48:46 +0000 Received: by outflank-mailman (input) for mailman id 277997; Thu, 24 Feb 2022 08:48:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9np-0004JG-U2 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9np-00012Z-TG for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9np-0005VM-Sf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BOQ9kMxvSim8YYGyaf2KjmC79oaIdgqGlQRiRTRVYuU=; b=IZDnZkFOSKBMfkKQ/CPQwjAMoq 39HhMzs73sh4J/Ff8p727Bkngqf5rBL+v+iNfvxKlrRMd3vK2NWbcDuXaPmAN3nwboJRoRS1toPLJ PK+UY81ST5SSp32ldZt/Nc0PXC4Y/W5AbhN4vRijqlwpUWC9cIPkhSGsGu2etzzRdK94=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/misc: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:48:45 +0000 commit 66342fb5de2ffa7f26d5cabb4f7524bdb72be8b7 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:02:13 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/misc: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 6 ++++-- xen/arch/x86/setup.c | 4 ++-- xen/common/coverage/gcov.c | 8 ++++---- xen/common/coverage/llvm.c | 7 ++++--- xen/common/domain.c | 2 +- xen/common/gdbstub.c | 5 ++--- xen/common/livepatch.c | 7 +++---- xen/common/memory.c | 4 ++-- xen/common/page_alloc.c | 2 +- xen/common/radix-tree.c | 4 ++-- xen/common/rangeset.c | 2 +- xen/common/spinlock.c | 6 +++--- xen/common/vm_event.c | 6 +++--- xen/common/xmalloc_tlsf.c | 4 ++-- xen/drivers/passthrough/amd/iommu_init.c | 2 +- xen/include/xen/domain.h | 2 +- 16 files changed, 36 insertions(+), 35 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index a1b8737096..0665095d23 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -835,7 +835,8 @@ struct mmio_emul_range_ctxt { unsigned long mfn; }; -static int print_mmio_emul_range(unsigned long s, unsigned long e, void *arg) +static int cf_check print_mmio_emul_range( + unsigned long s, unsigned long e, void *arg) { const struct mmio_emul_range_ctxt *ctxt = arg; @@ -4606,7 +4607,8 @@ static int _handle_iomem_range(unsigned long s, unsigned long e, return 0; } -static int handle_iomem_range(unsigned long s, unsigned long e, void *p) +static int cf_check handle_iomem_range( + unsigned long s, unsigned long e, void *p) { int err = 0; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 3a4ec1fcfd..a9a371336b 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2021,8 +2021,8 @@ int __hwdom_init xen_in_range(unsigned long mfn) return 0; } -static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e, - void *ctx) +static int __hwdom_init cf_check io_bitmap_cb( + unsigned long s, unsigned long e, void *ctx) { struct domain *d = ctx; unsigned int i; diff --git a/xen/common/coverage/gcov.c b/xen/common/coverage/gcov.c index 3cc98728bf..327bf8d646 100644 --- a/xen/common/coverage/gcov.c +++ b/xen/common/coverage/gcov.c @@ -120,7 +120,7 @@ static int gcov_info_dump_payload(const struct gcov_info *info, } -static uint32_t gcov_get_size(void) +static uint32_t cf_check gcov_get_size(void) { uint32_t total_size = sizeof(uint32_t); /* Magic number XCOV */ struct gcov_info *info = NULL; @@ -140,7 +140,7 @@ static uint32_t gcov_get_size(void) return total_size; } -static void gcov_reset_all_counters(void) +static void cf_check gcov_reset_all_counters(void) { struct gcov_info *info = NULL; @@ -172,8 +172,8 @@ static int gcov_dump_one_record(const struct gcov_info *info, return gcov_info_dump_payload(info, buffer, off); } -static int gcov_dump_all(XEN_GUEST_HANDLE_PARAM(char) buffer, - uint32_t *buffer_size) +static int cf_check gcov_dump_all( + XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buffer_size) { uint32_t off; uint32_t magic = XEN_GCOV_FORMAT_MAGIC; diff --git a/xen/common/coverage/llvm.c b/xen/common/coverage/llvm.c index 766c07fd5d..50d7a3c5d3 100644 --- a/xen/common/coverage/llvm.c +++ b/xen/common/coverage/llvm.c @@ -94,18 +94,19 @@ extern uint64_t __stop___llvm_prf_cnts[]; #define START_COUNTERS ((void *)__start___llvm_prf_cnts) #define END_COUNTERS ((void *)__stop___llvm_prf_cnts) -static void reset_counters(void) +static void cf_check reset_counters(void) { memset(START_COUNTERS, 0, END_COUNTERS - START_COUNTERS); } -static uint32_t get_size(void) +static uint32_t cf_check get_size(void) { return ROUNDUP(sizeof(struct llvm_profile_header) + END_DATA - START_DATA + END_COUNTERS - START_COUNTERS + END_NAMES - START_NAMES, 8); } -static int dump(XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buf_size) +static int cf_check dump( + XEN_GUEST_HANDLE_PARAM(char) buffer, uint32_t *buf_size) { struct llvm_profile_header header = { .magic = LLVM_PROFILE_MAGIC, diff --git a/xen/common/domain.c b/xen/common/domain.c index f3d06df76c..351029f8b2 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1803,7 +1803,7 @@ static void cf_check _free_pirq_struct(struct rcu_head *head) xfree(container_of(head, struct pirq, rcu_head)); } -void free_pirq_struct(void *ptr) +void cf_check free_pirq_struct(void *ptr) { struct pirq *pirq = ptr; diff --git a/xen/common/gdbstub.c b/xen/common/gdbstub.c index 079c3ca961..d6872721dc 100644 --- a/xen/common/gdbstub.c +++ b/xen/common/gdbstub.c @@ -69,7 +69,7 @@ static void gdb_smp_resume(void); static char __initdata opt_gdb[30]; string_param("gdb", opt_gdb); -static void gdbstub_console_puts(const char *str, size_t nr); +static void cf_check gdbstub_console_puts(const char *str, size_t nr); /* value <-> char (de)serialzers */ static char @@ -546,8 +546,7 @@ __gdb_ctx = { }; static struct gdb_context *gdb_ctx = &__gdb_ctx; -static void -gdbstub_console_puts(const char *str, size_t nr) +static void cf_check gdbstub_console_puts(const char *str, size_t nr) { const char *p; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index e8714920dc..ec301a9f12 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -157,10 +157,9 @@ unsigned long livepatch_symbols_lookup_by_name(const char *symname) return 0; } -static const char *livepatch_symbols_lookup(unsigned long addr, - unsigned long *symbolsize, - unsigned long *offset, - char *namebuf) +static const char *cf_check livepatch_symbols_lookup( + unsigned long addr, unsigned long *symbolsize, unsigned long *offset, + char *namebuf) { const struct payload *data; unsigned int i, best; diff --git a/xen/common/memory.c b/xen/common/memory.c index ede45c4af9..69b0cd1e50 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1051,8 +1051,8 @@ struct get_reserved_device_memory { unsigned int used_entries; }; -static int get_reserved_device_memory(xen_pfn_t start, xen_ulong_t nr, - u32 id, void *ctxt) +static int cf_check get_reserved_device_memory( + xen_pfn_t start, xen_ulong_t nr, u32 id, void *ctxt) { struct get_reserved_device_memory *grdm = ctxt; uint32_t sbdf = PCI_SBDF3(grdm->map.dev.pci.seg, grdm->map.dev.pci.bus, diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 3caf5c954b..4635718237 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1238,7 +1238,7 @@ struct scrub_wait_state { bool drop; }; -static void scrub_continue(void *data) +static void cf_check scrub_continue(void *data) { struct scrub_wait_state *st = data; diff --git a/xen/common/radix-tree.c b/xen/common/radix-tree.c index 33b47748ae..adc3034222 100644 --- a/xen/common/radix-tree.c +++ b/xen/common/radix-tree.c @@ -52,7 +52,7 @@ struct rcu_node { struct rcu_head rcu_head; }; -static struct radix_tree_node *rcu_node_alloc(void *arg) +static struct radix_tree_node *cf_check rcu_node_alloc(void *arg) { struct rcu_node *rcu_node = xmalloc(struct rcu_node); return rcu_node ? &rcu_node->node : NULL; @@ -65,7 +65,7 @@ static void cf_check _rcu_node_free(struct rcu_head *head) xfree(rcu_node); } -static void rcu_node_free(struct radix_tree_node *node, void *arg) +static void cf_check rcu_node_free(struct radix_tree_node *node, void *arg) { struct rcu_node *rcu_node = container_of(node, struct rcu_node, node); call_rcu(&rcu_node->rcu_head, _rcu_node_free); diff --git a/xen/common/rangeset.c b/xen/common/rangeset.c index 885b6b15c2..a6ef264046 100644 --- a/xen/common/rangeset.c +++ b/xen/common/rangeset.c @@ -384,7 +384,7 @@ int rangeset_consume_ranges(struct rangeset *r, return rc; } -static int merge(unsigned long s, unsigned long e, void *data) +static int cf_check merge(unsigned long s, unsigned long e, void *data) { struct rangeset *r = data; diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 25bfbf3c47..62c83aaa6a 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -375,7 +375,7 @@ static void spinlock_profile_iterate(lock_profile_subfunc *sub, void *par) spin_unlock(&lock_profile_lock); } -static void spinlock_profile_print_elem(struct lock_profile *data, +static void cf_check spinlock_profile_print_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { struct spinlock *lock = data->lock; @@ -404,7 +404,7 @@ void cf_check spinlock_profile_printall(unsigned char key) spinlock_profile_iterate(spinlock_profile_print_elem, NULL); } -static void spinlock_profile_reset_elem(struct lock_profile *data, +static void cf_check spinlock_profile_reset_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { data->lock_cnt = 0; @@ -428,7 +428,7 @@ typedef struct { int rc; } spinlock_profile_ucopy_t; -static void spinlock_profile_ucopy_elem(struct lock_profile *data, +static void cf_check spinlock_profile_ucopy_elem(struct lock_profile *data, int32_t type, int32_t idx, void *par) { spinlock_profile_ucopy_t *p = par; diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index 70ab3ba406..84cf52636b 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -523,21 +523,21 @@ int __vm_event_claim_slot(struct domain *d, struct vm_event_domain *ved, #ifdef CONFIG_MEM_PAGING /* Registered with Xen-bound event channel for incoming notifications. */ -static void mem_paging_notification(struct vcpu *v, unsigned int port) +static void cf_check mem_paging_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_paging); } #endif /* Registered with Xen-bound event channel for incoming notifications. */ -static void monitor_notification(struct vcpu *v, unsigned int port) +static void cf_check monitor_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_monitor); } #ifdef CONFIG_MEM_SHARING /* Registered with Xen-bound event channel for incoming notifications. */ -static void mem_sharing_notification(struct vcpu *v, unsigned int port) +static void cf_check mem_sharing_notification(struct vcpu *v, unsigned int port) { vm_event_resume(v->domain, v->domain->vm_event_share); } diff --git a/xen/common/xmalloc_tlsf.c b/xen/common/xmalloc_tlsf.c index e3f6886e6b..d2ad909502 100644 --- a/xen/common/xmalloc_tlsf.c +++ b/xen/common/xmalloc_tlsf.c @@ -512,13 +512,13 @@ int xmem_pool_maxalloc(struct xmem_pool *pool) static struct xmem_pool *xenpool; -static void *xmalloc_pool_get(unsigned long size) +static void *cf_check xmalloc_pool_get(unsigned long size) { ASSERT(size == PAGE_SIZE); return alloc_xenheap_page(); } -static void xmalloc_pool_put(void *p) +static void cf_check xmalloc_pool_put(void *p) { free_xenheap_page(p); } diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 06b4d2b1fe..cebcd68a6c 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -1073,7 +1073,7 @@ static void * __init allocate_ppr_log(struct amd_iommu *iommu) #define IVRS_MAPPINGS_DEVTAB(m) (m)[ivrs_bdf_entries].intremap_table /* Gets passed to radix_tree_destroy(), so its param needs to be void *. */ -static void __init free_ivrs_mapping_callback(void *ptr) +static void __init cf_check free_ivrs_mapping_callback(void *ptr) { const struct ivrs_mappings *ivrs_mappings = ptr; diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h index 24eb4cc7d3..1c3c88a14d 100644 --- a/xen/include/xen/domain.h +++ b/xen/include/xen/domain.h @@ -52,7 +52,7 @@ void free_vcpu_struct(struct vcpu *v); #ifndef alloc_pirq_struct struct pirq *alloc_pirq_struct(struct domain *); #endif -void free_pirq_struct(void *); +void cf_check free_pirq_struct(void *); /* * Initialise/destroy arch-specific details of a VCPU. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:48:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:48:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277998.474942 (Exim 4.92) (envelope-from ) id 1nN9o0-0004NS-Vb; Thu, 24 Feb 2022 08:48:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277998.474942; Thu, 24 Feb 2022 08:48:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9o0-0004NI-SV; Thu, 24 Feb 2022 08:48:56 +0000 Received: by outflank-mailman (input) for mailman id 277998; Thu, 24 Feb 2022 08:48:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9o0-0004N5-1i for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9o0-00012d-13 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9o0-0005Y4-0M for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:48:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bdz530nFmsq2/2takVQ/+nRlzX8EVCS2gbc7fafg+lo=; b=0RfZy1vod9wbP+RKMV3UeskW4E ZCefimypITwBHDQFRTeukJ+efrFRcbxCHRQl81HgqKYsHXU3ncMZJSLJYys4fvAb5tniLqbHGi8pf 9v+WLG4nUr5oHZQoh6zSnENgegZBNa2fagAbZdQPXj71OcW5CsQyjwQrKsxZW3xcJAHo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: CFI hardening for request_irq() Message-Id: Date: Thu, 24 Feb 2022 08:48:56 +0000 commit e88a591461a8a590a391378a6b24221d6ce09f95 Author: Andrew Cooper AuthorDate: Fri Oct 29 14:08:31 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: CFI hardening for request_irq() ... and friends; alloc_direct_apic_vector() and set_direct_apic_vector(). Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/apic.c | 8 ++++---- xen/arch/x86/cpu/mcheck/mce_intel.c | 4 ++-- xen/arch/x86/guest/xen/xen.c | 2 +- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/arch/x86/include/asm/irq.h | 16 ++++++++-------- xen/arch/x86/irq.c | 2 +- xen/arch/x86/smp.c | 6 +++--- xen/arch/x86/time.c | 3 ++- xen/drivers/passthrough/amd/iommu_init.c | 4 ++-- xen/drivers/passthrough/vtd/iommu.c | 4 ++-- 11 files changed, 29 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 68e4d870c7..5a7a58dc98 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1361,7 +1361,7 @@ int reprogram_timer(s_time_t timeout) return apic_tmict || !timeout; } -void apic_timer_interrupt(struct cpu_user_regs * regs) +void cf_check apic_timer_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(apic_timer); @@ -1380,7 +1380,7 @@ void smp_send_state_dump(unsigned int cpu) /* * Spurious interrupts should _never_ happen with our APIC/SMP architecture. */ -void spurious_interrupt(struct cpu_user_regs *regs) +void cf_check spurious_interrupt(struct cpu_user_regs *regs) { /* * Check if this is a vectored interrupt (most likely, as this is probably @@ -1411,7 +1411,7 @@ void spurious_interrupt(struct cpu_user_regs *regs) * This interrupt should never happen with our APIC/SMP architecture */ -void error_interrupt(struct cpu_user_regs *regs) +void cf_check error_interrupt(struct cpu_user_regs *regs) { static const char *const esr_fields[] = { "Send CS error", @@ -1444,7 +1444,7 @@ void error_interrupt(struct cpu_user_regs *regs) * This interrupt handles performance counters interrupt */ -void pmu_apic_interrupt(struct cpu_user_regs *regs) +void cf_check pmu_apic_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); vpmu_do_interrupt(regs); diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index a691e10bdc..7aaa56fd02 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -55,7 +55,7 @@ bool __read_mostly lmce_support; #define MCE_RING 0x1 static DEFINE_PER_CPU(int, last_state); -static void intel_thermal_interrupt(struct cpu_user_regs *regs) +static void cf_check intel_thermal_interrupt(struct cpu_user_regs *regs) { uint64_t msr_content; unsigned int cpu = smp_processor_id(); @@ -639,7 +639,7 @@ static void cpu_mcheck_disable(void) clear_cmci(); } -static void cmci_interrupt(struct cpu_user_regs *regs) +static void cf_check cmci_interrupt(struct cpu_user_regs *regs) { mctelem_cookie_t mctc; struct mca_summary bs; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index b2aa3a009b..17807cdea6 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -170,7 +170,7 @@ static void __init init_memmap(void) } } -static void xen_evtchn_upcall(struct cpu_user_regs *regs) +static void cf_check xen_evtchn_upcall(struct cpu_user_regs *regs) { struct vcpu_info *vcpu_info = this_cpu(vcpu_info); unsigned long pending; diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 7a810e4e71..5d4f891566 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -237,8 +237,8 @@ again: } } -static void hpet_interrupt_handler(int irq, void *data, - struct cpu_user_regs *regs) +static void cf_check hpet_interrupt_handler( + int irq, void *data, struct cpu_user_regs *regs) { struct hpet_event_channel *ch = data; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 36c8a12cfe..dade08f602 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2533,7 +2533,7 @@ static struct hvm_function_table __initdata vmx_function_table = { }; /* Handle VT-d posted-interrupt when VCPU is blocked. */ -static void pi_wakeup_interrupt(struct cpu_user_regs *regs) +static void cf_check pi_wakeup_interrupt(struct cpu_user_regs *regs) { struct vmx_vcpu *vmx, *tmp; spinlock_t *lock = &per_cpu(vmx_pi_blocking, smp_processor_id()).lock; @@ -2565,7 +2565,7 @@ static void pi_wakeup_interrupt(struct cpu_user_regs *regs) } /* Handle VT-d posted-interrupt when VCPU is running. */ -static void pi_notification_interrupt(struct cpu_user_regs *regs) +static void cf_check pi_notification_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); this_cpu(irq_count)++; diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 7c825e9d9c..b3f49abc55 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -93,14 +93,14 @@ static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) #define platform_legacy_irq(irq) ((irq) < 16) -void event_check_interrupt(struct cpu_user_regs *regs); -void invalidate_interrupt(struct cpu_user_regs *regs); -void call_function_interrupt(struct cpu_user_regs *regs); -void apic_timer_interrupt(struct cpu_user_regs *regs); -void error_interrupt(struct cpu_user_regs *regs); -void pmu_apic_interrupt(struct cpu_user_regs *regs); -void spurious_interrupt(struct cpu_user_regs *regs); -void irq_move_cleanup_interrupt(struct cpu_user_regs *regs); +void cf_check event_check_interrupt(struct cpu_user_regs *regs); +void cf_check invalidate_interrupt(struct cpu_user_regs *regs); +void cf_check call_function_interrupt(struct cpu_user_regs *regs); +void cf_check apic_timer_interrupt(struct cpu_user_regs *regs); +void cf_check error_interrupt(struct cpu_user_regs *regs); +void cf_check pmu_apic_interrupt(struct cpu_user_regs *regs); +void cf_check spurious_interrupt(struct cpu_user_regs *regs); +void cf_check irq_move_cleanup_interrupt(struct cpu_user_regs *regs); uint8_t alloc_hipriority_vector(void); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index f43b926ed2..61e09a356f 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -744,7 +744,7 @@ void move_native_irq(struct irq_desc *desc) desc->handler->enable(desc); } -void irq_move_cleanup_interrupt(struct cpu_user_regs *regs) +void cf_check irq_move_cleanup_interrupt(struct cpu_user_regs *regs) { unsigned vector, me; diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index b9a696f619..33748e629a 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -246,7 +246,7 @@ static cpumask_t flush_cpumask; static const void *flush_va; static unsigned int flush_flags; -void invalidate_interrupt(struct cpu_user_regs *regs) +void cf_check invalidate_interrupt(struct cpu_user_regs *regs) { unsigned int flags = flush_flags; ack_APIC_irq(); @@ -385,14 +385,14 @@ void smp_send_nmi_allbutself(void) send_IPI_mask(&cpu_online_map, APIC_DM_NMI); } -void event_check_interrupt(struct cpu_user_regs *regs) +void cf_check event_check_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(ipis); this_cpu(irq_count)++; } -void call_function_interrupt(struct cpu_user_regs *regs) +void cf_check call_function_interrupt(struct cpu_user_regs *regs) { ack_APIC_irq(); perfc_incr(ipis); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 10efe13c84..a296704fb1 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -196,7 +196,8 @@ static void smp_send_timer_broadcast_ipi(void) } } -static void timer_interrupt(int irq, void *dev_id, struct cpu_user_regs *regs) +static void cf_check timer_interrupt( + int irq, void *dev_id, struct cpu_user_regs *regs) { ASSERT(local_irq_is_enabled()); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index cebcd68a6c..d2ad282e93 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -715,8 +715,8 @@ static void cf_check do_amd_iommu_irq(void *unused) } } -static void iommu_interrupt_handler(int irq, void *dev_id, - struct cpu_user_regs *regs) +static void cf_check iommu_interrupt_handler( + int irq, void *dev_id, struct cpu_user_regs *regs) { unsigned long flags; struct amd_iommu *iommu = dev_id; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 1a1cf14785..f2a5a4b4e4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1069,8 +1069,8 @@ static void cf_check do_iommu_page_fault(void *unused) __do_iommu_page_fault(drhd->iommu); } -static void iommu_page_fault(int irq, void *dev_id, - struct cpu_user_regs *regs) +static void cf_check iommu_page_fault( + int irq, void *dev_id, struct cpu_user_regs *regs) { /* * Just flag the tasklet as runnable. This is fine, according to VT-d -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.277999.474945 (Exim 4.92) (envelope-from ) id 1nN9oB-0004QP-1N; Thu, 24 Feb 2022 08:49:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 277999.474945; Thu, 24 Feb 2022 08:49:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oA-0004QI-U8; Thu, 24 Feb 2022 08:49:06 +0000 Received: by outflank-mailman (input) for mailman id 277999; Thu, 24 Feb 2022 08:49:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oA-0004QA-6M for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oA-00013D-4y for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oA-0005Yr-4F for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HnxU+JJzhKNEnN7cQyReD03Vb1GJsz+Bz8aGAcqfNd4=; b=ywa0sOkWHejxS1Zgf+UMM5Xv5O qilrv+l+ZgXRfIwZ7DjhGrvyjBsBLtxJAmw93APuvijgv98au7ARBwfdoBapWDKuOquqbTh5zDfQt gCFVucPlLWD6/fV2KS87MA8aenDQhk70u/SkYXm2MJCkG+B+qzuIITxaPGo70662LJk0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: CFI hardening for hvm_funcs Message-Id: Date: Thu, 24 Feb 2022 08:49:06 +0000 commit b158e72abe30821bcef8867387f350d290804edc Author: Andrew Cooper AuthorDate: Fri Oct 29 20:15:24 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: CFI hardening for hvm_funcs Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. In svm.c, make a few rearrangements. svm_update_guest_cr() has no external callers so can become static, but needs moving along with svm_fpu_enter() to avoid a forward declaration. Move svm_fpu_leave() too, to match. Also move svm_update_guest_efer() to drop its forward declaration. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/svm/nestedsvm.c | 22 +- xen/arch/x86/hvm/svm/svm.c | 390 ++++++++++++++------------- xen/arch/x86/hvm/vmx/intr.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 8 +- xen/arch/x86/hvm/vmx/vmx.c | 143 +++++----- xen/arch/x86/hvm/vmx/vvmx.c | 16 +- xen/arch/x86/include/asm/hvm/svm/nestedsvm.h | 18 +- xen/arch/x86/include/asm/hvm/svm/svm.h | 1 - xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 8 +- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 2 +- xen/arch/x86/include/asm/hvm/vmx/vvmx.h | 18 +- 11 files changed, 320 insertions(+), 308 deletions(-) diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c index abc178d8d4..9f5f35f16a 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -80,7 +80,7 @@ int nestedsvm_vmcb_map(struct vcpu *v, uint64_t vmcbaddr) } /* Interface methods */ -int nsvm_vcpu_initialise(struct vcpu *v) +int cf_check nsvm_vcpu_initialise(struct vcpu *v) { void *msrpm; struct nestedvcpu *nv = &vcpu_nestedhvm(v); @@ -110,7 +110,7 @@ int nsvm_vcpu_initialise(struct vcpu *v) return -ENOMEM; } -void nsvm_vcpu_destroy(struct vcpu *v) +void cf_check nsvm_vcpu_destroy(struct vcpu *v) { struct nestedvcpu *nv = &vcpu_nestedhvm(v); struct nestedsvm *svm = &vcpu_nestedsvm(v); @@ -150,7 +150,7 @@ void nsvm_vcpu_destroy(struct vcpu *v) svm->ns_iomap = NULL; } -int nsvm_vcpu_reset(struct vcpu *v) +int cf_check nsvm_vcpu_reset(struct vcpu *v) { struct nestedsvm *svm = &vcpu_nestedsvm(v); @@ -855,8 +855,8 @@ nsvm_vcpu_vmexit_inject(struct vcpu *v, struct cpu_user_regs *regs, return 0; } -int -nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *trap) +int cf_check nsvm_vcpu_vmexit_event( + struct vcpu *v, const struct x86_event *trap) { ASSERT(vcpu_nestedhvm(v).nv_vvmcx != NULL); @@ -865,7 +865,7 @@ nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *trap) return NESTEDHVM_VMEXIT_DONE; } -uint64_t nsvm_vcpu_hostcr3(struct vcpu *v) +uint64_t cf_check nsvm_vcpu_hostcr3(struct vcpu *v) { return vcpu_nestedsvm(v).ns_vmcb_hostcr3; } @@ -1030,8 +1030,7 @@ nsvm_vmcb_guest_intercepts_exitcode(struct vcpu *v, return 1; } -bool_t -nsvm_vmcb_guest_intercepts_event( +bool cf_check nsvm_vmcb_guest_intercepts_event( struct vcpu *v, unsigned int vector, int errcode) { return nsvm_vmcb_guest_intercepts_exitcode(v, @@ -1206,8 +1205,7 @@ nsvm_vmcb_prepare4vmexit(struct vcpu *v, struct cpu_user_regs *regs) return 0; } -bool_t -nsvm_vmcb_hap_enabled(struct vcpu *v) +bool cf_check nsvm_vmcb_hap_enabled(struct vcpu *v) { return vcpu_nestedsvm(v).ns_hap_enabled; } @@ -1216,7 +1214,7 @@ nsvm_vmcb_hap_enabled(struct vcpu *v) * walk is successful, the translated value is returned in * L1_gpa. The result value tells what to do next. */ -int nsvm_hap_walk_L1_p2m( +int cf_check nsvm_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec) { @@ -1241,7 +1239,7 @@ int nsvm_hap_walk_L1_p2m( return NESTEDHVM_PAGEFAULT_DONE; } -enum hvm_intblk nsvm_intr_blocked(struct vcpu *v) +enum hvm_intblk cf_check nsvm_intr_blocked(struct vcpu *v) { struct nestedsvm *svm = &vcpu_nestedsvm(v); struct nestedvcpu *nv = &vcpu_nestedhvm(v); diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index c4ce3f75ab..de6166241b 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -67,8 +67,6 @@ void noreturn svm_asm_do_resume(void); u32 svm_feature_flags; -static void svm_update_guest_efer(struct vcpu *); - static struct hvm_function_table svm_function_table; /* @@ -122,11 +120,166 @@ void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len) hvm_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } -static void svm_cpu_down(void) +static void cf_check svm_cpu_down(void) { write_efer(read_efer() & ~EFER_SVME); } +static void svm_fpu_enter(struct vcpu *v) +{ + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; + + vcpu_restore_fpu_lazy(v); + vmcb_set_exception_intercepts( + n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) & ~(1U << TRAP_no_device)); +} + +static void cf_check svm_fpu_leave(struct vcpu *v) +{ + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; + + ASSERT(!v->fpu_dirtied); + ASSERT(read_cr0() & X86_CR0_TS); + + /* + * If the guest does not have TS enabled then we must cause and handle an + * exception on first use of the FPU. If the guest *does* have TS enabled + * then this is not necessary: no FPU activity can occur until the guest + * clears CR0.TS, and we will initialise the FPU when that happens. + */ + if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) + { + vmcb_set_exception_intercepts( + n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) | (1U << TRAP_no_device)); + vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) | X86_CR0_TS); + } +} + +static void cf_check svm_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags) +{ + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; + uint64_t value; + + switch ( cr ) + { + case 0: + { + unsigned long hw_cr0_mask = 0; + + if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) + { + if ( v != current ) + { + if ( !v->arch.fully_eager_fpu ) + hw_cr0_mask |= X86_CR0_TS; + } + else if ( vmcb_get_cr0(vmcb) & X86_CR0_TS ) + svm_fpu_enter(v); + } + + if ( paging_mode_hap(v->domain) ) + { + uint32_t intercepts = vmcb_get_cr_intercepts(vmcb); + + /* Trap CR3 updates if CR3 memory events are enabled. */ + if ( v->domain->arch.monitor.write_ctrlreg_enabled & + monitor_ctrlreg_bitmask(VM_EVENT_X86_CR3) ) + vmcb_set_cr_intercepts(vmcb, intercepts | CR_INTERCEPT_CR3_WRITE); + } + + value = v->arch.hvm.guest_cr[0] | hw_cr0_mask; + if ( !paging_mode_hap(v->domain) ) + value |= X86_CR0_PG | X86_CR0_WP; + vmcb_set_cr0(vmcb, value); + break; + } + case 2: + vmcb_set_cr2(vmcb, v->arch.hvm.guest_cr[2]); + break; + case 3: + vmcb_set_cr3(vmcb, v->arch.hvm.hw_cr[3]); + if ( !nestedhvm_enabled(v->domain) ) + { + if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) + hvm_asid_flush_vcpu(v); + } + else if ( nestedhvm_vmswitch_in_progress(v) ) + ; /* CR3 switches during VMRUN/VMEXIT do not flush the TLB. */ + else if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) + hvm_asid_flush_vcpu_asid( + nestedhvm_vcpu_in_guestmode(v) + ? &vcpu_nestedhvm(v).nv_n2asid : &v->arch.hvm.n1asid); + break; + case 4: + value = HVM_CR4_HOST_MASK; + if ( paging_mode_hap(v->domain) ) + value &= ~X86_CR4_PAE; + value |= v->arch.hvm.guest_cr[4]; + + if ( !hvm_paging_enabled(v) ) + { + /* + * When the guest thinks paging is disabled, Xen may need to hide + * the effects of shadow paging, as hardware runs with the host + * paging settings, rather than the guests settings. + * + * Without CR0.PG, all memory accesses are user mode, so + * _PAGE_USER must be set in the shadow pagetables for guest + * userspace to function. This in turn trips up guest supervisor + * mode if SMEP/SMAP are left active in context. They wouldn't + * have any effect if paging was actually disabled, so hide them + * behind the back of the guest. + */ + value &= ~(X86_CR4_SMEP | X86_CR4_SMAP); + } + + vmcb_set_cr4(vmcb, value); + break; + default: + BUG(); + } +} + +static void cf_check svm_update_guest_efer(struct vcpu *v) +{ + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; + unsigned long guest_efer = v->arch.hvm.guest_efer, + xen_efer = read_efer(); + + if ( paging_mode_shadow(v->domain) ) + { + /* EFER.NX is a Xen-owned bit and is not under guest control. */ + guest_efer &= ~EFER_NXE; + guest_efer |= xen_efer & EFER_NXE; + + /* + * CR0.PG is a Xen-owned bit, and remains set even when the guest has + * logically disabled paging. + * + * LMA was calculated using the guest CR0.PG setting, but LME needs + * clearing to avoid interacting with Xen's CR0.PG setting. As writes + * to CR0 are intercepted, it is safe to leave LME clear at this + * point, and fix up both LME and LMA when CR0.PG is set. + */ + if ( !(guest_efer & EFER_LMA) ) + guest_efer &= ~EFER_LME; + } + + /* SVME must remain set in non-root mode. */ + guest_efer |= EFER_SVME; + + vmcb_set_efer(vmcb, guest_efer); + + ASSERT(nestedhvm_enabled(v->domain) || + !(v->arch.hvm.guest_efer & EFER_SVME)); + + if ( nestedhvm_enabled(v->domain) ) + svm_nested_features_on_efer_update(v); +} + unsigned long * svm_msrbit(unsigned long *msr_bitmap, uint32_t msr) { @@ -165,7 +318,7 @@ void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags) __clear_bit(msr * 2 + 1, msr_bit); } -static void svm_enable_msr_interception(struct domain *d, uint32_t msr) +static void cf_check svm_enable_msr_interception(struct domain *d, uint32_t msr) { struct vcpu *v; @@ -377,13 +530,13 @@ static void svm_load_cpu_state(struct vcpu *v, struct hvm_hw_cpu *data) svm_update_guest_efer(v); } -static void svm_save_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static void cf_check svm_save_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { svm_save_cpu_state(v, ctxt); svm_vmcb_save(v, ctxt); } -static int svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static int cf_check svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { svm_load_cpu_state(v, ctxt); if ( svm_vmcb_restore(v, ctxt) ) @@ -396,39 +549,7 @@ static int svm_load_vmcb_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) return 0; } -static void svm_fpu_enter(struct vcpu *v) -{ - struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; - - vcpu_restore_fpu_lazy(v); - vmcb_set_exception_intercepts( - n1vmcb, - vmcb_get_exception_intercepts(n1vmcb) & ~(1U << TRAP_no_device)); -} - -static void svm_fpu_leave(struct vcpu *v) -{ - struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; - - ASSERT(!v->fpu_dirtied); - ASSERT(read_cr0() & X86_CR0_TS); - - /* - * If the guest does not have TS enabled then we must cause and handle an - * exception on first use of the FPU. If the guest *does* have TS enabled - * then this is not necessary: no FPU activity can occur until the guest - * clears CR0.TS, and we will initialise the FPU when that happens. - */ - if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) - { - vmcb_set_exception_intercepts( - n1vmcb, - vmcb_get_exception_intercepts(n1vmcb) | (1U << TRAP_no_device)); - vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) | X86_CR0_TS); - } -} - -static unsigned int svm_get_interrupt_shadow(struct vcpu *v) +static unsigned cf_check int svm_get_interrupt_shadow(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; unsigned int intr_shadow = 0; @@ -442,7 +563,8 @@ static unsigned int svm_get_interrupt_shadow(struct vcpu *v) return intr_shadow; } -static void svm_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) +static void cf_check svm_set_interrupt_shadow( + struct vcpu *v, unsigned int intr_shadow) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -456,7 +578,7 @@ static void svm_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) vmcb_set_general1_intercepts(vmcb, general1_intercepts); } -static int svm_guest_x86_mode(struct vcpu *v) +static int cf_check svm_guest_x86_mode(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -469,129 +591,7 @@ static int svm_guest_x86_mode(struct vcpu *v) return likely(vmcb->cs.db) ? 4 : 2; } -void svm_update_guest_cr(struct vcpu *v, unsigned int cr, unsigned int flags) -{ - struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; - uint64_t value; - - switch ( cr ) - { - case 0: - { - unsigned long hw_cr0_mask = 0; - - if ( !(v->arch.hvm.guest_cr[0] & X86_CR0_TS) ) - { - if ( v != current ) - { - if ( !v->arch.fully_eager_fpu ) - hw_cr0_mask |= X86_CR0_TS; - } - else if ( vmcb_get_cr0(vmcb) & X86_CR0_TS ) - svm_fpu_enter(v); - } - - if ( paging_mode_hap(v->domain) ) - { - uint32_t intercepts = vmcb_get_cr_intercepts(vmcb); - - /* Trap CR3 updates if CR3 memory events are enabled. */ - if ( v->domain->arch.monitor.write_ctrlreg_enabled & - monitor_ctrlreg_bitmask(VM_EVENT_X86_CR3) ) - vmcb_set_cr_intercepts(vmcb, intercepts | CR_INTERCEPT_CR3_WRITE); - } - - value = v->arch.hvm.guest_cr[0] | hw_cr0_mask; - if ( !paging_mode_hap(v->domain) ) - value |= X86_CR0_PG | X86_CR0_WP; - vmcb_set_cr0(vmcb, value); - break; - } - case 2: - vmcb_set_cr2(vmcb, v->arch.hvm.guest_cr[2]); - break; - case 3: - vmcb_set_cr3(vmcb, v->arch.hvm.hw_cr[3]); - if ( !nestedhvm_enabled(v->domain) ) - { - if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu(v); - } - else if ( nestedhvm_vmswitch_in_progress(v) ) - ; /* CR3 switches during VMRUN/VMEXIT do not flush the TLB. */ - else if ( !(flags & HVM_UPDATE_GUEST_CR3_NOFLUSH) ) - hvm_asid_flush_vcpu_asid( - nestedhvm_vcpu_in_guestmode(v) - ? &vcpu_nestedhvm(v).nv_n2asid : &v->arch.hvm.n1asid); - break; - case 4: - value = HVM_CR4_HOST_MASK; - if ( paging_mode_hap(v->domain) ) - value &= ~X86_CR4_PAE; - value |= v->arch.hvm.guest_cr[4]; - - if ( !hvm_paging_enabled(v) ) - { - /* - * When the guest thinks paging is disabled, Xen may need to hide - * the effects of shadow paging, as hardware runs with the host - * paging settings, rather than the guests settings. - * - * Without CR0.PG, all memory accesses are user mode, so - * _PAGE_USER must be set in the shadow pagetables for guest - * userspace to function. This in turn trips up guest supervisor - * mode if SMEP/SMAP are left active in context. They wouldn't - * have any effect if paging was actually disabled, so hide them - * behind the back of the guest. - */ - value &= ~(X86_CR4_SMEP | X86_CR4_SMAP); - } - - vmcb_set_cr4(vmcb, value); - break; - default: - BUG(); - } -} - -static void svm_update_guest_efer(struct vcpu *v) -{ - struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; - unsigned long guest_efer = v->arch.hvm.guest_efer, - xen_efer = read_efer(); - - if ( paging_mode_shadow(v->domain) ) - { - /* EFER.NX is a Xen-owned bit and is not under guest control. */ - guest_efer &= ~EFER_NXE; - guest_efer |= xen_efer & EFER_NXE; - - /* - * CR0.PG is a Xen-owned bit, and remains set even when the guest has - * logically disabled paging. - * - * LMA was calculated using the guest CR0.PG setting, but LME needs - * clearing to avoid interacting with Xen's CR0.PG setting. As writes - * to CR0 are intercepted, it is safe to leave LME clear at this - * point, and fix up both LME and LMA when CR0.PG is set. - */ - if ( !(guest_efer & EFER_LMA) ) - guest_efer &= ~EFER_LME; - } - - /* SVME must remain set in non-root mode. */ - guest_efer |= EFER_SVME; - - vmcb_set_efer(vmcb, guest_efer); - - ASSERT(nestedhvm_enabled(v->domain) || - !(v->arch.hvm.guest_efer & EFER_SVME)); - - if ( nestedhvm_enabled(v->domain) ) - svm_nested_features_on_efer_update(v); -} - -static void svm_cpuid_policy_changed(struct vcpu *v) +static void cf_check svm_cpuid_policy_changed(struct vcpu *v) { struct svm_vcpu *svm = &v->arch.hvm.svm; struct vmcb_struct *vmcb = svm->vmcb; @@ -636,13 +636,13 @@ void svm_sync_vmcb(struct vcpu *v, enum vmcb_sync_state new_state) } } -static unsigned int svm_get_cpl(struct vcpu *v) +static unsigned int cf_check svm_get_cpl(struct vcpu *v) { return vmcb_get_cpl(v->arch.hvm.svm.vmcb); } -static void svm_get_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check svm_get_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -686,8 +686,8 @@ static void svm_get_segment_register(struct vcpu *v, enum x86_segment seg, } } -static void svm_set_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check svm_set_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -756,12 +756,12 @@ static void svm_set_segment_register(struct vcpu *v, enum x86_segment seg, } } -static unsigned long svm_get_shadow_gs_base(struct vcpu *v) +static unsigned long cf_check svm_get_shadow_gs_base(struct vcpu *v) { return v->arch.hvm.svm.vmcb->kerngsbase; } -static int svm_set_guest_pat(struct vcpu *v, u64 gpat) +static int cf_check svm_set_guest_pat(struct vcpu *v, u64 gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -772,7 +772,7 @@ static int svm_set_guest_pat(struct vcpu *v, u64 gpat) return 1; } -static int svm_get_guest_pat(struct vcpu *v, u64 *gpat) +static int cf_check svm_get_guest_pat(struct vcpu *v, u64 *gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -820,7 +820,7 @@ static uint64_t svm_get_tsc_offset(uint64_t host_tsc, uint64_t guest_tsc, return guest_tsc - scale_tsc(host_tsc, ratio); } -static void svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) +static void cf_check svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct vmcb_struct *n1vmcb, *n2vmcb; @@ -856,7 +856,7 @@ static void svm_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) vmcb_set_tsc_offset(vmcb, offset + n2_tsc_offset); } -static void svm_set_rdtsc_exiting(struct vcpu *v, bool_t enable) +static void cf_check svm_set_rdtsc_exiting(struct vcpu *v, bool enable) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -875,7 +875,8 @@ static void svm_set_rdtsc_exiting(struct vcpu *v, bool_t enable) vmcb_set_general2_intercepts(vmcb, general2_intercepts); } -static void svm_set_descriptor_access_exiting(struct vcpu *v, bool enable) +static void cf_check svm_set_descriptor_access_exiting( + struct vcpu *v, bool enable) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); @@ -892,7 +893,7 @@ static void svm_set_descriptor_access_exiting(struct vcpu *v, bool enable) vmcb_set_general1_intercepts(vmcb, general1_intercepts); } -static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) +static unsigned int cf_check svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; unsigned int len = v->arch.hvm.svm.cached_insn_len; @@ -907,7 +908,7 @@ static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) return len; } -static void svm_init_hypercall_page(void *p) +static void cf_check svm_init_hypercall_page(void *p) { unsigned int i; @@ -1148,7 +1149,7 @@ static int acpi_c1e_quirk(int dir, unsigned int port, unsigned int bytes, return X86EMUL_OKAY; } -static int svm_domain_initialise(struct domain *d) +static int cf_check svm_domain_initialise(struct domain *d) { static const struct arch_csw csw = { .from = svm_ctxt_switch_from, @@ -1166,7 +1167,7 @@ static int svm_domain_initialise(struct domain *d) return 0; } -static int svm_vcpu_initialise(struct vcpu *v) +static int cf_check svm_vcpu_initialise(struct vcpu *v) { int rc; @@ -1183,7 +1184,7 @@ static int svm_vcpu_initialise(struct vcpu *v) return 0; } -static void svm_vcpu_destroy(struct vcpu *v) +static void cf_check svm_vcpu_destroy(struct vcpu *v) { svm_destroy_vmcb(v); passive_domain_destroy(v); @@ -1304,7 +1305,7 @@ static void svm_emul_swint_injection(struct x86_event *event) event->error_code = ec; } -static void svm_inject_event(const struct x86_event *event) +static void cf_check svm_inject_event(const struct x86_event *event) { struct vcpu *curr = current; struct vmcb_struct *vmcb = curr->arch.hvm.svm.vmcb; @@ -1434,12 +1435,12 @@ static void svm_inject_event(const struct x86_event *event) HVMTRACE_2D(INJ_EXC, _event.vector, _event.error_code); } -static bool svm_event_pending(const struct vcpu *v) +static bool cf_check svm_event_pending(const struct vcpu *v) { return v->arch.hvm.svm.vmcb->event_inj.v; } -static void svm_cpu_dead(unsigned int cpu) +static void cf_check svm_cpu_dead(unsigned int cpu) { paddr_t *this_hsa = &per_cpu(hsa, cpu); paddr_t *this_vmcb = &per_cpu(host_vmcb, cpu); @@ -1465,7 +1466,7 @@ static void svm_cpu_dead(unsigned int cpu) } } -static int svm_cpu_up_prepare(unsigned int cpu) +static int cf_check svm_cpu_up_prepare(unsigned int cpu) { paddr_t *this_hsa = &per_cpu(hsa, cpu); paddr_t *this_vmcb = &per_cpu(host_vmcb, cpu); @@ -1620,7 +1621,7 @@ static int _svm_cpu_up(bool bsp) return 0; } -static int svm_cpu_up(void) +static int cf_check svm_cpu_up(void) { return _svm_cpu_up(false); } @@ -1749,7 +1750,7 @@ static void svm_do_nested_pgfault(struct vcpu *v, domain_crash(v->domain); } -static void svm_fpu_dirty_intercept(void) +static void cf_check svm_fpu_dirty_intercept(void) { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -1795,7 +1796,8 @@ static void svm_dr_access(struct vcpu *v, struct cpu_user_regs *regs) __restore_debug_registers(vmcb, v); } -static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) +static int cf_check svm_msr_read_intercept( + unsigned int msr, uint64_t *msr_content) { struct vcpu *v = current; const struct domain *d = v->domain; @@ -1990,7 +1992,8 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) return X86EMUL_EXCEPTION; } -static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) +static int cf_check svm_msr_write_intercept( + unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; struct domain *d = v->domain; @@ -2409,7 +2412,7 @@ static void svm_vmexit_mce_intercept( } } -static void svm_wbinvd_intercept(void) +static void cf_check svm_wbinvd_intercept(void) { if ( cache_flush_permitted(current->domain) ) flush_all(FLUSH_CACHE); @@ -2454,12 +2457,13 @@ static bool is_invlpg(const struct x86_emulate_state *state, (ext & 7) == 7; } -static void svm_invlpg(struct vcpu *v, unsigned long linear) +static void cf_check svm_invlpg(struct vcpu *v, unsigned long linear) { svm_asid_g_invlpg(v, linear); } -static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) +static bool cf_check svm_get_pending_event( + struct vcpu *v, struct x86_event *info) { const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -2473,7 +2477,7 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) return true; } -static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) +static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) { const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; @@ -2491,7 +2495,7 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) } } -static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) +static void cf_check svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c index 80bfbb4787..13bbe8430d 100644 --- a/xen/arch/x86/hvm/vmx/intr.c +++ b/xen/arch/x86/hvm/vmx/intr.c @@ -147,7 +147,7 @@ static void vmx_enable_intr_window(struct vcpu *v, struct hvm_intack intack) * used but may have negative impact on interrupt performance. */ -enum hvm_intblk nvmx_intr_blocked(struct vcpu *v) +enum hvm_intblk cf_check nvmx_intr_blocked(struct vcpu *v) { int r = hvm_intblk_none; struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index d2cafd8ca1..60b506ac3f 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -655,7 +655,7 @@ void vmx_vmcs_reload(struct vcpu *v) vmx_load_vmcs(v); } -int vmx_cpu_up_prepare(unsigned int cpu) +int cf_check vmx_cpu_up_prepare(unsigned int cpu) { /* * If nvmx_cpu_up_prepare() failed, do not return failure and just fallback @@ -676,7 +676,7 @@ int vmx_cpu_up_prepare(unsigned int cpu) return -ENOMEM; } -void vmx_cpu_dead(unsigned int cpu) +void cf_check vmx_cpu_dead(unsigned int cpu) { vmx_free_vmcs(per_cpu(vmxon_region, cpu)); per_cpu(vmxon_region, cpu) = 0; @@ -774,12 +774,12 @@ static int _vmx_cpu_up(bool bsp) return 0; } -int vmx_cpu_up() +int cf_check vmx_cpu_up() { return _vmx_cpu_up(false); } -void vmx_cpu_down(void) +void cf_check vmx_cpu_down(void) { struct list_head *active_vmcs_list = &this_cpu(active_vmcs_list); unsigned long flags; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index dade08f602..2c4804f9b8 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -68,14 +68,16 @@ static void vmx_ctxt_switch_to(struct vcpu *v); static int alloc_vlapic_mapping(void); static void vmx_install_vlapic_mapping(struct vcpu *v); -static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, - unsigned int flags); -static void vmx_update_guest_efer(struct vcpu *v); -static void vmx_wbinvd_intercept(void); -static void vmx_fpu_dirty_intercept(void); -static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content); -static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content); -static void vmx_invlpg(struct vcpu *v, unsigned long linear); +static void cf_check vmx_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags); +static void cf_check vmx_update_guest_efer(struct vcpu *v); +static void cf_check vmx_wbinvd_intercept(void); +static void cf_check vmx_fpu_dirty_intercept(void); +static int cf_check vmx_msr_read_intercept( + unsigned int msr, uint64_t *msr_content); +static int cf_check vmx_msr_write_intercept( + unsigned int msr, uint64_t msr_content); +static void cf_check vmx_invlpg(struct vcpu *v, unsigned long linear); static mfn_t __read_mostly apic_access_mfn = INVALID_MFN_INITIALIZER; @@ -103,7 +105,7 @@ void vmx_pi_per_cpu_init(unsigned int cpu) spin_lock_init(&per_cpu(vmx_pi_blocking, cpu).lock); } -static void vmx_vcpu_block(struct vcpu *v) +static void cf_check vmx_vcpu_block(struct vcpu *v) { unsigned long flags; unsigned int dest; @@ -395,7 +397,7 @@ void vmx_pi_hooks_deassign(struct domain *d) domain_unpause(d); } -static int vmx_domain_initialise(struct domain *d) +static int cf_check vmx_domain_initialise(struct domain *d) { static const struct arch_csw csw = { .from = vmx_ctxt_switch_from, @@ -414,7 +416,7 @@ static int vmx_domain_initialise(struct domain *d) return 0; } -static void domain_creation_finished(struct domain *d) +static void cf_check domain_creation_finished(struct domain *d) { gfn_t gfn = gaddr_to_gfn(APIC_DEFAULT_PHYS_BASE); bool ipat; @@ -444,7 +446,7 @@ static void vmx_init_ipt(struct vcpu *v) v->arch.msrs->rtit.output_limit = size - 1; } -static int vmx_vcpu_initialise(struct vcpu *v) +static int cf_check vmx_vcpu_initialise(struct vcpu *v) { int rc; @@ -491,7 +493,7 @@ static int vmx_vcpu_initialise(struct vcpu *v) return 0; } -static void vmx_vcpu_destroy(struct vcpu *v) +static void cf_check vmx_vcpu_destroy(struct vcpu *v) { /* * There are cases that domain still remains in log-dirty mode when it is @@ -589,7 +591,7 @@ void vmx_update_exception_bitmap(struct vcpu *v) __vmwrite(EXCEPTION_BITMAP, bitmap); } -static void vmx_cpuid_policy_changed(struct vcpu *v) +static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) { const struct cpuid_policy *cp = v->domain->arch.cpuid; int rc = 0; @@ -647,7 +649,7 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) } } -int vmx_guest_x86_mode(struct vcpu *v) +int cf_check vmx_guest_x86_mode(struct vcpu *v) { unsigned long cs_ar_bytes; @@ -844,7 +846,7 @@ static void vmx_load_cpu_state(struct vcpu *v, struct hvm_hw_cpu *data) } -static void vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static void cf_check vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { if ( v == current ) vmx_save_guest_msrs(v); @@ -853,7 +855,7 @@ static void vmx_save_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) vmx_vmcs_save(v, ctxt); } -static int vmx_load_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) +static int cf_check vmx_load_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt) { /* Not currently safe to use in current context. */ ASSERT(v != current); @@ -879,7 +881,7 @@ static void vmx_fpu_enter(struct vcpu *v) __vmwrite(HOST_CR0, v->arch.hvm.vmx.host_cr0); } -static void vmx_fpu_leave(struct vcpu *v) +static void cf_check vmx_fpu_leave(struct vcpu *v) { ASSERT(!v->fpu_dirtied); ASSERT(read_cr0() & X86_CR0_TS); @@ -956,7 +958,7 @@ unsigned int vmx_get_cpl(void) return (attr >> 5) & 3; } -static unsigned int _vmx_get_cpl(struct vcpu *v) +static unsigned int cf_check _vmx_get_cpl(struct vcpu *v) { unsigned int cpl; @@ -982,8 +984,8 @@ static unsigned int _vmx_get_cpl(struct vcpu *v) #define vm86_ds_attr 0xf3 #define vm86_tr_attr 0x8b -static void vmx_get_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check vmx_get_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { unsigned long attr = 0, sel = 0, limit; unsigned int tmp_seg; @@ -1084,8 +1086,8 @@ static void vmx_get_segment_register(struct vcpu *v, enum x86_segment seg, } } -static void vmx_set_segment_register(struct vcpu *v, enum x86_segment seg, - struct segment_register *reg) +static void cf_check vmx_set_segment_register( + struct vcpu *v, enum x86_segment seg, struct segment_register *reg) { uint32_t attr, sel, limit; uint64_t base; @@ -1174,12 +1176,12 @@ static void vmx_set_segment_register(struct vcpu *v, enum x86_segment seg, vmx_vmcs_exit(v); } -static unsigned long vmx_get_shadow_gs_base(struct vcpu *v) +static unsigned long cf_check vmx_get_shadow_gs_base(struct vcpu *v) { return v->arch.hvm.vmx.shadow_gs; } -static int vmx_set_guest_pat(struct vcpu *v, u64 gpat) +static int cf_check vmx_set_guest_pat(struct vcpu *v, u64 gpat) { if ( !paging_mode_hap(v->domain) || unlikely(v->arch.hvm.cache_mode == NO_FILL_CACHE_MODE) ) @@ -1191,7 +1193,7 @@ static int vmx_set_guest_pat(struct vcpu *v, u64 gpat) return 1; } -static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat) +static int cf_check vmx_get_guest_pat(struct vcpu *v, u64 *gpat) { if ( !paging_mode_hap(v->domain) || unlikely(v->arch.hvm.cache_mode == NO_FILL_CACHE_MODE) ) @@ -1203,7 +1205,7 @@ static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat) return 1; } -static void vmx_handle_cd(struct vcpu *v, unsigned long value) +static void cf_check vmx_handle_cd(struct vcpu *v, unsigned long value) { if ( !paging_mode_hap(v->domain) ) { @@ -1253,7 +1255,7 @@ static void vmx_handle_cd(struct vcpu *v, unsigned long value) } } -static void vmx_setup_tsc_scaling(struct vcpu *v) +static void cf_check vmx_setup_tsc_scaling(struct vcpu *v) { if ( v->domain->arch.vtsc ) return; @@ -1263,7 +1265,7 @@ static void vmx_setup_tsc_scaling(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) +static void cf_check vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) { vmx_vmcs_enter(v); @@ -1274,7 +1276,7 @@ static void vmx_set_tsc_offset(struct vcpu *v, u64 offset, u64 at_tsc) vmx_vmcs_exit(v); } -static void vmx_set_rdtsc_exiting(struct vcpu *v, bool_t enable) +static void cf_check vmx_set_rdtsc_exiting(struct vcpu *v, bool enable) { vmx_vmcs_enter(v); v->arch.hvm.vmx.exec_control &= ~CPU_BASED_RDTSC_EXITING; @@ -1284,7 +1286,8 @@ static void vmx_set_rdtsc_exiting(struct vcpu *v, bool_t enable) vmx_vmcs_exit(v); } -static void vmx_set_descriptor_access_exiting(struct vcpu *v, bool enable) +static void cf_check vmx_set_descriptor_access_exiting( + struct vcpu *v, bool enable) { if ( enable ) v->arch.hvm.vmx.secondary_exec_control |= @@ -1298,7 +1301,7 @@ static void vmx_set_descriptor_access_exiting(struct vcpu *v, bool enable) vmx_vmcs_exit(v); } -static void vmx_init_hypercall_page(void *p) +static void cf_check vmx_init_hypercall_page(void *p) { unsigned int i; @@ -1321,7 +1324,7 @@ static void vmx_init_hypercall_page(void *p) } } -static unsigned int vmx_get_interrupt_shadow(struct vcpu *v) +static unsigned int cf_check vmx_get_interrupt_shadow(struct vcpu *v) { unsigned long intr_shadow; @@ -1330,7 +1333,8 @@ static unsigned int vmx_get_interrupt_shadow(struct vcpu *v) return intr_shadow; } -static void vmx_set_interrupt_shadow(struct vcpu *v, unsigned int intr_shadow) +static void cf_check vmx_set_interrupt_shadow( + struct vcpu *v, unsigned int intr_shadow) { __vmwrite(GUEST_INTERRUPTIBILITY_INFO, intr_shadow); } @@ -1381,7 +1385,7 @@ static void vmx_load_pdptrs(struct vcpu *v) return; } -static void vmx_update_host_cr3(struct vcpu *v) +static void cf_check vmx_update_host_cr3(struct vcpu *v) { vmx_vmcs_enter(v); __vmwrite(HOST_CR3, v->arch.cr3); @@ -1400,8 +1404,8 @@ void vmx_update_debug_state(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, - unsigned int flags) +static void cf_check vmx_update_guest_cr( + struct vcpu *v, unsigned int cr, unsigned int flags) { vmx_vmcs_enter(v); @@ -1603,7 +1607,7 @@ static void vmx_update_guest_cr(struct vcpu *v, unsigned int cr, vmx_vmcs_exit(v); } -static void vmx_update_guest_efer(struct vcpu *v) +static void cf_check vmx_update_guest_efer(struct vcpu *v) { unsigned long entry_ctls, guest_efer = v->arch.hvm.guest_efer, xen_efer = read_efer(); @@ -1705,7 +1709,8 @@ void nvmx_enqueue_n2_exceptions(struct vcpu *v, nvmx->intr.intr_info, nvmx->intr.error_code); } -static int nvmx_vmexit_event(struct vcpu *v, const struct x86_event *event) +static int cf_check nvmx_vmexit_event( + struct vcpu *v, const struct x86_event *event) { nvmx_enqueue_n2_exceptions(v, event->vector, event->error_code, hvm_intsrc_none); @@ -1791,7 +1796,7 @@ void vmx_inject_nmi(void) * - #DB is X86_EVENTTYPE_HW_EXCEPTION, except when generated by * opcode 0xf1 (which is X86_EVENTTYPE_PRI_SW_EXCEPTION) */ -static void vmx_inject_event(const struct x86_event *event) +static void cf_check vmx_inject_event(const struct x86_event *event) { unsigned long intr_info; struct vcpu *curr = current; @@ -1872,7 +1877,7 @@ static void vmx_inject_event(const struct x86_event *event) HVMTRACE_2D(INJ_EXC, _event.vector, _event.error_code); } -static bool vmx_event_pending(const struct vcpu *v) +static bool cf_check vmx_event_pending(const struct vcpu *v) { unsigned long intr_info; @@ -1882,7 +1887,7 @@ static bool vmx_event_pending(const struct vcpu *v) return intr_info & INTR_INFO_VALID_MASK; } -static void vmx_set_info_guest(struct vcpu *v) +static void cf_check vmx_set_info_guest(struct vcpu *v) { unsigned long intr_shadow; @@ -1910,7 +1915,8 @@ static void vmx_set_info_guest(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_update_eoi_exit_bitmap(struct vcpu *v, uint8_t vector, bool set) +static void cf_check vmx_update_eoi_exit_bitmap( + struct vcpu *v, uint8_t vector, bool set) { if ( set ) vmx_set_eoi_exit_bitmap(v, vector); @@ -1938,7 +1944,7 @@ static u8 set_svi(int isr) return old; } -static void vmx_process_isr(int isr, struct vcpu *v) +static void cf_check vmx_process_isr(int isr, struct vcpu *v) { unsigned int i; const struct vlapic *vlapic = vcpu_vlapic(v); @@ -2026,7 +2032,7 @@ static void __vmx_deliver_posted_interrupt(struct vcpu *v) } } -static void vmx_deliver_posted_intr(struct vcpu *v, u8 vector) +static void cf_check vmx_deliver_posted_intr(struct vcpu *v, u8 vector) { struct pi_desc old, new, prev; @@ -2073,7 +2079,7 @@ static void vmx_deliver_posted_intr(struct vcpu *v, u8 vector) __vmx_deliver_posted_interrupt(v); } -static void vmx_sync_pir_to_irr(struct vcpu *v) +static void cf_check vmx_sync_pir_to_irr(struct vcpu *v) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int group, i; @@ -2089,12 +2095,12 @@ static void vmx_sync_pir_to_irr(struct vcpu *v) vlapic_set_vector(i, &vlapic->regs->data[APIC_IRR]); } -static bool vmx_test_pir(const struct vcpu *v, uint8_t vec) +static bool cf_check vmx_test_pir(const struct vcpu *v, uint8_t vec) { return pi_test_pir(vec, &v->arch.hvm.vmx.pi_desc); } -static void vmx_handle_eoi(uint8_t vector, int isr) +static void cf_check vmx_handle_eoi(uint8_t vector, int isr) { uint8_t old_svi = set_svi(isr); static bool warned; @@ -2103,7 +2109,7 @@ static void vmx_handle_eoi(uint8_t vector, int isr) printk(XENLOG_WARNING "EOI for %02x but SVI=%02x\n", vector, old_svi); } -static void vmx_enable_msr_interception(struct domain *d, uint32_t msr) +static void cf_check vmx_enable_msr_interception(struct domain *d, uint32_t msr) { struct vcpu *v; @@ -2111,7 +2117,7 @@ static void vmx_enable_msr_interception(struct domain *d, uint32_t msr) vmx_set_msr_intercept(v, msr, VMX_MSR_W); } -static void vmx_vcpu_update_eptp(struct vcpu *v) +static void cf_check vmx_vcpu_update_eptp(struct vcpu *v) { struct domain *d = v->domain; struct p2m_domain *p2m = NULL; @@ -2136,7 +2142,7 @@ static void vmx_vcpu_update_eptp(struct vcpu *v) vmx_vmcs_exit(v); } -static void vmx_vcpu_update_vmfunc_ve(struct vcpu *v) +static void cf_check vmx_vcpu_update_vmfunc_ve(struct vcpu *v) { struct domain *d = v->domain; u32 mask = SECONDARY_EXEC_ENABLE_VM_FUNCTIONS; @@ -2180,7 +2186,7 @@ static void vmx_vcpu_update_vmfunc_ve(struct vcpu *v) vmx_vmcs_exit(v); } -static int vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) +static int cf_check vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) { int rc = X86EMUL_EXCEPTION; struct vcpu *curr = current; @@ -2193,7 +2199,7 @@ static int vmx_vcpu_emulate_vmfunc(const struct cpu_user_regs *regs) return rc; } -static bool_t vmx_vcpu_emulate_ve(struct vcpu *v) +static bool cf_check vmx_vcpu_emulate_ve(struct vcpu *v) { const struct page_info *pg = vcpu_altp2m(v).veinfo_pg; ve_info_t *veinfo; @@ -2230,7 +2236,8 @@ static bool_t vmx_vcpu_emulate_ve(struct vcpu *v) return rc; } -static bool vmx_get_pending_event(struct vcpu *v, struct x86_event *info) +static bool cf_check vmx_get_pending_event( + struct vcpu *v, struct x86_event *info) { unsigned long intr_info, error_code; @@ -2267,7 +2274,8 @@ static bool vmx_get_pending_event(struct vcpu *v, struct x86_event *info) (RTIT_STATUS_FILTER_EN | RTIT_STATUS_CONTEXT_EN | RTIT_STATUS_TRIGGER_EN | \ RTIT_STATUS_ERROR | RTIT_STATUS_STOPPED) -static int vmtrace_get_option(struct vcpu *v, uint64_t key, uint64_t *output) +static int cf_check vmtrace_get_option( + struct vcpu *v, uint64_t key, uint64_t *output) { const struct vcpu_msrs *msrs = v->arch.msrs; @@ -2288,7 +2296,8 @@ static int vmtrace_get_option(struct vcpu *v, uint64_t key, uint64_t *output) return 0; } -static int vmtrace_set_option(struct vcpu *v, uint64_t key, uint64_t value) +static int cf_check vmtrace_set_option( + struct vcpu *v, uint64_t key, uint64_t value) { struct vcpu_msrs *msrs = v->arch.msrs; bool new_en, old_en = msrs->rtit.ctl & RTIT_CTL_TRACE_EN; @@ -2342,7 +2351,7 @@ static int vmtrace_set_option(struct vcpu *v, uint64_t key, uint64_t value) return 0; } -static int vmtrace_control(struct vcpu *v, bool enable, bool reset) +static int cf_check vmtrace_control(struct vcpu *v, bool enable, bool reset) { struct vcpu_msrs *msrs = v->arch.msrs; uint64_t new_ctl; @@ -2374,13 +2383,13 @@ static int vmtrace_control(struct vcpu *v, bool enable, bool reset) return 0; } -static int vmtrace_output_position(struct vcpu *v, uint64_t *pos) +static int cf_check vmtrace_output_position(struct vcpu *v, uint64_t *pos) { *pos = v->arch.msrs->rtit.output_offset; return v->arch.hvm.vmx.ipt_active; } -static int vmtrace_reset(struct vcpu *v) +static int cf_check vmtrace_reset(struct vcpu *v) { if ( !v->arch.hvm.vmx.ipt_active ) return -EINVAL; @@ -2390,7 +2399,7 @@ static int vmtrace_reset(struct vcpu *v) return 0; } -static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) +static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) { struct domain *d = v->domain; uint64_t val = 0; @@ -2429,7 +2438,7 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) return val; } -static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) +static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { struct domain *d = v->domain; int rc; @@ -2823,7 +2832,7 @@ void update_guest_eip(void) hvm_inject_hw_exception(TRAP_debug, X86_EVENT_NO_EC); } -static void vmx_fpu_dirty_intercept(void) +static void cf_check vmx_fpu_dirty_intercept(void) { struct vcpu *curr = current; @@ -2858,7 +2867,7 @@ static void vmx_invlpg_intercept(unsigned long linear) paging_invlpg(current, linear); } -static void vmx_invlpg(struct vcpu *v, unsigned long linear) +static void cf_check vmx_invlpg(struct vcpu *v, unsigned long linear) { if ( cpu_has_vmx_vpid ) vpid_sync_vcpu_gva(v, linear); @@ -3184,7 +3193,8 @@ static int is_last_branch_msr(u32 ecx) return 0; } -static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) +static int cf_check vmx_msr_read_intercept( + unsigned int msr, uint64_t *msr_content) { struct vcpu *curr = current; uint64_t tmp; @@ -3387,7 +3397,8 @@ void vmx_vlapic_msr_changed(struct vcpu *v) vmx_vmcs_exit(v); } -static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) +static int cf_check vmx_msr_write_intercept( + unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; const struct cpuid_policy *cp = v->domain->arch.cpuid; @@ -3587,7 +3598,7 @@ static void vmx_do_extint(struct cpu_user_regs *regs) do_IRQ(regs); } -static void vmx_wbinvd_intercept(void) +static void cf_check vmx_wbinvd_intercept(void) { if ( !cache_flush_permitted(current->domain) || iommu_snoop ) return; diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index 7419ee9dd0..5f54451475 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -62,7 +62,7 @@ void nvmx_cpu_dead(unsigned int cpu) XFREE(per_cpu(vvmcs_buf, cpu)); } -int nvmx_vcpu_initialise(struct vcpu *v) +int cf_check nvmx_vcpu_initialise(struct vcpu *v) { struct domain *d = v->domain; struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -150,7 +150,7 @@ int nvmx_vcpu_initialise(struct vcpu *v) return 0; } -void nvmx_vcpu_destroy(struct vcpu *v) +void cf_check nvmx_vcpu_destroy(struct vcpu *v) { struct nestedvmx *nvmx = &vcpu_2_nvmx(v); struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); @@ -199,7 +199,7 @@ static void vcpu_relinquish_resources(struct vcpu *v) FREE_XENHEAP_PAGE(nvmx->msr_merged); } -void nvmx_domain_relinquish_resources(struct domain *d) +void cf_check nvmx_domain_relinquish_resources(struct domain *d) { struct vcpu *v; @@ -210,17 +210,17 @@ void nvmx_domain_relinquish_resources(struct domain *d) } } -int nvmx_vcpu_reset(struct vcpu *v) +int cf_check nvmx_vcpu_reset(struct vcpu *v) { return 0; } -uint64_t nvmx_vcpu_eptp_base(struct vcpu *v) +uint64_t cf_check nvmx_vcpu_eptp_base(struct vcpu *v) { return get_vvmcs(v, EPT_POINTER) & PAGE_MASK; } -bool_t nvmx_ept_enabled(struct vcpu *v) +bool cf_check nvmx_ept_enabled(struct vcpu *v) { struct nestedvmx *nvmx = &vcpu_2_nvmx(v); @@ -514,7 +514,7 @@ static void vmfail(struct cpu_user_regs *regs, enum vmx_insn_errno errno) vmfail_invalid(regs); } -bool_t nvmx_intercepts_exception( +bool cf_check nvmx_intercepts_exception( struct vcpu *v, unsigned int vector, int error_code) { u32 exception_bitmap, pfec_match=0, pfec_mask=0; @@ -2346,7 +2346,7 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content) * walk is successful, the translated value is returned in * L1_gpa. The result value tells what to do next. */ -int nvmx_hap_walk_L1_p2m( +int cf_check nvmx_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec) { diff --git a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h index c3ef235414..656d7d1a9a 100644 --- a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h +++ b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h @@ -107,22 +107,22 @@ nestedsvm_check_intercepts(struct vcpu *v, struct cpu_user_regs *regs, void svm_nested_features_on_efer_update(struct vcpu *v); /* Interface methods */ -void nsvm_vcpu_destroy(struct vcpu *v); -int nsvm_vcpu_initialise(struct vcpu *v); -int nsvm_vcpu_reset(struct vcpu *v); +void cf_check nsvm_vcpu_destroy(struct vcpu *v); +int cf_check nsvm_vcpu_initialise(struct vcpu *v); +int cf_check nsvm_vcpu_reset(struct vcpu *v); int nsvm_vcpu_vmrun(struct vcpu *v, struct cpu_user_regs *regs); -int nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *event); -uint64_t nsvm_vcpu_hostcr3(struct vcpu *v); -bool_t nsvm_vmcb_guest_intercepts_event( +int cf_check nsvm_vcpu_vmexit_event(struct vcpu *v, const struct x86_event *event); +uint64_t cf_check nsvm_vcpu_hostcr3(struct vcpu *v); +bool cf_check nsvm_vmcb_guest_intercepts_event( struct vcpu *v, unsigned int vector, int errcode); -bool_t nsvm_vmcb_hap_enabled(struct vcpu *v); -enum hvm_intblk nsvm_intr_blocked(struct vcpu *v); +bool cf_check nsvm_vmcb_hap_enabled(struct vcpu *v); +enum hvm_intblk cf_check nsvm_intr_blocked(struct vcpu *v); /* Interrupts, vGIF */ void svm_vmexit_do_clgi(struct cpu_user_regs *regs, struct vcpu *v); void svm_vmexit_do_stgi(struct cpu_user_regs *regs, struct vcpu *v); bool_t nestedsvm_gif_isset(struct vcpu *v); -int nsvm_hap_walk_L1_p2m( +int cf_check nsvm_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec); diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/asm/hvm/svm/svm.h index 09c32044ec..65e35a4f59 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -50,7 +50,6 @@ struct vcpu; unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); -void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); /* * PV context switch helpers. Prefetching the VMCB area itself has been shown diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 03c9ccf627..9119aa8536 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -22,10 +22,10 @@ extern void vmcs_dump_vcpu(struct vcpu *v); extern int vmx_vmcs_init(void); -extern int vmx_cpu_up_prepare(unsigned int cpu); -extern void vmx_cpu_dead(unsigned int cpu); -extern int vmx_cpu_up(void); -extern void vmx_cpu_down(void); +int cf_check vmx_cpu_up_prepare(unsigned int cpu); +void cf_check vmx_cpu_dead(unsigned int cpu); +int cf_check vmx_cpu_up(void); +void cf_check vmx_cpu_down(void); struct vmcs_struct { u32 vmcs_revision_id; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 97e7652aa1..5284fe931f 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -588,7 +588,7 @@ static inline int __vmxon(u64 addr) return rc; } -int vmx_guest_x86_mode(struct vcpu *v); +int cf_check vmx_guest_x86_mode(struct vcpu *v); unsigned int vmx_get_cpl(void); void vmx_inject_extint(int trap, uint8_t source); diff --git a/xen/arch/x86/include/asm/hvm/vmx/vvmx.h b/xen/arch/x86/include/asm/hvm/vmx/vvmx.h index e4ca3bc6ee..2c3adb5dd6 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vvmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vvmx.h @@ -84,23 +84,23 @@ union vmx_inst_info { u32 word; }; -int nvmx_vcpu_initialise(struct vcpu *v); -void nvmx_vcpu_destroy(struct vcpu *v); -int nvmx_vcpu_reset(struct vcpu *v); -uint64_t nvmx_vcpu_eptp_base(struct vcpu *v); -enum hvm_intblk nvmx_intr_blocked(struct vcpu *v); -bool_t nvmx_intercepts_exception( +int cf_check nvmx_vcpu_initialise(struct vcpu *v); +void cf_check nvmx_vcpu_destroy(struct vcpu *v); +int cf_check nvmx_vcpu_reset(struct vcpu *v); +uint64_t cf_check nvmx_vcpu_eptp_base(struct vcpu *v); +enum hvm_intblk cf_check nvmx_intr_blocked(struct vcpu *v); +bool cf_check nvmx_intercepts_exception( struct vcpu *v, unsigned int vector, int error_code); -void nvmx_domain_relinquish_resources(struct domain *d); +void cf_check nvmx_domain_relinquish_resources(struct domain *d); -bool_t nvmx_ept_enabled(struct vcpu *v); +bool cf_check nvmx_ept_enabled(struct vcpu *v); #define EPT_TRANSLATE_SUCCEED 0 #define EPT_TRANSLATE_VIOLATION 1 #define EPT_TRANSLATE_MISCONFIG 2 #define EPT_TRANSLATE_RETRY 3 -int nvmx_hap_walk_L1_p2m( +int cf_check nvmx_hap_walk_L1_p2m( struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order, uint8_t *p2m_acc, struct npfec npfec); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278000.474952 (Exim 4.92) (envelope-from ) id 1nN9oM-0004UT-5U; Thu, 24 Feb 2022 08:49:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278000.474952; Thu, 24 Feb 2022 08:49:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oM-0004UH-1i; Thu, 24 Feb 2022 08:49:18 +0000 Received: by outflank-mailman (input) for mailman id 278000; Thu, 24 Feb 2022 08:49:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oK-0004Tu-AN for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oK-00013R-9h for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oK-0005Za-8m for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P9+CkOmXIiFuRplziRkTNsZnEY6sQPK8vdywdYGvv6g=; b=GCLs8xgjlJszHBtpdbER+brSzn ikRY84vdgJLBG0WM4oIvk7tKXHJ+ALmQqpYyMToc5jSeXQNH9XGZfdIjbWNbs8e/W95ekszUw+3zK 89HAY+Er0cy95aAo3lAMPe2uT8thbEX3OdxuR8sOYz1JM1l2kCNT2EAVzaAiDcmH+c8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: CFI hardening for device emulation Message-Id: Date: Thu, 24 Feb 2022 08:49:16 +0000 commit ed907a02148f372c7ae918234d1d6c08c1b8ac4a Author: Andrew Cooper AuthorDate: Fri Oct 29 18:40:17 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: CFI hardening for device emulation Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/emul-i8254.c | 8 +++---- xen/arch/x86/hvm/emulate.c | 21 ++++++++--------- xen/arch/x86/hvm/hpet.c | 6 ++--- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/intercept.c | 28 +++++++++++++---------- xen/arch/x86/hvm/io.c | 38 +++++++++++++++++-------------- xen/arch/x86/hvm/ioreq.c | 2 +- xen/arch/x86/hvm/pmtimer.c | 4 ++-- xen/arch/x86/hvm/rtc.c | 6 ++--- xen/arch/x86/hvm/stdvga.c | 19 ++++++++-------- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/hvm/vioapic.c | 8 +++---- xen/arch/x86/hvm/vlapic.c | 11 +++++---- xen/arch/x86/hvm/vmsi.c | 14 +++++++----- xen/arch/x86/hvm/vpic.c | 4 ++-- xen/arch/x86/include/asm/hvm/vioapic.h | 2 +- xen/drivers/passthrough/amd/iommu_guest.c | 10 ++++---- 17 files changed, 98 insertions(+), 89 deletions(-) diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 050c784702..0e09a17318 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -48,9 +48,9 @@ #define RW_STATE_WORD0 3 #define RW_STATE_WORD1 4 -static int handle_pit_io( +static int cf_check handle_pit_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val); -static int handle_speaker_io( +static int cf_check handle_speaker_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val); #define get_guest_time(v) \ @@ -505,7 +505,7 @@ void pit_deinit(struct domain *d) } /* the intercept action for PIT DM retval:0--not handled; 1--handled */ -static int handle_pit_io( +static int cf_check handle_pit_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct PITState *vpit = vcpu_vpit(current); @@ -548,7 +548,7 @@ static uint32_t speaker_ioport_read( (pit_get_out(pit, 2) << 5) | (refresh_clock << 4)); } -static int handle_speaker_io( +static int cf_check handle_speaker_io( int dir, unsigned int port, uint32_t bytes, uint32_t *val) { struct PITState *vpit = vcpu_vpit(current); diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 2b3fb4d6ba..39dac7fd9d 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -71,19 +71,17 @@ static void hvmtrace_io_assist(const ioreq_t *p) trace_var(event, 0/*!cycles*/, size, buffer); } -static int null_read(const struct hvm_io_handler *io_handler, - uint64_t addr, - uint32_t size, - uint64_t *data) +static int cf_check null_read( + const struct hvm_io_handler *io_handler, uint64_t addr, uint32_t size, + uint64_t *data) { *data = ~0ul; return X86EMUL_OKAY; } -static int null_write(const struct hvm_io_handler *handler, - uint64_t addr, - uint32_t size, - uint64_t data) +static int cf_check null_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { return X86EMUL_OKAY; } @@ -114,10 +112,9 @@ static const struct hvm_io_handler null_handler = { .ops = &null_ops }; -static int ioreq_server_read(const struct hvm_io_handler *io_handler, - uint64_t addr, - uint32_t size, - uint64_t *data) +static int cf_check ioreq_server_read( + const struct hvm_io_handler *io_handler, uint64_t addr, uint32_t size, + uint64_t *data) { if ( hvm_copy_from_guest_phys(data, addr, size) != HVMTRANS_okay ) return X86EMUL_UNHANDLEABLE; diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 8267f0b8a2..7bdb51cfa1 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -162,7 +162,7 @@ static inline int hpet_check_access_length( return 0; } -static int hpet_read( +static int cf_check hpet_read( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long *pval) { @@ -351,7 +351,7 @@ static void timer_sanitize_int_route(HPETState *h, unsigned int tn) HPET_TN_ROUTE); } -static int hpet_write( +static int cf_check hpet_write( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long val) { @@ -569,7 +569,7 @@ static int hpet_write( return X86EMUL_OKAY; } -static int hpet_range(struct vcpu *v, unsigned long addr) +static int cf_check hpet_range(struct vcpu *v, unsigned long addr) { return ( (addr >= HPET_BASE_ADDRESS) && (addr < (HPET_BASE_ADDRESS + HPET_MMAP_SIZE)) ); diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 5ec10f3080..9e49246490 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -543,7 +543,7 @@ void hvm_do_resume(struct vcpu *v) } } -static int hvm_print_line( +static int cf_check hvm_print_line( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct domain *cd = current->domain; diff --git a/xen/arch/x86/hvm/intercept.c b/xen/arch/x86/hvm/intercept.c index 02ca3b05b0..ffa31b7467 100644 --- a/xen/arch/x86/hvm/intercept.c +++ b/xen/arch/x86/hvm/intercept.c @@ -32,8 +32,8 @@ #include #include -static bool_t hvm_mmio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check hvm_mmio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { paddr_t first = ioreq_mmio_first_byte(p), last; @@ -51,16 +51,18 @@ static bool_t hvm_mmio_accept(const struct hvm_io_handler *handler, return 1; } -static int hvm_mmio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check hvm_mmio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { BUG_ON(handler->type != IOREQ_TYPE_COPY); return handler->mmio.ops->read(current, addr, size, data); } -static int hvm_mmio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check hvm_mmio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { BUG_ON(handler->type != IOREQ_TYPE_COPY); @@ -73,8 +75,8 @@ static const struct hvm_io_ops mmio_ops = { .write = hvm_mmio_write }; -static bool_t hvm_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check hvm_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { unsigned int start = handler->portio.port; unsigned int end = start + handler->portio.size; @@ -84,8 +86,9 @@ static bool_t hvm_portio_accept(const struct hvm_io_handler *handler, return (p->addr >= start) && ((p->addr + p->size) <= end); } -static int hvm_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check hvm_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { uint32_t val = ~0u; int rc; @@ -98,8 +101,9 @@ static int hvm_portio_read(const struct hvm_io_handler *handler, return rc; } -static int hvm_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check hvm_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { uint32_t val = data; diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c index 93f1d1503f..f70bfde901 100644 --- a/xen/arch/x86/hvm/io.c +++ b/xen/arch/x86/hvm/io.c @@ -156,8 +156,8 @@ bool handle_pio(uint16_t port, unsigned int size, int dir) return true; } -static bool_t g2m_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check g2m_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { struct vcpu *curr = current; const struct hvm_domain *hvm = &curr->domain->arch.hvm; @@ -179,8 +179,9 @@ static bool_t g2m_portio_accept(const struct hvm_io_handler *handler, return 0; } -static int g2m_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check g2m_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { struct hvm_vcpu_io *hvio = ¤t->arch.hvm.hvm_io; const struct g2m_ioport *g2m_ioport = hvio->g2m_ioport; @@ -204,8 +205,9 @@ static int g2m_portio_read(const struct hvm_io_handler *handler, return X86EMUL_OKAY; } -static int g2m_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check g2m_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct hvm_vcpu_io *hvio = ¤t->arch.hvm.hvm_io; const struct g2m_ioport *g2m_ioport = hvio->g2m_ioport; @@ -261,14 +263,15 @@ unsigned int hvm_pci_decode_addr(unsigned int cf8, unsigned int addr, } /* vPCI config space IO ports handlers (0xcf8/0xcfc). */ -static bool vpci_portio_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check vpci_portio_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { return (p->addr == 0xcf8 && p->size == 4) || (p->addr & ~3) == 0xcfc; } -static int vpci_portio_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *data) +static int cf_check vpci_portio_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *data) { const struct domain *d = current->domain; unsigned int reg; @@ -299,8 +302,9 @@ static int vpci_portio_read(const struct hvm_io_handler *handler, return X86EMUL_OKAY; } -static int vpci_portio_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t data) +static int cf_check vpci_portio_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct domain *d = current->domain; unsigned int reg; @@ -387,7 +391,7 @@ static unsigned int vpci_mmcfg_decode_addr(const struct hvm_mmcfg *mmcfg, return addr & (PCI_CFG_SPACE_EXP_SIZE - 1); } -static int vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) +static int cf_check vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) { struct domain *d = v->domain; bool found; @@ -399,8 +403,8 @@ static int vpci_mmcfg_accept(struct vcpu *v, unsigned long addr) return found; } -static int vpci_mmcfg_read(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long *data) +static int cf_check vpci_mmcfg_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { struct domain *d = v->domain; const struct hvm_mmcfg *mmcfg; @@ -426,8 +430,8 @@ static int vpci_mmcfg_read(struct vcpu *v, unsigned long addr, return X86EMUL_OKAY; } -static int vpci_mmcfg_write(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long data) +static int cf_check vpci_mmcfg_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) { struct domain *d = v->domain; const struct hvm_mmcfg *mmcfg; diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 02ad9db565..8409d910d6 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -319,7 +319,7 @@ bool arch_ioreq_server_get_type_addr(const struct domain *d, return true; } -static int hvm_access_cf8( +static int cf_check hvm_access_cf8( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct domain *d = current->domain; diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 808819d1de..60e3c8de4c 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -152,7 +152,7 @@ static void cf_check pmt_timer_callback(void *opaque) } /* Handle port I/O to the PM1a_STS and PM1a_EN registers */ -static int handle_evt_io( +static int cf_check handle_evt_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct vcpu *v = current; @@ -216,7 +216,7 @@ static int handle_evt_io( /* Handle port I/O to the TMR_VAL register */ -static int handle_pmt_io( +static int cf_check handle_pmt_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct vcpu *v = current; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 09d3501276..bdc647e433 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -696,7 +696,7 @@ static uint32_t rtc_ioport_read(RTCState *s, uint32_t addr) return ret; } -static int handle_rtc_io( +static int cf_check handle_rtc_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct RTCState *vrtc = vcpu_vrtc(current); @@ -809,8 +809,8 @@ void rtc_reset(struct domain *d) } /* RTC mediator for HVM hardware domain. */ -static int hw_rtc_io(int dir, unsigned int port, unsigned int size, - uint32_t *val) +static int cf_check hw_rtc_io( + int dir, unsigned int port, unsigned int size, uint32_t *val) { if ( dir == IOREQ_READ ) *val = ~0; diff --git a/xen/arch/x86/hvm/stdvga.c b/xen/arch/x86/hvm/stdvga.c index ab9781d82a..be8200c8d0 100644 --- a/xen/arch/x86/hvm/stdvga.c +++ b/xen/arch/x86/hvm/stdvga.c @@ -199,7 +199,7 @@ static void stdvga_out(uint32_t port, uint32_t bytes, uint32_t val) } } -static int stdvga_intercept_pio( +static int cf_check stdvga_intercept_pio( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; @@ -302,8 +302,9 @@ static uint8_t stdvga_mem_readb(uint64_t addr) return ret; } -static int stdvga_mem_read(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, uint64_t *p_data) +static int cf_check stdvga_mem_read( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t *p_data) { uint64_t data = ~0ul; @@ -453,9 +454,9 @@ static void stdvga_mem_writeb(uint64_t addr, uint32_t val) } } -static int stdvga_mem_write(const struct hvm_io_handler *handler, - uint64_t addr, uint32_t size, - uint64_t data) +static int cf_check stdvga_mem_write( + const struct hvm_io_handler *handler, uint64_t addr, uint32_t size, + uint64_t data) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; ioreq_t p = { @@ -514,8 +515,8 @@ static int stdvga_mem_write(const struct hvm_io_handler *handler, return ioreq_send(srv, &p, 1); } -static bool_t stdvga_mem_accept(const struct hvm_io_handler *handler, - const ioreq_t *p) +static bool cf_check stdvga_mem_accept( + const struct hvm_io_handler *handler, const ioreq_t *p) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; @@ -558,7 +559,7 @@ static bool_t stdvga_mem_accept(const struct hvm_io_handler *handler, return 0; } -static void stdvga_mem_complete(const struct hvm_io_handler *handler) +static void cf_check stdvga_mem_complete(const struct hvm_io_handler *handler) { struct hvm_hw_stdvga *s = ¤t->domain->arch.hvm.stdvga; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index de6166241b..4c4ebda5e6 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1133,8 +1133,8 @@ static void svm_host_osvw_init(void) spin_unlock(&osvw_lock); } -static int acpi_c1e_quirk(int dir, unsigned int port, unsigned int bytes, - uint32_t *val) +static int cf_check acpi_c1e_quirk( + int dir, unsigned int port, unsigned int bytes, uint32_t *val) { ASSERT(bytes == 1 && port == acpi_smi_cmd); diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index 553c0f76ef..b56549aa22 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -135,7 +135,7 @@ static uint32_t vioapic_read_indirect(const struct hvm_vioapic *vioapic) return result; } -static int vioapic_read( +static int cf_check vioapic_read( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long *pval) { @@ -351,7 +351,7 @@ static void vioapic_write_indirect( } } -static int vioapic_write( +static int cf_check vioapic_write( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long val) { @@ -383,7 +383,7 @@ static int vioapic_write( return X86EMUL_OKAY; } -static int vioapic_range(struct vcpu *v, unsigned long addr) +static int cf_check vioapic_range(struct vcpu *v, unsigned long addr) { return !!addr_vioapic(v->domain, addr); } @@ -568,7 +568,7 @@ int vioapic_get_mask(const struct domain *d, unsigned int gsi) return vioapic->redirtbl[pin].fields.mask; } -int vioapic_get_vector(const struct domain *d, unsigned int gsi) +int cf_check vioapic_get_vector(const struct domain *d, unsigned int gsi) { unsigned int pin = 0; /* See gsi_vioapic */ const struct hvm_vioapic *vioapic = gsi_vioapic(d, gsi, &pin); diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index fe375912be..652e3cb87f 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -615,8 +615,9 @@ static uint32_t vlapic_read_aligned(const struct vlapic *vlapic, return 0; } -static int vlapic_mmio_read(struct vcpu *v, unsigned long address, - unsigned int len, unsigned long *pval) +static int cf_check vlapic_mmio_read( + struct vcpu *v, unsigned long address, unsigned int len, + unsigned long *pval) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int offset = address - vlapic_base_address(vlapic); @@ -898,8 +899,8 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val) } } -static int vlapic_mmio_write(struct vcpu *v, unsigned long address, - unsigned int len, unsigned long val) +static int cf_check vlapic_mmio_write( + struct vcpu *v, unsigned long address, unsigned int len, unsigned long val) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned int offset = address - vlapic_base_address(vlapic); @@ -1052,7 +1053,7 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t msr_content) return X86EMUL_OKAY; } -static int vlapic_range(struct vcpu *v, unsigned long addr) +static int cf_check vlapic_range(struct vcpu *v, unsigned long addr) { struct vlapic *vlapic = vcpu_vlapic(v); unsigned long offset = addr - vlapic_base_address(vlapic); diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c index 2889575a20..d4a8c953e2 100644 --- a/xen/arch/x86/hvm/vmsi.c +++ b/xen/arch/x86/hvm/vmsi.c @@ -211,8 +211,9 @@ static struct msi_desc *msixtbl_addr_to_desc( return NULL; } -static int msixtbl_read(const struct hvm_io_handler *handler, - uint64_t address, uint32_t len, uint64_t *pval) +static int cf_check msixtbl_read( + const struct hvm_io_handler *handler, uint64_t address, uint32_t len, + uint64_t *pval) { unsigned long offset; struct msixtbl_entry *entry; @@ -350,14 +351,15 @@ out: return r; } -static int _msixtbl_write(const struct hvm_io_handler *handler, - uint64_t address, uint32_t len, uint64_t val) +static int cf_check _msixtbl_write( + const struct hvm_io_handler *handler, uint64_t address, uint32_t len, + uint64_t val) { return msixtbl_write(current, address, len, val); } -static bool_t msixtbl_range(const struct hvm_io_handler *handler, - const ioreq_t *r) +static bool cf_check msixtbl_range( + const struct hvm_io_handler *handler, const ioreq_t *r) { struct vcpu *curr = current; unsigned long addr = r->addr; diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 91c2c69833..5d8ef259b7 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -351,7 +351,7 @@ static uint32_t vpic_ioport_read(struct hvm_hw_vpic *vpic, uint32_t addr) return vpic->imr; } -static int vpic_intercept_pic_io( +static int cf_check vpic_intercept_pic_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_vpic *vpic; @@ -373,7 +373,7 @@ static int vpic_intercept_pic_io( return X86EMUL_OKAY; } -static int vpic_intercept_elcr_io( +static int cf_check vpic_intercept_elcr_io( int dir, unsigned int port, unsigned int bytes, uint32_t *val) { struct hvm_hw_vpic *vpic; diff --git a/xen/arch/x86/include/asm/hvm/vioapic.h b/xen/arch/x86/include/asm/hvm/vioapic.h index 36b64d20d6..2944ec20dd 100644 --- a/xen/arch/x86/include/asm/hvm/vioapic.h +++ b/xen/arch/x86/include/asm/hvm/vioapic.h @@ -66,7 +66,7 @@ void vioapic_irq_positive_edge(struct domain *d, unsigned int irq); void vioapic_update_EOI(struct domain *d, u8 vector); int vioapic_get_mask(const struct domain *d, unsigned int gsi); -int vioapic_get_vector(const struct domain *d, unsigned int gsi); +int cf_check vioapic_get_vector(const struct domain *d, unsigned int gsi); int vioapic_get_trigger_mode(const struct domain *d, unsigned int gsi); #endif /* __ASM_X86_HVM_VIOAPIC_H__ */ diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c index 361ff864d8..80a331f546 100644 --- a/xen/drivers/passthrough/amd/iommu_guest.c +++ b/xen/drivers/passthrough/amd/iommu_guest.c @@ -645,8 +645,8 @@ static uint64_t iommu_mmio_read64(struct guest_iommu *iommu, return val; } -static int guest_iommu_mmio_read(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long *pval) +static int cf_check guest_iommu_mmio_read( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *pval) { struct guest_iommu *iommu = vcpu_iommu(v); unsigned long offset; @@ -735,8 +735,8 @@ static void guest_iommu_mmio_write64(struct guest_iommu *iommu, } } -static int guest_iommu_mmio_write(struct vcpu *v, unsigned long addr, - unsigned int len, unsigned long val) +static int cf_check guest_iommu_mmio_write( + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long val) { struct guest_iommu *iommu = vcpu_iommu(v); unsigned long offset; @@ -819,7 +819,7 @@ static void guest_iommu_reg_init(struct guest_iommu *iommu) iommu->reg_ext_feature = ef; } -static int guest_iommu_mmio_range(struct vcpu *v, unsigned long addr) +static int cf_check guest_iommu_mmio_range(struct vcpu *v, unsigned long addr) { struct guest_iommu *iommu = vcpu_iommu(v); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278003.474953 (Exim 4.92) (envelope-from ) id 1nN9oW-0004Xo-7G; Thu, 24 Feb 2022 08:49:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278003.474953; Thu, 24 Feb 2022 08:49:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oW-0004Xh-3O; Thu, 24 Feb 2022 08:49:28 +0000 Received: by outflank-mailman (input) for mailman id 278003; Thu, 24 Feb 2022 08:49:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oU-0004XS-F6 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oU-00013t-EO for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oU-0005aL-Db for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yUOupa5+n4s0iNkGOrfxHPa6GO4P90pKHMULot3V7Dk=; b=krO3xdU944VlnPPZebcki3JhJr RJs45/javhuIWMN4CM8IRJabSJ15+0dfAUBh+bNrk5///jQKf2zbc+XuqmD8vi4GCbqUd/DITJMRd Ea+lpT9P3R0drogDqIdH76lO/dWtyf1zSYN/WOKujHwhe/69QZOqKTMVcdddftsh2mxA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/emul: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:49:26 +0000 commit d5905b4ddea8f4e023be7c2ed89747b82a3766cd Author: Andrew Cooper AuthorDate: Fri Oct 29 17:28:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/emul: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. pv_emul_is_mem_write() is only used in a single file. Move it out of its header file, so it doesn't risk being duplicated in multiple translation units. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/emulate.c | 72 +++++++++++++++++----------------- xen/arch/x86/hvm/hvm.c | 8 ++-- xen/arch/x86/hvm/svm/svm.c | 4 +- xen/arch/x86/include/asm/hvm/emulate.h | 8 ++-- xen/arch/x86/include/asm/mm.h | 16 +++----- xen/arch/x86/mm.c | 4 +- xen/arch/x86/mm/shadow/hvm.c | 8 ++-- xen/arch/x86/pv/emul-gate-op.c | 9 +++-- xen/arch/x86/pv/emul-priv-op.c | 64 +++++++++++++++--------------- xen/arch/x86/pv/emulate.h | 7 ---- xen/arch/x86/pv/ro-page-fault.c | 31 +++++++++------ xen/arch/x86/x86_emulate.c | 21 +++++----- xen/arch/x86/x86_emulate/x86_emulate.c | 10 ++--- xen/arch/x86/x86_emulate/x86_emulate.h | 33 ++++++++-------- 14 files changed, 148 insertions(+), 147 deletions(-) diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index 39dac7fd9d..e8d510e0be 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -1272,7 +1272,7 @@ static int __hvmemul_read( return linear_read(addr, bytes, p_data, pfec, hvmemul_ctxt); } -static int hvmemul_read( +static int cf_check hvmemul_read( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1290,7 +1290,7 @@ static int hvmemul_read( container_of(ctxt, struct hvm_emulate_ctxt, ctxt)); } -int hvmemul_insn_fetch( +int cf_check hvmemul_insn_fetch( unsigned long offset, void *p_data, unsigned int bytes, @@ -1336,7 +1336,7 @@ int hvmemul_insn_fetch( return X86EMUL_OKAY; } -static int hvmemul_write( +static int cf_check hvmemul_write( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1384,7 +1384,7 @@ static int hvmemul_write( return X86EMUL_OKAY; } -static int hvmemul_rmw( +static int cf_check hvmemul_rmw( enum x86_segment seg, unsigned long offset, unsigned int bytes, @@ -1437,7 +1437,7 @@ static int hvmemul_rmw( return rc; } -static int hvmemul_blk( +static int cf_check hvmemul_blk( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1478,7 +1478,7 @@ static int hvmemul_blk( return rc; } -static int hvmemul_write_discard( +static int cf_check hvmemul_write_discard( enum x86_segment seg, unsigned long offset, void *p_data, @@ -1489,7 +1489,7 @@ static int hvmemul_write_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_ins_discard( +static int cf_check hvmemul_rep_ins_discard( uint16_t src_port, enum x86_segment dst_seg, unsigned long dst_offset, @@ -1500,7 +1500,7 @@ static int hvmemul_rep_ins_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_movs_discard( +static int cf_check hvmemul_rep_movs_discard( enum x86_segment src_seg, unsigned long src_offset, enum x86_segment dst_seg, @@ -1512,7 +1512,7 @@ static int hvmemul_rep_movs_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_stos_discard( +static int cf_check hvmemul_rep_stos_discard( void *p_data, enum x86_segment seg, unsigned long offset, @@ -1523,7 +1523,7 @@ static int hvmemul_rep_stos_discard( return X86EMUL_OKAY; } -static int hvmemul_rep_outs_discard( +static int cf_check hvmemul_rep_outs_discard( enum x86_segment src_seg, unsigned long src_offset, uint16_t dst_port, @@ -1534,7 +1534,7 @@ static int hvmemul_rep_outs_discard( return X86EMUL_OKAY; } -static int hvmemul_cmpxchg_discard( +static int cf_check hvmemul_cmpxchg_discard( enum x86_segment seg, unsigned long offset, void *p_old, @@ -1546,7 +1546,7 @@ static int hvmemul_cmpxchg_discard( return X86EMUL_OKAY; } -static int hvmemul_read_io_discard( +static int cf_check hvmemul_read_io_discard( unsigned int port, unsigned int bytes, unsigned long *val, @@ -1555,7 +1555,7 @@ static int hvmemul_read_io_discard( return X86EMUL_OKAY; } -static int hvmemul_write_io_discard( +static int cf_check hvmemul_write_io_discard( unsigned int port, unsigned int bytes, unsigned long val, @@ -1564,7 +1564,7 @@ static int hvmemul_write_io_discard( return X86EMUL_OKAY; } -static int hvmemul_write_msr_discard( +static int cf_check hvmemul_write_msr_discard( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -1572,7 +1572,7 @@ static int hvmemul_write_msr_discard( return X86EMUL_OKAY; } -static int hvmemul_cache_op_discard( +static int cf_check hvmemul_cache_op_discard( enum x86emul_cache_op op, enum x86_segment seg, unsigned long offset, @@ -1581,7 +1581,7 @@ static int hvmemul_cache_op_discard( return X86EMUL_OKAY; } -static int hvmemul_cmpxchg( +static int cf_check hvmemul_cmpxchg( enum x86_segment seg, unsigned long offset, void *p_old, @@ -1675,7 +1675,7 @@ static int hvmemul_cmpxchg( return rc; } -static int hvmemul_validate( +static int cf_check hvmemul_validate( const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) { @@ -1688,7 +1688,7 @@ static int hvmemul_validate( ? X86EMUL_OKAY : X86EMUL_UNHANDLEABLE; } -static int hvmemul_rep_ins( +static int cf_check hvmemul_rep_ins( uint16_t src_port, enum x86_segment dst_seg, unsigned long dst_offset, @@ -1766,7 +1766,7 @@ static int hvmemul_rep_outs_set_context( return rc; } -static int hvmemul_rep_outs( +static int cf_check hvmemul_rep_outs( enum x86_segment src_seg, unsigned long src_offset, uint16_t dst_port, @@ -1807,7 +1807,7 @@ static int hvmemul_rep_outs( !!(ctxt->regs->eflags & X86_EFLAGS_DF), gpa); } -static int hvmemul_rep_movs( +static int cf_check hvmemul_rep_movs( enum x86_segment src_seg, unsigned long src_offset, enum x86_segment dst_seg, @@ -1977,7 +1977,7 @@ static int hvmemul_rep_movs( return X86EMUL_UNHANDLEABLE; } -static int hvmemul_rep_stos( +static int cf_check hvmemul_rep_stos( void *p_data, enum x86_segment seg, unsigned long offset, @@ -2105,7 +2105,7 @@ static int hvmemul_rep_stos( } } -static int hvmemul_read_segment( +static int cf_check hvmemul_read_segment( enum x86_segment seg, struct segment_register *reg, struct x86_emulate_ctxt *ctxt) @@ -2122,7 +2122,7 @@ static int hvmemul_read_segment( return X86EMUL_OKAY; } -static int hvmemul_write_segment( +static int cf_check hvmemul_write_segment( enum x86_segment seg, const struct segment_register *reg, struct x86_emulate_ctxt *ctxt) @@ -2141,7 +2141,7 @@ static int hvmemul_write_segment( return X86EMUL_OKAY; } -static int hvmemul_read_io( +static int cf_check hvmemul_read_io( unsigned int port, unsigned int bytes, unsigned long *val, @@ -2158,7 +2158,7 @@ static int hvmemul_read_io( return hvmemul_do_pio_buffer(port, bytes, IOREQ_READ, val); } -static int hvmemul_write_io( +static int cf_check hvmemul_write_io( unsigned int port, unsigned int bytes, unsigned long val, @@ -2167,7 +2167,7 @@ static int hvmemul_write_io( return hvmemul_do_pio_buffer(port, bytes, IOREQ_WRITE, &val); } -static int hvmemul_read_cr( +static int cf_check hvmemul_read_cr( unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) @@ -2188,7 +2188,7 @@ static int hvmemul_read_cr( return X86EMUL_UNHANDLEABLE; } -static int hvmemul_write_cr( +static int cf_check hvmemul_write_cr( unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) @@ -2232,7 +2232,7 @@ static int hvmemul_write_cr( return rc; } -static int hvmemul_read_xcr( +static int cf_check hvmemul_read_xcr( unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) @@ -2245,7 +2245,7 @@ static int hvmemul_read_xcr( return rc; } -static int hvmemul_write_xcr( +static int cf_check hvmemul_write_xcr( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -2255,7 +2255,7 @@ static int hvmemul_write_xcr( return x86emul_write_xcr(reg, val, ctxt); } -static int hvmemul_read_msr( +static int cf_check hvmemul_read_msr( unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) @@ -2268,7 +2268,7 @@ static int hvmemul_read_msr( return rc; } -static int hvmemul_write_msr( +static int cf_check hvmemul_write_msr( unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) @@ -2281,7 +2281,7 @@ static int hvmemul_write_msr( return rc; } -static int hvmemul_cache_op( +static int cf_check hvmemul_cache_op( enum x86emul_cache_op op, enum x86_segment seg, unsigned long offset, @@ -2353,7 +2353,7 @@ static int hvmemul_cache_op( return X86EMUL_OKAY; } -static int hvmemul_get_fpu( +static int cf_check hvmemul_get_fpu( enum x86_emulate_fpu_type type, struct x86_emulate_ctxt *ctxt) { @@ -2395,7 +2395,7 @@ static int hvmemul_get_fpu( return X86EMUL_OKAY; } -static void hvmemul_put_fpu( +static void cf_check hvmemul_put_fpu( struct x86_emulate_ctxt *ctxt, enum x86_emulate_fpu_type backout, const struct x86_emul_fpu_aux *aux) @@ -2482,7 +2482,7 @@ static void hvmemul_put_fpu( } } -static int hvmemul_tlb_op( +static int cf_check hvmemul_tlb_op( enum x86emul_tlb_op op, unsigned long addr, unsigned long aux, @@ -2539,7 +2539,7 @@ static int hvmemul_tlb_op( return rc; } -static int hvmemul_vmfunc( +static int cf_check hvmemul_vmfunc( struct x86_emulate_ctxt *ctxt) { int rc; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 9e49246490..e87e809a94 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3755,8 +3755,8 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) } } -static bool is_sysdesc_access(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_sysdesc_access( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { unsigned int ext; int mode = x86_insn_modrm(state, NULL, &ext); @@ -3796,8 +3796,8 @@ int hvm_descriptor_access_intercept(uint64_t exit_info, return X86EMUL_OKAY; } -static bool is_cross_vendor(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_cross_vendor( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { switch ( ctxt->opcode ) { diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 4c4ebda5e6..dedb2848e6 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2447,8 +2447,8 @@ static void svm_invlpg_intercept(unsigned long linear) paging_invlpg(current, linear); } -static bool is_invlpg(const struct x86_emulate_state *state, - const struct x86_emulate_ctxt *ctxt) +static bool cf_check is_invlpg( + const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { unsigned int ext; diff --git a/xen/arch/x86/include/asm/hvm/emulate.h b/xen/arch/x86/include/asm/hvm/emulate.h index e670040603..d8ba2df4e4 100644 --- a/xen/arch/x86/include/asm/hvm/emulate.h +++ b/xen/arch/x86/include/asm/hvm/emulate.h @@ -92,10 +92,10 @@ static inline bool handle_mmio(void) return hvm_emulate_one_insn(x86_insn_is_mem_access, "MMIO"); } -int hvmemul_insn_fetch(unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); +int cf_check hvmemul_insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt); + int hvmemul_do_pio_buffer(uint16_t port, unsigned int size, uint8_t dir, diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index bdde24d2ce..f2f7b6902c 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -538,16 +538,12 @@ struct mmio_ro_emulate_ctxt { unsigned int seg, bdf; }; -extern int mmio_ro_emulated_write(enum x86_segment seg, - unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); -extern int mmcfg_intercept_write(enum x86_segment seg, - unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt); +int cf_check mmio_ro_emulated_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt); +int cf_check mmcfg_intercept_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt); int audit_adjust_pgtables(struct domain *d, int dir, int noisy); diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 0665095d23..2befd0c191 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -4852,7 +4852,7 @@ long arch_memory_op(unsigned long cmd, XEN_GUEST_HANDLE_PARAM(void) arg) return 0; } -int mmio_ro_emulated_write( +int cf_check mmio_ro_emulated_write( enum x86_segment seg, unsigned long offset, void *p_data, @@ -4873,7 +4873,7 @@ int mmio_ro_emulated_write( return X86EMUL_OKAY; } -int mmcfg_intercept_write( +int cf_check mmcfg_intercept_write( enum x86_segment seg, unsigned long offset, void *p_data, diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index f2991bc176..c90d326bec 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -148,7 +148,7 @@ hvm_read(enum x86_segment seg, return X86EMUL_UNHANDLEABLE; } -static int +static int cf_check hvm_emulate_read(enum x86_segment seg, unsigned long offset, void *p_data, @@ -161,7 +161,7 @@ hvm_emulate_read(enum x86_segment seg, container_of(ctxt, struct sh_emulate_ctxt, ctxt)); } -static int +static int cf_check hvm_emulate_insn_fetch(unsigned long offset, void *p_data, unsigned int bytes, @@ -181,7 +181,7 @@ hvm_emulate_insn_fetch(unsigned long offset, return X86EMUL_OKAY; } -static int +static int cf_check hvm_emulate_write(enum x86_segment seg, unsigned long offset, void *p_data, @@ -234,7 +234,7 @@ hvm_emulate_write(enum x86_segment seg, return X86EMUL_OKAY; } -static int +static int cf_check hvm_emulate_cmpxchg(enum x86_segment seg, unsigned long offset, void *p_old, diff --git a/xen/arch/x86/pv/emul-gate-op.c b/xen/arch/x86/pv/emul-gate-op.c index 68ec4d11f6..758a20ad9d 100644 --- a/xen/arch/x86/pv/emul-gate-op.c +++ b/xen/arch/x86/pv/emul-gate-op.c @@ -96,8 +96,9 @@ struct gate_op_ctxt { bool insn_fetch; }; -static int read_mem(enum x86_segment seg, unsigned long offset, void *p_data, - unsigned int bytes, struct x86_emulate_ctxt *ctxt) +static int cf_check read_mem( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { const struct gate_op_ctxt *goc = container_of(ctxt, struct gate_op_ctxt, ctxt); @@ -163,8 +164,8 @@ static int read_mem(enum x86_segment seg, unsigned long offset, void *p_data, return X86EMUL_OKAY; } -static int fetch(unsigned long offset, void *p_data, - unsigned int bytes, struct x86_emulate_ctxt *ctxt) +static int cf_check fetch(unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { return read_mem(x86_seg_cs, offset, p_data, bytes, ctxt); } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index c78be6d92b..c46c072f93 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -358,8 +358,9 @@ static unsigned int check_guest_io_breakpoint(struct vcpu *v, return match; } -static int read_io(unsigned int port, unsigned int bytes, - unsigned long *val, struct x86_emulate_ctxt *ctxt) +static int cf_check read_io( + unsigned int port, unsigned int bytes, unsigned long *val, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -462,8 +463,9 @@ static void guest_io_write(unsigned int port, unsigned int bytes, } } -static int write_io(unsigned int port, unsigned int bytes, - unsigned long val, struct x86_emulate_ctxt *ctxt) +static int cf_check write_io( + unsigned int port, unsigned int bytes, unsigned long val, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -493,9 +495,9 @@ static int write_io(unsigned int port, unsigned int bytes, return X86EMUL_OKAY; } -static int read_segment(enum x86_segment seg, - struct segment_register *reg, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_segment( + enum x86_segment seg, struct segment_register *reg, + struct x86_emulate_ctxt *ctxt) { /* Check if this is an attempt to access the I/O bitmap. */ if ( seg == x86_seg_tr ) @@ -607,10 +609,10 @@ static int pv_emul_virt_to_linear(unsigned long base, unsigned long offset, return rc; } -static int rep_ins(uint16_t port, - enum x86_segment seg, unsigned long offset, - unsigned int bytes_per_rep, unsigned long *reps, - struct x86_emulate_ctxt *ctxt) +static int cf_check rep_ins( + uint16_t port, enum x86_segment seg, unsigned long offset, + unsigned int bytes_per_rep, unsigned long *reps, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -675,10 +677,10 @@ static int rep_ins(uint16_t port, return X86EMUL_OKAY; } -static int rep_outs(enum x86_segment seg, unsigned long offset, - uint16_t port, - unsigned int bytes_per_rep, unsigned long *reps, - struct x86_emulate_ctxt *ctxt) +static int cf_check rep_outs( + enum x86_segment seg, unsigned long offset, uint16_t port, + unsigned int bytes_per_rep, unsigned long *reps, + struct x86_emulate_ctxt *ctxt) { struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); struct vcpu *curr = current; @@ -744,8 +746,8 @@ static int rep_outs(enum x86_segment seg, unsigned long offset, return X86EMUL_OKAY; } -static int read_cr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_cr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) { const struct vcpu *curr = current; @@ -787,8 +789,8 @@ static int read_cr(unsigned int reg, unsigned long *val, return X86EMUL_UNHANDLEABLE; } -static int write_cr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt) +static int cf_check write_cr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -871,8 +873,8 @@ static uint64_t guest_efer(const struct domain *d) return val; } -static int read_msr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt) +static int cf_check read_msr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; const struct domain *currd = curr->domain; @@ -1020,8 +1022,8 @@ static int read_msr(unsigned int reg, uint64_t *val, return ret; } -static int write_msr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt) +static int cf_check write_msr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; const struct domain *currd = curr->domain; @@ -1188,8 +1190,9 @@ static int write_msr(unsigned int reg, uint64_t val, return X86EMUL_UNHANDLEABLE; } -static int cache_op(enum x86emul_cache_op op, enum x86_segment seg, - unsigned long offset, struct x86_emulate_ctxt *ctxt) +static int cf_check cache_op( + enum x86emul_cache_op op, enum x86_segment seg, + unsigned long offset, struct x86_emulate_ctxt *ctxt) { ASSERT(op == x86emul_wbinvd || op == x86emul_wbnoinvd); @@ -1208,8 +1211,8 @@ static int cache_op(enum x86emul_cache_op op, enum x86_segment seg, return X86EMUL_OKAY; } -static int validate(const struct x86_emulate_state *state, - struct x86_emulate_ctxt *ctxt) +static int cf_check validate( + const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) { switch ( ctxt->opcode ) { @@ -1258,10 +1261,9 @@ static int validate(const struct x86_emulate_state *state, return X86EMUL_UNHANDLEABLE; } -static int insn_fetch(unsigned long offset, - void *p_data, - unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt) { const struct priv_op_ctxt *poc = container_of(ctxt, struct priv_op_ctxt, ctxt); diff --git a/xen/arch/x86/pv/emulate.h b/xen/arch/x86/pv/emulate.h index 4b845b08e3..49a4d34832 100644 --- a/xen/arch/x86/pv/emulate.h +++ b/xen/arch/x86/pv/emulate.h @@ -12,13 +12,6 @@ int pv_emul_read_descriptor(unsigned int sel, const struct vcpu *v, void pv_emul_instruction_done(struct cpu_user_regs *regs, unsigned long rip); -static inline int pv_emul_is_mem_write(const struct x86_emulate_state *state, - struct x86_emulate_ctxt *ctxt) -{ - return x86_insn_is_mem_write(state, ctxt) ? X86EMUL_OKAY - : X86EMUL_UNHANDLEABLE; -} - /* Return a pointer to the GDT/LDT descriptor referenced by sel. */ static inline const seg_desc_t *gdt_ldt_desc_ptr(unsigned int sel) { diff --git a/xen/arch/x86/pv/ro-page-fault.c b/xen/arch/x86/pv/ro-page-fault.c index ef4d146c1d..5963f5ee2d 100644 --- a/xen/arch/x86/pv/ro-page-fault.c +++ b/xen/arch/x86/pv/ro-page-fault.c @@ -26,6 +26,13 @@ #include "emulate.h" #include "mm.h" +static int cf_check pv_emul_is_mem_write( + const struct x86_emulate_state *state, struct x86_emulate_ctxt *ctxt) +{ + return x86_insn_is_mem_write(state, ctxt) ? X86EMUL_OKAY + : X86EMUL_UNHANDLEABLE; +} + /********************* * Writable Pagetables */ @@ -35,9 +42,9 @@ struct ptwr_emulate_ctxt { l1_pgentry_t pte; }; -static int ptwr_emulated_read(enum x86_segment seg, unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_read( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { unsigned int rc = bytes; unsigned long addr = offset; @@ -52,9 +59,9 @@ static int ptwr_emulated_read(enum x86_segment seg, unsigned long offset, return X86EMUL_OKAY; } -static int ptwr_emulated_insn_fetch(unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_insn_fetch( + unsigned long offset, void *p_data, unsigned int bytes, + struct x86_emulate_ctxt *ctxt) { unsigned int rc = copy_from_guest_pv(p_data, (void *)offset, bytes); @@ -218,9 +225,9 @@ static int ptwr_emulated_update(unsigned long addr, intpte_t *p_old, return X86EMUL_OKAY; } -static int ptwr_emulated_write(enum x86_segment seg, unsigned long offset, - void *p_data, unsigned int bytes, - struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_write( + enum x86_segment seg, unsigned long offset, void *p_data, + unsigned int bytes, struct x86_emulate_ctxt *ctxt) { intpte_t val = 0; @@ -236,9 +243,9 @@ static int ptwr_emulated_write(enum x86_segment seg, unsigned long offset, return ptwr_emulated_update(offset, NULL, val, bytes, ctxt); } -static int ptwr_emulated_cmpxchg(enum x86_segment seg, unsigned long offset, - void *p_old, void *p_new, unsigned int bytes, - bool lock, struct x86_emulate_ctxt *ctxt) +static int cf_check ptwr_emulated_cmpxchg( + enum x86_segment seg, unsigned long offset, void *p_old, void *p_new, + unsigned int bytes, bool lock, struct x86_emulate_ctxt *ctxt) { intpte_t old = 0, new = 0; int rc; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..60191a94dc 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -53,8 +53,8 @@ #include "x86_emulate/x86_emulate.c" -int x86emul_read_xcr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_read_xcr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt) { switch ( reg ) { @@ -77,8 +77,8 @@ int x86emul_read_xcr(unsigned int reg, uint64_t *val, } /* Note: May be called with ctxt=NULL. */ -int x86emul_write_xcr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_write_xcr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt) { switch ( reg ) { @@ -100,8 +100,8 @@ int x86emul_write_xcr(unsigned int reg, uint64_t val, #ifdef CONFIG_PV /* Called with NULL ctxt in hypercall context. */ -int x86emul_read_dr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_read_dr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -143,8 +143,8 @@ int x86emul_read_dr(unsigned int reg, unsigned long *val, return X86EMUL_OKAY; } -int x86emul_write_dr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_write_dr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt) { struct vcpu *curr = current; @@ -167,8 +167,9 @@ int x86emul_write_dr(unsigned int reg, unsigned long val, } #endif /* CONFIG_PV */ -int x86emul_cpuid(uint32_t leaf, uint32_t subleaf, - struct cpuid_leaf *res, struct x86_emulate_ctxt *ctxt) +int cf_check x86emul_cpuid( + uint32_t leaf, uint32_t subleaf, struct cpuid_leaf *res, + struct x86_emulate_ctxt *ctxt) { guest_cpuid(current, leaf, subleaf, res); diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 2ba54c6151..6c0d18954a 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -2524,7 +2524,7 @@ static void adjust_bnd(struct x86_emulate_ctxt *ctxt, done:; } -int x86emul_unhandleable_rw( +int cf_check x86emul_unhandleable_rw( enum x86_segment seg, unsigned long offset, void *p_data, @@ -12320,7 +12320,7 @@ x86_insn_operand_ea(const struct x86_emulate_state *state, * memory operand (like POP), but it does not mean e.g. segment selector * loads, where the descriptor table access is considered an implicit one. */ -bool +bool cf_check x86_insn_is_mem_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12412,7 +12412,7 @@ x86_insn_is_mem_access(const struct x86_emulate_state *state, * loads, where the (possible) descriptor table write is considered an * implicit access. */ -bool +bool cf_check x86_insn_is_mem_write(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12584,7 +12584,7 @@ x86_insn_is_mem_write(const struct x86_emulate_state *state, return false; } -bool +bool cf_check x86_insn_is_portio(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { @@ -12599,7 +12599,7 @@ x86_insn_is_portio(const struct x86_emulate_state *state, return false; } -bool +bool cf_check x86_insn_is_cr_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) { diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 419def8790..4732855c40 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -737,7 +737,7 @@ static inline unsigned long *decode_gpr(struct cpu_user_regs *regs, } /* Unhandleable read, write or instruction fetch */ -int +int cf_check x86emul_unhandleable_rw( enum x86_segment seg, unsigned long offset, @@ -766,16 +766,16 @@ x86_insn_immediate(const struct x86_emulate_state *state, unsigned int x86_insn_length(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_mem_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_mem_write(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_portio(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); -bool +bool cf_check x86_insn_is_cr_access(const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt); @@ -787,17 +787,18 @@ void x86_emulate_free_state(struct x86_emulate_state *state); #ifdef __XEN__ -int x86emul_read_xcr(unsigned int reg, uint64_t *val, - struct x86_emulate_ctxt *ctxt); -int x86emul_write_xcr(unsigned int reg, uint64_t val, - struct x86_emulate_ctxt *ctxt); - -int x86emul_read_dr(unsigned int reg, unsigned long *val, - struct x86_emulate_ctxt *ctxt); -int x86emul_write_dr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt); -int x86emul_cpuid(uint32_t leaf, uint32_t subleaf, - struct cpuid_leaf *res, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_read_xcr( + unsigned int reg, uint64_t *val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_write_xcr( + unsigned int reg, uint64_t val, struct x86_emulate_ctxt *ctxt); + +int cf_check x86emul_read_dr( + unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_write_dr( + unsigned int reg, unsigned long val, struct x86_emulate_ctxt *ctxt); +int cf_check x86emul_cpuid( + uint32_t leaf, uint32_t subleaf, struct cpuid_leaf *res, + struct x86_emulate_ctxt *ctxt); #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278004.474958 (Exim 4.92) (envelope-from ) id 1nN9og-0004b9-AU; Thu, 24 Feb 2022 08:49:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278004.474958; Thu, 24 Feb 2022 08:49:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9og-0004b1-7Y; Thu, 24 Feb 2022 08:49:38 +0000 Received: by outflank-mailman (input) for mailman id 278004; Thu, 24 Feb 2022 08:49:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oe-0004ap-Il for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oe-000143-I0 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oe-0005b1-Gm for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SH/mrbpXHOpwIEEDNIBhK+XJj9+5/LLz4Xk/53+idkc=; b=euVhaKVNP2krMkfEu/Tzf4aAru 4UtmN4o9ERst5sjq72wFJcvMzjo64UaGgwnqHE9ZaSx5d7TbSEILHFuEXhvXEFUCJD5ASPP31pPpn zU1gSyg3PzrzTupD2+jdIQQrT9ls5xstNoQF2uUuElEuxJ8yd2YPTIu4YoqG1wmYWd0w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ucode: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:49:36 +0000 commit ce25a24c1f5e93bd17275a063d96a00205498111 Author: Andrew Cooper AuthorDate: Thu Oct 28 11:35:25 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/ucode: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 9 +++++---- xen/arch/x86/cpu/microcode/core.c | 4 ++-- xen/arch/x86/cpu/microcode/intel.c | 10 +++++----- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index fe92e594f1..0afa2192bf 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -91,7 +91,7 @@ static struct { uint16_t id; } equiv __read_mostly; -static void collect_cpu_info(void) +static void cf_check collect_cpu_info(void) { struct cpu_signature *csig = &this_cpu(cpu_sig); @@ -204,7 +204,7 @@ static enum microcode_match_result compare_header( return compare_revisions(old->patch_id, new->patch_id); } -static enum microcode_match_result compare_patch( +static enum microcode_match_result cf_check compare_patch( const struct microcode_patch *new, const struct microcode_patch *old) { /* Both patches to compare are supposed to be applicable to local CPU. */ @@ -214,7 +214,7 @@ static enum microcode_match_result compare_patch( return compare_header(new, old); } -static int apply_microcode(const struct microcode_patch *patch) +static int cf_check apply_microcode(const struct microcode_patch *patch) { int hw_err; unsigned int cpu = smp_processor_id(); @@ -299,7 +299,8 @@ static int scan_equiv_cpu_table(const struct container_equiv_table *et) return -ESRCH; } -static struct microcode_patch *cpu_request_microcode(const void *buf, size_t size) +static struct microcode_patch *cf_check cpu_request_microcode( + const void *buf, size_t size) { const struct microcode_patch *saved = NULL; struct microcode_patch *patch = NULL; diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 8413642080..c07f68ba35 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -291,12 +291,12 @@ static int wait_for_condition(bool (*func)(unsigned int data), return 0; } -static bool wait_cpu_callin(unsigned int nr) +static bool cf_check wait_cpu_callin(unsigned int nr) { return cpumask_weight(&cpu_callin_map) >= nr; } -static bool wait_cpu_callout(unsigned int nr) +static bool cf_check wait_cpu_callout(unsigned int nr) { return atomic_read(&cpu_out) >= nr; } diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index f6d01490e0..d3864b5ab0 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -116,7 +116,7 @@ static bool signature_matches(const struct cpu_signature *cpu_sig, return cpu_sig->pf & ucode_pf; } -static void collect_cpu_info(void) +static void cf_check collect_cpu_info(void) { struct cpu_signature *csig = &this_cpu(cpu_sig); uint64_t msr_content; @@ -271,7 +271,7 @@ static enum microcode_match_result microcode_update_match( return compare_revisions(cpu_sig->rev, mc->rev); } -static enum microcode_match_result compare_patch( +static enum microcode_match_result cf_check compare_patch( const struct microcode_patch *new, const struct microcode_patch *old) { /* @@ -284,7 +284,7 @@ static enum microcode_match_result compare_patch( return compare_revisions(old->rev, new->rev); } -static int apply_microcode(const struct microcode_patch *patch) +static int cf_check apply_microcode(const struct microcode_patch *patch) { uint64_t msr_content; unsigned int cpu = smp_processor_id(); @@ -323,8 +323,8 @@ static int apply_microcode(const struct microcode_patch *patch) return 0; } -static struct microcode_patch *cpu_request_microcode(const void *buf, - size_t size) +static struct microcode_patch *cf_check cpu_request_microcode( + const void *buf, size_t size) { int error = 0; const struct microcode_patch *saved = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278005.474961 (Exim 4.92) (envelope-from ) id 1nN9oq-0004eO-C4; Thu, 24 Feb 2022 08:49:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278005.474961; Thu, 24 Feb 2022 08:49:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oq-0004eG-92; Thu, 24 Feb 2022 08:49:48 +0000 Received: by outflank-mailman (input) for mailman id 278005; Thu, 24 Feb 2022 08:49:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oo-0004e3-M6 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oo-000147-LS for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oo-0005bq-Kg for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r1XuXYbENkma636LdtNeTALVRPED5wtJB6/21zGhQsg=; b=tLV0vju3iJoYNVgXlk1cA4MO0x HHS48HI6gekuOIEa/Vg1XfP5Pnh+OFQ4qvwHSOwaV7zRhIF1UtQ60K2RLZoL99B9Fzx3mCqS23BYA WVn80Ey6kuT03Hd51y69XGSh0i/Wh55stVmWUVyZuVGUR1GdZzlAJ0AhCYAYHQI5a2Ms=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/power: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:49:46 +0000 commit 98f93855806d9301f08000be804bc9cbb97011c1 Author: Andrew Cooper AuthorDate: Thu Oct 28 12:00:06 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/power: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. cpufreq_governor_dbs() has no external callers so make it static. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 14 +++++++------- xen/arch/x86/acpi/cpufreq/powernow.c | 15 ++++++++------- xen/common/core_parking.c | 4 ++-- xen/drivers/cpufreq/cpufreq_ondemand.c | 6 ++++-- xen/include/acpi/cpufreq/cpufreq.h | 1 - 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 8133c2dd95..c27cbb2304 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -320,7 +320,7 @@ unsigned int get_measured_perf(unsigned int cpu, unsigned int flag) return policy->cpuinfo.max_freq * perf_percent / 100; } -static unsigned int get_cur_freq_on_cpu(unsigned int cpu) +static unsigned int cf_check get_cur_freq_on_cpu(unsigned int cpu) { struct cpufreq_policy *policy; struct acpi_cpufreq_data *data; @@ -369,8 +369,9 @@ static unsigned int check_freqs(const cpumask_t *mask, unsigned int freq, return 0; } -static int acpi_cpufreq_target(struct cpufreq_policy *policy, - unsigned int target_freq, unsigned int relation) +static int cf_check acpi_cpufreq_target( + struct cpufreq_policy *policy, + unsigned int target_freq, unsigned int relation) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; struct processor_performance *perf; @@ -449,7 +450,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy, return result; } -static int acpi_cpufreq_verify(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_verify(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data; struct processor_performance *perf; @@ -494,8 +495,7 @@ acpi_cpufreq_guess_freq(struct acpi_cpufreq_data *data, unsigned int cpu) } } -static int -acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) { unsigned int i; unsigned int valid_states = 0; @@ -609,7 +609,7 @@ err_unreg: return result; } -static int acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) +static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index ca71ecf72d..d4c7dcd5d9 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -67,8 +67,8 @@ static void cf_check update_cpb(void *data) } } -static int powernow_cpufreq_update (int cpuid, - struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_update( + int cpuid, struct cpufreq_policy *policy) { if (!cpumask_test_cpu(cpuid, &cpu_online_map)) return -EINVAL; @@ -78,8 +78,9 @@ static int powernow_cpufreq_update (int cpuid, return 0; } -static int powernow_cpufreq_target(struct cpufreq_policy *policy, - unsigned int target_freq, unsigned int relation) +static int cf_check powernow_cpufreq_target( + struct cpufreq_policy *policy, + unsigned int target_freq, unsigned int relation) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; struct processor_performance *perf; @@ -180,7 +181,7 @@ static void cf_check get_cpu_data(void *arg) amd_fixup_frequency(&perf->states[i]); } -static int powernow_cpufreq_verify(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_verify(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data; struct processor_performance *perf; @@ -197,7 +198,7 @@ static int powernow_cpufreq_verify(struct cpufreq_policy *policy) return cpufreq_frequency_table_verify(policy, data->freq_table); } -static int powernow_cpufreq_cpu_init(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_cpu_init(struct cpufreq_policy *policy) { unsigned int i; unsigned int valid_states = 0; @@ -303,7 +304,7 @@ err_unreg: return result; } -static int powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) +static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) { struct acpi_cpufreq_data *data = cpufreq_drv_data[policy->cpu]; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 4afad04f2f..c4f01291c0 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -53,7 +53,7 @@ static int __init cf_check setup_core_parking_option(const char *str) } custom_param("core_parking", setup_core_parking_option); -static unsigned int core_parking_performance(unsigned int event) +static unsigned int cf_check core_parking_performance(unsigned int event) { unsigned int cpu = -1; @@ -111,7 +111,7 @@ static unsigned int core_parking_performance(unsigned int event) return cpu; } -static unsigned int core_parking_power(unsigned int event) +static unsigned int cf_check core_parking_power(unsigned int event) { unsigned int cpu = -1; diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c b/xen/drivers/cpufreq/cpufreq_ondemand.c index ba03eaa233..fbcd14d6c3 100644 --- a/xen/drivers/cpufreq/cpufreq_ondemand.c +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c @@ -215,7 +215,8 @@ static void dbs_timer_exit(struct cpu_dbs_info_s *dbs_info) kill_timer(&per_cpu(dbs_timer, dbs_info->cpu)); } -int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event) +static int cf_check cpufreq_governor_dbs( + struct cpufreq_policy *policy, unsigned int event) { unsigned int cpu = policy->cpu; struct cpu_dbs_info_s *this_dbs_info; @@ -307,7 +308,8 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event) return 0; } -static bool_t __init cpufreq_dbs_handle_option(const char *name, const char *val) +static bool __init cf_check cpufreq_dbs_handle_option( + const char *name, const char *val) { if ( !strcmp(name, "rate") && val ) { diff --git a/xen/include/acpi/cpufreq/cpufreq.h b/xen/include/acpi/cpufreq/cpufreq.h index 4958d3f7d3..e5e58c6c30 100644 --- a/xen/include/acpi/cpufreq/cpufreq.h +++ b/xen/include/acpi/cpufreq/cpufreq.h @@ -227,7 +227,6 @@ struct cpu_dbs_info_s { int8_t stoppable; }; -int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event); int get_cpufreq_ondemand_para(uint32_t *sampling_rate_max, uint32_t *sampling_rate_min, uint32_t *sampling_rate, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:49:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:49:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278006.474966 (Exim 4.92) (envelope-from ) id 1nN9p0-0004hS-DN; Thu, 24 Feb 2022 08:49:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278006.474966; Thu, 24 Feb 2022 08:49:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9p0-0004hK-AW; Thu, 24 Feb 2022 08:49:58 +0000 Received: by outflank-mailman (input) for mailman id 278006; Thu, 24 Feb 2022 08:49:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oy-0004h6-PH for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9oy-00014G-Od for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9oy-0005ci-No for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:49:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EDoBNyn+glwsm1TLwVHUhs0B8wEn3pDH4dLkuE9aRbg=; b=uYsbssByhvQfBm6c9WJmyaRkY5 fZb9/yB/EQXx/hv1h6OCEfLjORQVFLbCJtfJTa+oOQ6TP5VDUnFQdgfhDheY5o8sXTbyMvCwWaddX /pi/xxbl1AmA23ct8sXtpD6hfVl/pyE31wcncZa3vTx8DwqWTRZ3QZoAKP3/b8tvufoY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/apic: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:49:56 +0000 commit 15b66009808ac7c5e66824ccac06be15d4129686 Author: Andrew Cooper AuthorDate: Thu Oct 28 14:05:05 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/apic: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/genapic/bigsmp.c | 4 ++-- xen/arch/x86/genapic/delivery.c | 12 ++++++------ xen/arch/x86/genapic/x2apic.c | 16 ++++++++++------ xen/arch/x86/include/asm/genapic.h | 18 +++++++++--------- xen/arch/x86/smp.c | 6 +++--- 5 files changed, 30 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index b9d976e8ab..2000383ab0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -10,7 +10,7 @@ #include #include -static __init int force_bigsmp(const struct dmi_system_id *d) +static int __init cf_check force_bigsmp(const struct dmi_system_id *d) { printk(KERN_NOTICE "%s detected: force use of apic=bigsmp\n", d->ident); def_to_bigsmp = true; @@ -27,7 +27,7 @@ static const struct dmi_system_id __initconstrel bigsmp_dmi_table[] = { }; -static __init int probe_bigsmp(void) +static int __init cf_check probe_bigsmp(void) { /* * We don't implement cluster mode, so force use of diff --git a/xen/arch/x86/genapic/delivery.c b/xen/arch/x86/genapic/delivery.c index 548c33f282..d1f99bf683 100644 --- a/xen/arch/x86/genapic/delivery.c +++ b/xen/arch/x86/genapic/delivery.c @@ -9,7 +9,7 @@ * LOGICAL FLAT DELIVERY MODE (multicast via bitmask to <= 8 logical APIC IDs). */ -void init_apic_ldr_flat(void) +void cf_check init_apic_ldr_flat(void) { unsigned long val; @@ -19,12 +19,12 @@ void init_apic_ldr_flat(void) apic_write(APIC_LDR, val); } -const cpumask_t *vector_allocation_cpumask_flat(int cpu) +const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu) { return &cpu_online_map; } -unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask) +unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask) { return cpumask_bits(cpumask)[0]&0xFF; } @@ -33,17 +33,17 @@ unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask) * PHYSICAL DELIVERY MODE (unicast to physical APIC IDs). */ -void init_apic_ldr_phys(void) +void cf_check init_apic_ldr_phys(void) { /* We only deliver in phys mode - no setup needed. */ } -const cpumask_t *vector_allocation_cpumask_phys(int cpu) +const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu) { return cpumask_of(cpu); } -unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask) +unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask) { /* As we are using single CPU as destination, pick only one CPU here */ return cpu_physical_id(cpumask_any(cpumask)); diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index bd44bb7539..de5032f202 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -38,7 +38,7 @@ static inline u32 x2apic_cluster(unsigned int cpu) return per_cpu(cpu_2_logical_apicid, cpu) >> 16; } -static void init_apic_ldr_x2apic_cluster(void) +static void cf_check init_apic_ldr_x2apic_cluster(void) { unsigned int cpu, this_cpu = smp_processor_id(); @@ -74,12 +74,14 @@ static void init_apic_ldr_x2apic_cluster(void) cpumask_set_cpu(this_cpu, per_cpu(cluster_cpus, this_cpu)); } -static const cpumask_t *vector_allocation_cpumask_x2apic_cluster(int cpu) +static const cpumask_t *cf_check vector_allocation_cpumask_x2apic_cluster( + int cpu) { return per_cpu(cluster_cpus, cpu); } -static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask) +static unsigned int cf_check cpu_mask_to_apicid_x2apic_cluster( + const cpumask_t *cpumask) { unsigned int cpu = cpumask_any(cpumask); unsigned int dest = per_cpu(cpu_2_logical_apicid, cpu); @@ -92,12 +94,13 @@ static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask) return dest; } -static void send_IPI_self_x2apic(uint8_t vector) +static void cf_check send_IPI_self_x2apic(uint8_t vector) { apic_wrmsr(APIC_SELF_IPI, vector); } -static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector) +static void cf_check send_IPI_mask_x2apic_phys( + const cpumask_t *cpumask, int vector) { unsigned int cpu; unsigned long flags; @@ -130,7 +133,8 @@ static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector) local_irq_restore(flags); } -static void send_IPI_mask_x2apic_cluster(const cpumask_t *cpumask, int vector) +static void cf_check send_IPI_mask_x2apic_cluster( + const cpumask_t *cpumask, int vector) { unsigned int cpu = smp_processor_id(); cpumask_t *ipimask = per_cpu(scratch_mask, cpu); diff --git a/xen/arch/x86/include/asm/genapic.h b/xen/arch/x86/include/asm/genapic.h index 51a65d3e0f..beeaddf19d 100644 --- a/xen/arch/x86/include/asm/genapic.h +++ b/xen/arch/x86/include/asm/genapic.h @@ -39,12 +39,12 @@ extern struct genapic genapic; extern const struct genapic apic_default; extern const struct genapic apic_bigsmp; -void send_IPI_self_legacy(uint8_t vector); +void cf_check send_IPI_self_legacy(uint8_t vector); -void init_apic_ldr_flat(void); -unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask); -void send_IPI_mask_flat(const cpumask_t *mask, int vector); -const cpumask_t *vector_allocation_cpumask_flat(int cpu); +void cf_check init_apic_ldr_flat(void); +unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask); +void cf_check send_IPI_mask_flat(const cpumask_t *mask, int vector); +const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu); #define GENAPIC_FLAT \ .int_delivery_mode = dest_LowestPrio, \ .int_dest_mode = 1 /* logical delivery */, \ @@ -54,10 +54,10 @@ const cpumask_t *vector_allocation_cpumask_flat(int cpu); .send_IPI_mask = send_IPI_mask_flat, \ .send_IPI_self = send_IPI_self_legacy -void init_apic_ldr_phys(void); -unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask); -void send_IPI_mask_phys(const cpumask_t *mask, int vector); -const cpumask_t *vector_allocation_cpumask_phys(int cpu); +void cf_check init_apic_ldr_phys(void); +unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask); +void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector); +const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu); #define GENAPIC_PHYS \ .int_delivery_mode = dest_Fixed, \ .int_dest_mode = 0 /* physical delivery */, \ diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index 33748e629a..0a02086966 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -161,13 +161,13 @@ void send_IPI_self(int vector) * The following functions deal with sending IPIs between CPUs. */ -void send_IPI_self_legacy(uint8_t vector) +void cf_check send_IPI_self_legacy(uint8_t vector) { /* NMI continuation handling relies on using a shorthand here. */ send_IPI_shortcut(APIC_DEST_SELF, vector, APIC_DEST_PHYSICAL); } -void send_IPI_mask_flat(const cpumask_t *cpumask, int vector) +void cf_check send_IPI_mask_flat(const cpumask_t *cpumask, int vector) { unsigned long mask = cpumask_bits(cpumask)[0]; unsigned long cfg; @@ -204,7 +204,7 @@ void send_IPI_mask_flat(const cpumask_t *cpumask, int vector) local_irq_restore(flags); } -void send_IPI_mask_phys(const cpumask_t *mask, int vector) +void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector) { unsigned long cfg, flags; unsigned int query_cpu; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278007.474970 (Exim 4.92) (envelope-from ) id 1nN9pA-0005Rg-Fz; Thu, 24 Feb 2022 08:50:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278007.474970; Thu, 24 Feb 2022 08:50:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pA-0005RT-C2; Thu, 24 Feb 2022 08:50:08 +0000 Received: by outflank-mailman (input) for mailman id 278007; Thu, 24 Feb 2022 08:50:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9p8-0005R4-SY for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9p8-00014u-Rs for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9p8-0005dU-R5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MUwdKCSl2vndqu7pkJHo4dlSTssAnkHlQNP5sTZawU4=; b=CC1whdDinu8us8xyk/O9txPkJF jsXDe0Rq6zfUoqs32XkUTVNwHK+u3p/4jrrc8ylJcWIPc2Lu1a3URifetGchfVTkyGz0kyi8WnLXs a3R2kcyj9NZAZfZWo4Wj6DMuu8dE38ldMbn3kDvAkq7+KxvfGkC/OuuOL+CCdRDsUjnI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/nmi: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:06 +0000 commit b1a7d40f30cde6e5b71ee23de25f9cae9837709e Author: Andrew Cooper AuthorDate: Fri Oct 29 14:05:07 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/nmi: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/alternative.c | 4 ++-- xen/arch/x86/cpu/microcode/core.c | 3 ++- xen/arch/x86/crash.c | 3 ++- xen/arch/x86/livepatch.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 2 +- xen/arch/x86/traps.c | 3 ++- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1cb531c9df..436047abe0 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -324,8 +324,8 @@ static unsigned int __initdata alt_done; * condition where an NMI hits while we are midway though patching some * instructions in the NMI path. */ -static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, - int cpu) +static int __init cf_check nmi_apply_alternatives( + const struct cpu_user_regs *regs, int cpu) { /* * More than one NMI may occur between the two set_nmi_callback() below. diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index c07f68ba35..f84dafa826 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -376,7 +376,8 @@ static int primary_thread_work(const struct microcode_patch *patch) return ret; } -static int microcode_nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check microcode_nmi_callback( + const struct cpu_user_regs *regs, int cpu) { unsigned int primary = cpumask_first(this_cpu(cpu_sibling_mask)); int ret; diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index f6264946a6..c383f718f5 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -36,7 +36,8 @@ static unsigned int crashing_cpu; static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done); /* This becomes the NMI handler for non-crashing CPUs, when Xen is crashing. */ -static int noreturn do_nmi_crash(const struct cpu_user_regs *regs, int cpu) +static int noreturn cf_check do_nmi_crash( + const struct cpu_user_regs *regs, int cpu) { stac(); diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index d056b1ed8b..37c9b8435e 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -175,7 +175,7 @@ static nmi_callback_t *saved_nmi_callback; * Note that because of this NOP code the do_nmi is not safely patchable. * Also if we do receive 'real' NMIs we have lost them. */ -static int mask_nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check mask_nmi_callback(const struct cpu_user_regs *regs, int cpu) { /* TODO: Handle missing NMI/MCE.*/ return 1; diff --git a/xen/arch/x86/oprofile/nmi_int.c b/xen/arch/x86/oprofile/nmi_int.c index 6ebe20bd1d..a90b728258 100644 --- a/xen/arch/x86/oprofile/nmi_int.c +++ b/xen/arch/x86/oprofile/nmi_int.c @@ -95,7 +95,7 @@ bool nmi_oprofile_send_virq(void) return v; } -static int nmi_callback(const struct cpu_user_regs *regs, int cpu) +static int cf_check nmi_callback(const struct cpu_user_regs *regs, int cpu) { int xen_mode, ovf; diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 485bd66971..7b95710193 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -752,7 +752,8 @@ static cpumask_t show_state_mask; static bool opt_show_all; boolean_param("async-show-all", opt_show_all); -static int nmi_show_execution_state(const struct cpu_user_regs *regs, int cpu) +static int cf_check nmi_show_execution_state( + const struct cpu_user_regs *regs, int cpu) { if ( !cpumask_test_cpu(cpu, &show_state_mask) ) return 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278008.474974 (Exim 4.92) (envelope-from ) id 1nN9pK-0005ZR-IR; Thu, 24 Feb 2022 08:50:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278008.474974; Thu, 24 Feb 2022 08:50:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pK-0005ZI-FE; Thu, 24 Feb 2022 08:50:18 +0000 Received: by outflank-mailman (input) for mailman id 278008; Thu, 24 Feb 2022 08:50:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pI-0005Z1-Vi for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pI-00016W-Uz for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9pI-0005e7-UO for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=An68wTgDiwX6kgIudOYG+7IH1NY7xl9PpA3NngnGYj4=; b=OsMa1PKzBUbSCBCb6d2FsIe9sm GtMXfdpopDNPGx/6xWGLYTdlj+PQS65umVfyOOKvHnmlDg15dYqzxpaUX+xSGqTK7QsqLT4Sz36vu zXjWRs4XfXGSH8VXyYkzg0mxKwyfaPIJ48hUglQhvjjcHFW91JucGOrMA4j8gaDvKxO4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mtrr: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:16 +0000 commit 142923eaaf71f6cf38053da13c6dba598aff8839 Author: Andrew Cooper AuthorDate: Thu Oct 28 13:48:54 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/mtrr: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mtrr/generic.c | 18 ++++++++++-------- xen/arch/x86/cpu/mtrr/mtrr.h | 8 ++++---- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 7cf4cd01f3..47aaf76226 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,8 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg) +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. The size (in bytes) of the region. @@ -309,8 +310,8 @@ int generic_get_free_region(unsigned long base, unsigned long size, int replace_ return -ENOSPC; } -static void generic_get_mtrr(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type *type) +static void cf_check generic_get_mtrr( + unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -499,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void generic_set_all(void) +static void cf_check generic_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -522,8 +523,8 @@ static void generic_set_all(void) } } -static void generic_set_mtrr(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type) +static void cf_check generic_set_mtrr( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. The base address of the region. @@ -566,7 +567,8 @@ static void generic_set_mtrr(unsigned int reg, unsigned long base, local_irq_restore(flags); } -int generic_validate_add_page(unsigned long base, unsigned long size, unsigned int type) +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -584,7 +586,7 @@ int generic_validate_add_page(unsigned long base, unsigned long size, unsigned i } -static int generic_have_wrcomb(void) +static int cf_check generic_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index 9a406e6f61..c7fd44daab 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -24,10 +24,10 @@ struct mtrr_ops { int (*have_wrcomb)(void); }; -extern int generic_get_free_region(unsigned long base, unsigned long size, - int replace_reg); -extern int generic_validate_add_page(unsigned long base, unsigned long size, - unsigned int type); +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg); +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type); extern const struct mtrr_ops generic_mtrr_ops; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278009.474978 (Exim 4.92) (envelope-from ) id 1nN9pU-0005cL-Ji; Thu, 24 Feb 2022 08:50:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278009.474978; Thu, 24 Feb 2022 08:50:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pU-0005cD-Gi; Thu, 24 Feb 2022 08:50:28 +0000 Received: by outflank-mailman (input) for mailman id 278009; Thu, 24 Feb 2022 08:50:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pT-0005c4-36 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pT-00016c-2J for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9pT-0005en-1W for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JZZ8UEA70EWciANHeuJ3EnX5XF2Xo+XyAONdfMsodRE=; b=QeBt6hLhYqHCXMENpy4mhPcG32 eI5hNl2s60g9Hvrzpm72scw3+5AsO6HkU9dOQC8rHtypIpZdJGLVlUKxo/9UJzJ8rwr0jR+bdjBF/ uqilc0yWSHzQ4jRrDNi9/KceCdv2SWF0XdMR4NAKYqTXfpexMMTTBNOaT0o22PhbpjOU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/idle: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:27 +0000 commit afaa75410ec1010b9ae7c3ae9ce0f3d1c26b6312 Author: Andrew Cooper AuthorDate: Thu Oct 28 13:32:34 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/idle: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/cpu_idle.c | 31 +++++++++++++++++++++------- xen/arch/x86/acpi/cpuidle_menu.c | 6 +++--- xen/arch/x86/cpu/mwait-idle.c | 2 +- xen/arch/x86/domain.c | 6 +++--- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/cpuidle.h | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/include/asm/time.h | 6 +++--- xen/arch/x86/time.c | 6 +++--- xen/drivers/cpufreq/cpufreq_misc_governors.c | 14 ++++++------- 10 files changed, 49 insertions(+), 34 deletions(-) diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index 0142671bb8..557bc6ef86 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -75,7 +75,7 @@ #define GET_CC7_RES(val) GET_HW_RES_IN_NS(0x3FE, val) /* SNB onwards */ #define PHI_CC6_RES(val) GET_HW_RES_IN_NS(0x3FF, val) /* Xeon Phi only */ -static void lapic_timer_nop(void) { } +static void cf_check lapic_timer_nop(void) { } void (*__read_mostly lapic_timer_off)(void); void (*__read_mostly lapic_timer_on)(void); @@ -310,12 +310,27 @@ static char* acpi_cstate_method_name[] = "HALT" }; -static uint64_t get_stime_tick(void) { return (uint64_t)NOW(); } -static uint64_t stime_ticks_elapsed(uint64_t t1, uint64_t t2) { return t2 - t1; } -static uint64_t stime_tick_to_ns(uint64_t ticks) { return ticks; } +static uint64_t cf_check get_stime_tick(void) +{ + return NOW(); +} + +static uint64_t cf_check stime_ticks_elapsed(uint64_t t1, uint64_t t2) +{ + return t2 - t1; +} + +static uint64_t cf_check stime_tick_to_ns(uint64_t ticks) +{ + return ticks; +} + +static uint64_t cf_check get_acpi_pm_tick(void) +{ + return inl(pmtmr_ioport); +} -static uint64_t get_acpi_pm_tick(void) { return (uint64_t)inl(pmtmr_ioport); } -static uint64_t acpi_pm_ticks_elapsed(uint64_t t1, uint64_t t2) +static uint64_t cf_check acpi_pm_ticks_elapsed(uint64_t t1, uint64_t t2) { if ( t2 >= t1 ) return (t2 - t1); @@ -664,7 +679,7 @@ void update_idle_stats(struct acpi_processor_power *power, spin_unlock(&power->stat_lock); } -static void acpi_processor_idle(void) +static void cf_check acpi_processor_idle(void) { unsigned int cpu = smp_processor_id(); struct acpi_processor_power *power = processor_powers[cpu]; @@ -869,7 +884,7 @@ static void acpi_processor_idle(void) cpuidle_current_governor->reflect(power); } -void acpi_dead_idle(void) +void cf_check acpi_dead_idle(void) { struct acpi_processor_power *power; struct acpi_processor_cx *cx; diff --git a/xen/arch/x86/acpi/cpuidle_menu.c b/xen/arch/x86/acpi/cpuidle_menu.c index 6ff5fb8ff2..a275436d79 100644 --- a/xen/arch/x86/acpi/cpuidle_menu.c +++ b/xen/arch/x86/acpi/cpuidle_menu.c @@ -185,7 +185,7 @@ static unsigned int get_sleep_length_us(void) return (us >> 32) ? (unsigned int)-2000 : (unsigned int)us; } -static int menu_select(struct acpi_processor_power *power) +static int cf_check menu_select(struct acpi_processor_power *power) { struct menu_device *data = &this_cpu(menu_devices); int i; @@ -237,7 +237,7 @@ static int menu_select(struct acpi_processor_power *power) return data->last_state_idx; } -static void menu_reflect(struct acpi_processor_power *power) +static void cf_check menu_reflect(struct acpi_processor_power *power) { struct menu_device *data = &this_cpu(menu_devices); u64 new_factor; @@ -275,7 +275,7 @@ static void menu_reflect(struct acpi_processor_power *power) data->correction_factor[data->bucket] = new_factor; } -static int menu_enable_device(struct acpi_processor_power *power) +static int cf_check menu_enable_device(struct acpi_processor_power *power) { memset(&per_cpu(menu_devices, power->cpu), 0, sizeof(struct menu_device)); diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index 927ce1b67a..f76c64e04b 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -773,7 +773,7 @@ static const struct cpuidle_state snr_cstates[] = { {} }; -static void mwait_idle(void) +static void cf_check mwait_idle(void) { unsigned int cpu = smp_processor_id(); struct acpi_processor_power *power = processor_powers[cpu]; diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index ec0b631f7c..55df2a23f8 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -74,11 +74,11 @@ DEFINE_PER_CPU(struct vcpu *, curr_vcpu); -static void default_idle(void); +static void cf_check default_idle(void); void (*pm_idle) (void) __read_mostly = default_idle; void (*dead_idle) (void) __read_mostly = default_dead_idle; -static void default_idle(void) +static void cf_check default_idle(void) { struct cpu_info *info = get_cpu_info(); @@ -93,7 +93,7 @@ static void default_idle(void) local_irq_enable(); } -void default_dead_idle(void) +void cf_check default_dead_idle(void) { /* * When going into S3, without flushing caches modified data may be diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 5d4f891566..1632993f72 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -706,7 +706,7 @@ void hpet_disable_legacy_broadcast(void) smp_send_event_check_mask(&cpu_online_map); } -void hpet_broadcast_enter(void) +void cf_check hpet_broadcast_enter(void) { unsigned int cpu = smp_processor_id(); struct hpet_event_channel *ch = per_cpu(cpu_bc_channel, cpu); @@ -737,7 +737,7 @@ void hpet_broadcast_enter(void) spin_unlock(&ch->lock); } -void hpet_broadcast_exit(void) +void cf_check hpet_broadcast_exit(void) { unsigned int cpu = smp_processor_id(); struct hpet_event_channel *ch = per_cpu(cpu_bc_channel, cpu); diff --git a/xen/arch/x86/include/asm/cpuidle.h b/xen/arch/x86/include/asm/cpuidle.h index 0981a8fd64..3edd7a75d2 100644 --- a/xen/arch/x86/include/asm/cpuidle.h +++ b/xen/arch/x86/include/asm/cpuidle.h @@ -17,8 +17,8 @@ extern uint64_t (*cpuidle_get_tick)(void); int mwait_idle_init(struct notifier_block *); int cpuidle_init_cpu(unsigned int cpu); -void default_dead_idle(void); -void acpi_dead_idle(void); +void cf_check default_dead_idle(void); +void cf_check acpi_dead_idle(void); void play_dead(void); void trace_exit_reason(u32 *irq_traced); void update_idle_stats(struct acpi_processor_power *, diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 8f9725a95e..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -91,8 +91,8 @@ void hpet_disable_legacy_replacement_mode(void); */ void hpet_broadcast_init(void); void hpet_broadcast_resume(void); -void hpet_broadcast_enter(void); -void hpet_broadcast_exit(void); +void cf_check hpet_broadcast_enter(void); +void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); void hpet_disable_legacy_broadcast(void); diff --git a/xen/arch/x86/include/asm/time.h b/xen/arch/x86/include/asm/time.h index f06f2bfd8b..2a57d930ef 100644 --- a/xen/arch/x86/include/asm/time.h +++ b/xen/arch/x86/include/asm/time.h @@ -43,11 +43,11 @@ int hwdom_pit_access(struct ioreq *ioreq); int cpu_frequency_change(u64 freq); -void pit_broadcast_enter(void); -void pit_broadcast_exit(void); +void cf_check pit_broadcast_enter(void); +void cf_check pit_broadcast_exit(void); int pit_broadcast_is_available(void); -uint64_t acpi_pm_tick_to_ns(uint64_t ticks); +uint64_t cf_check acpi_pm_tick_to_ns(uint64_t ticks); uint64_t tsc_ticks2ns(uint64_t ticks); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index a296704fb1..d5ec58a360 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -545,7 +545,7 @@ static __init int cf_check init_pmtmr_scale(void) } __initcall(init_pmtmr_scale); -uint64_t acpi_pm_tick_to_ns(uint64_t ticks) +uint64_t cf_check acpi_pm_tick_to_ns(uint64_t ticks) { return scale_delta(ticks, &pmt_scale); } @@ -2235,12 +2235,12 @@ static int __init cf_check disable_pit_irq(void) } __initcall(disable_pit_irq); -void pit_broadcast_enter(void) +void cf_check pit_broadcast_enter(void) { cpumask_set_cpu(smp_processor_id(), &pit_broadcast_mask); } -void pit_broadcast_exit(void) +void cf_check pit_broadcast_exit(void) { int cpu = smp_processor_id(); diff --git a/xen/drivers/cpufreq/cpufreq_misc_governors.c b/xen/drivers/cpufreq/cpufreq_misc_governors.c index ad79d0f5d2..f5571f5486 100644 --- a/xen/drivers/cpufreq/cpufreq_misc_governors.c +++ b/xen/drivers/cpufreq/cpufreq_misc_governors.c @@ -26,8 +26,8 @@ static unsigned int __read_mostly userspace_cmdline_freq; static DEFINE_PER_CPU(unsigned int, cpu_set_freq); -static int cpufreq_governor_userspace(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_userspace( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; unsigned int cpu; @@ -81,7 +81,7 @@ int write_userspace_scaling_setspeed(unsigned int cpu, unsigned int freq) return __cpufreq_driver_target(policy, freq, CPUFREQ_RELATION_L); } -static bool_t __init +static bool __init cf_check cpufreq_userspace_handle_option(const char *name, const char *val) { if (!strcmp(name, "speed") && val) { @@ -131,8 +131,8 @@ __initcall(cpufreq_gov_userspace_init); /* * cpufreq performance governor */ -static int cpufreq_governor_performance(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_performance( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; @@ -170,8 +170,8 @@ __initcall(cpufreq_gov_performance_init); /* * cpufreq powersave governor */ -static int cpufreq_governor_powersave(struct cpufreq_policy *policy, - unsigned int event) +static int cf_check cpufreq_governor_powersave( + struct cpufreq_policy *policy, unsigned int event) { int ret = 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278010.474982 (Exim 4.92) (envelope-from ) id 1nN9pe-0005eq-LF; Thu, 24 Feb 2022 08:50:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278010.474982; Thu, 24 Feb 2022 08:50:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pe-0005eh-II; Thu, 24 Feb 2022 08:50:38 +0000 Received: by outflank-mailman (input) for mailman id 278010; Thu, 24 Feb 2022 08:50:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pd-0005eU-67 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pd-00016g-5Q for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9pd-0005fO-4e for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ibhttm/H6Gqgv5xf7LTATSEXJ6sn/Ock5ST0GIKUi6Y=; b=2KEemoWKtPwywvR4+/FsQPMQGY oFC3DBbU3inzzOvCshQ4U3/8NP98oKsRqRA2lcrMhy67pXrTzvGEuEi4RAPra+h5cI33BzVojRGjb dC8xnoint2C64LmqPDQe3Bk20Gz7Je11dDkrkGb6xTJiaH6zh+NcCAi+e3+Jij4/AkwY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/quirks: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:37 +0000 commit f8840cabc61ad715ac5dc42b1a9f5a8b3cb22814 Author: Andrew Cooper AuthorDate: Fri Oct 29 20:43:29 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/quirks: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/dmi_scan.c | 10 +++++----- xen/arch/x86/hvm/quirks.c | 2 +- xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/dmi_scan.c b/xen/arch/x86/dmi_scan.c index d27cd3450a..81f80c053a 100644 --- a/xen/arch/x86/dmi_scan.c +++ b/xen/arch/x86/dmi_scan.c @@ -476,7 +476,7 @@ static void __init dmi_save_ident(const struct dmi_header *dm, int slot, int str #define NO_MATCH { DMI_NONE, NULL} #define MATCH DMI_MATCH -static int __init ich10_bios_quirk(const struct dmi_system_id *d) +static int __init cf_check ich10_bios_quirk(const struct dmi_system_id *d) { u32 port, smictl; @@ -499,14 +499,14 @@ static int __init ich10_bios_quirk(const struct dmi_system_id *d) return 0; } -static __init int reset_videomode_after_s3(const struct dmi_blacklist *d) +static __init int cf_check reset_videomode_after_s3(const struct dmi_blacklist *d) { /* See wakeup.S */ acpi_video_flags |= 2; return 0; } -static __init int dmi_disable_acpi(const struct dmi_blacklist *d) +static __init int cf_check dmi_disable_acpi(const struct dmi_blacklist *d) { if (!acpi_force) { printk(KERN_NOTICE "%s detected: acpi off\n",d->ident); @@ -521,7 +521,7 @@ static __init int dmi_disable_acpi(const struct dmi_blacklist *d) /* * Limit ACPI to CPU enumeration for HT */ -static __init int force_acpi_ht(const struct dmi_blacklist *d) +static __init int cf_check force_acpi_ht(const struct dmi_blacklist *d) { if (!acpi_force) { printk(KERN_NOTICE "%s detected: force use of acpi=ht\n", d->ident); @@ -650,7 +650,7 @@ static const struct dmi_blacklist __initconstrel dmi_blacklist[] = { * out of here. */ -static void __init dmi_decode(const struct dmi_header *dm) +static void __init cf_check dmi_decode(const struct dmi_header *dm) { #ifdef DMI_DEBUG const uint8_t *data = (const void *)dm; diff --git a/xen/arch/x86/hvm/quirks.c b/xen/arch/x86/hvm/quirks.c index 917356b131..2adab1f4b8 100644 --- a/xen/arch/x86/hvm/quirks.c +++ b/xen/arch/x86/hvm/quirks.c @@ -25,7 +25,7 @@ s8 __read_mostly hvm_port80_allowed = -1; boolean_param("hvm_port80", hvm_port80_allowed); -static int __init dmi_hvm_deny_port80(const struct dmi_system_id *id) +static int __init cf_check dmi_hvm_deny_port80(const struct dmi_system_id *id) { printk(XENLOG_WARNING "%s: port 0x80 access %s allowed for HVM guests\n", id->ident, hvm_port80_allowed > 0 ? "forcibly" : "not"); diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index 30985d36a6..7619544d14 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -158,7 +158,7 @@ static void default_reboot_type(void) reboot_type = BOOT_ACPI; } -static int __init override_reboot(const struct dmi_system_id *d) +static int __init cf_check override_reboot(const struct dmi_system_id *d) { enum reboot_type type = (long)d->driver_data; diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c b/xen/arch/x86/x86_64/mmconfig-shared.c index 2fa7f3f0bc..74b22b71a1 100644 --- a/xen/arch/x86/x86_64/mmconfig-shared.c +++ b/xen/arch/x86/x86_64/mmconfig-shared.c @@ -62,7 +62,7 @@ static int __init cf_check parse_mmcfg(const char *s) } custom_param("mmcfg", parse_mmcfg); -static const char __init *pci_mmcfg_e7520(void) +static const char *__init cf_check pci_mmcfg_e7520(void) { u32 win; win = pci_conf_read16(PCI_SBDF(0, 0, 0, 0), 0xce); @@ -84,7 +84,7 @@ static const char __init *pci_mmcfg_e7520(void) return "Intel Corporation E7520 Memory Controller Hub"; } -static const char __init *pci_mmcfg_intel_945(void) +static const char *__init cf_check pci_mmcfg_intel_945(void) { u32 pciexbar, mask = 0, len = 0; @@ -137,7 +137,7 @@ static const char __init *pci_mmcfg_intel_945(void) return "Intel Corporation 945G/GZ/P/PL Express Memory Controller Hub"; } -static const char __init *pci_mmcfg_amd_fam10h(void) +static const char *__init cf_check pci_mmcfg_amd_fam10h(void) { uint32_t address; uint64_t base, msr_content; @@ -190,7 +190,7 @@ static const char __init *pci_mmcfg_amd_fam10h(void) return "AMD Family 10h NB"; } -static const char __init *pci_mmcfg_nvidia_mcp55(void) +static const char *__init cf_check pci_mmcfg_nvidia_mcp55(void) { static bool_t __initdata mcp55_checked; int bus, i; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:48 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278011.474985 (Exim 4.92) (envelope-from ) id 1nN9po-0005iD-Mk; Thu, 24 Feb 2022 08:50:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278011.474985; Thu, 24 Feb 2022 08:50:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9po-0005i6-Jl; Thu, 24 Feb 2022 08:50:48 +0000 Received: by outflank-mailman (input) for mailman id 278011; Thu, 24 Feb 2022 08:50:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pn-0005hr-9w for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9pn-00016k-9B for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9pn-0005gA-8K for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=83W1jtKoF3iiofe1T9IdKtjkfnANFo+Ws3MjclP81Yc=; b=S7dyRUYwP4GG8xQJJ8SY6vaR4l dfs85ceRy8NaWzti2/eNJy6DRUi3GH5uCsw5f5fYVS49v8DJS/LhD92KAFoNFKGHmLakfCoCgWQig mXszzKvcMhU2q/IqSj7gXruP7VRxySu8Ctl+FEaW1uHVhhnJGWpt4p4qSv2PxYS3r+0A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvmsave: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:47 +0000 commit 5b587af6a79062ff086d3df0d5047577edbde424 Author: Andrew Cooper AuthorDate: Fri Oct 29 16:30:57 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvmsave: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/vmce.c | 4 ++-- xen/arch/x86/emul-i8254.c | 4 ++-- xen/arch/x86/hvm/hpet.c | 4 ++-- xen/arch/x86/hvm/hvm.c | 18 ++++++++++-------- xen/arch/x86/hvm/irq.c | 12 ++++++------ xen/arch/x86/hvm/mtrr.c | 4 ++-- xen/arch/x86/hvm/pmtimer.c | 4 ++-- xen/arch/x86/hvm/rtc.c | 4 ++-- xen/arch/x86/hvm/vioapic.c | 4 ++-- xen/arch/x86/hvm/viridian/viridian.c | 15 ++++++++------- xen/arch/x86/hvm/vlapic.c | 8 ++++---- xen/arch/x86/hvm/vpic.c | 4 ++-- 12 files changed, 44 insertions(+), 41 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index eb6434a3ba..458120f9ad 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -353,7 +353,7 @@ int vmce_wrmsr(uint32_t msr, uint64_t val) } #if CONFIG_HVM -static int vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) { struct hvm_vmce_vcpu ctxt = { .caps = v->arch.vmce.mcg_cap, @@ -365,7 +365,7 @@ static int vmce_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(VMCE_VCPU, v->vcpu_id, h, &ctxt); } -static int vmce_load_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h) +static int cf_check vmce_load_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index 0e09a17318..d170f464d9 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -391,7 +391,7 @@ void pit_stop_channel0_irq(PITState *pit) spin_unlock(&pit->lock); } -static int pit_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check pit_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; PITState *pit = domain_vpit(d); @@ -409,7 +409,7 @@ static int pit_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int pit_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check pit_load(struct domain *d, hvm_domain_context_t *h) { PITState *pit = domain_vpit(d); int i, rc = 0; diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 7bdb51cfa1..ed512fa65b 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -582,7 +582,7 @@ static const struct hvm_mmio_ops hpet_mmio_ops = { }; -static int hpet_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hpet_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; HPETState *hp = domain_vhpet(d); @@ -645,7 +645,7 @@ static int hpet_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int hpet_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check hpet_load(struct domain *d, hvm_domain_context_t *h) { HPETState *hp = domain_vhpet(d); struct hvm_hw_hpet *rec; diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index e87e809a94..4cf313a0ad 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -756,7 +756,7 @@ void hvm_domain_destroy(struct domain *d) destroy_vpci_mmcfg(d); } -static int hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) { struct hvm_tsc_adjust ctxt = { .tsc_adjust = v->arch.hvm.msr_tsc_adjust, @@ -765,7 +765,7 @@ static int hvm_save_tsc_adjust(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(TSC_ADJUST, v->vcpu_id, h, &ctxt); } -static int hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -788,7 +788,7 @@ static int hvm_load_tsc_adjust(struct domain *d, hvm_domain_context_t *h) HVM_REGISTER_SAVE_RESTORE(TSC_ADJUST, hvm_save_tsc_adjust, hvm_load_tsc_adjust, 1, HVMSR_PER_VCPU); -static int hvm_save_cpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) { struct segment_register seg; struct hvm_hw_cpu ctxt = { @@ -971,7 +971,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d) (cet ? X86_CR4_CET : 0)); } -static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -1172,7 +1172,8 @@ HVM_REGISTER_SAVE_RESTORE(CPU, hvm_save_cpu_ctxt, hvm_load_cpu_ctxt, 1, save_area) + \ xstate_ctxt_size(xcr0)) -static int hvm_save_cpu_xsave_states(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_xsave_states( + struct vcpu *v, hvm_domain_context_t *h) { struct hvm_hw_cpu_xsave *ctxt; unsigned int size = HVM_CPU_XSAVE_SIZE(v->arch.xcr0_accum); @@ -1210,7 +1211,8 @@ CHECK_FIELD_(struct, xsave_hdr, reserved); #undef compat_xsave_hdr #undef xen_xsave_hdr -static int hvm_load_cpu_xsave_states(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_xsave_states( + struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid, size; int err; @@ -1338,7 +1340,7 @@ static const uint32_t msrs_to_send[] = { MSR_AMD64_DR3_ADDRESS_MASK, }; -static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_save_descriptor *desc = _p(&h->data[h->cur]); @@ -1418,7 +1420,7 @@ static int hvm_save_cpu_msrs(struct vcpu *v, hvm_domain_context_t *h) return 0; } -static int hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_cpu_msrs(struct domain *d, hvm_domain_context_t *h) { unsigned int i, vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index a7f8991a7b..5a7f39b54f 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -657,7 +657,7 @@ static int __init cf_check dump_irq_info_key_init(void) } __initcall(dump_irq_info_key_init); -static int irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -690,7 +690,7 @@ static int irq_save_pci(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -699,7 +699,7 @@ static int irq_save_isa(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(ISA_IRQ, 0, h, &hvm_irq->isa_irq); } -static int irq_save_link(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check irq_save_link(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_irq *hvm_irq = hvm_domain_irq(d); @@ -708,7 +708,7 @@ static int irq_save_link(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(PCI_LINK, 0, h, &hvm_irq->pci_link); } -static int irq_load_pci(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_pci(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int link, dev, intx, gsi; @@ -741,7 +741,7 @@ static int irq_load_pci(struct domain *d, hvm_domain_context_t *h) return 0; } -static int irq_load_isa(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_isa(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int irq; @@ -760,7 +760,7 @@ static int irq_load_isa(struct domain *d, hvm_domain_context_t *h) } -static int irq_load_link(struct domain *d, hvm_domain_context_t *h) +static int cf_check irq_load_link(struct domain *d, hvm_domain_context_t *h) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); int link, gsi; diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index 42f3d83192..4d2aa6def8 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -687,7 +687,7 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start, return 0; } -static int hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) { const struct mtrr_state *mtrr_state = &v->arch.hvm.mtrr; struct hvm_hw_mtrr hw_mtrr = { @@ -725,7 +725,7 @@ static int hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(MTRR, v->vcpu_id, h, &hw_mtrr); } -static int hvm_load_mtrr_msr(struct domain *d, hvm_domain_context_t *h) +static int cf_check hvm_load_mtrr_msr(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid, i; struct vcpu *v; diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 60e3c8de4c..2a89bbdfa5 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -249,7 +249,7 @@ static int cf_check handle_pmt_io( return X86EMUL_OKAY; } -static int acpi_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check acpi_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_hw_acpi *acpi = &d->arch.hvm.acpi; @@ -281,7 +281,7 @@ static int acpi_save(struct vcpu *v, hvm_domain_context_t *h) return rc; } -static int acpi_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check acpi_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_hw_acpi *acpi = &d->arch.hvm.acpi; PMTState *s = &d->arch.hvm.pl_time->vpmt; diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index bdc647e433..ed397276fa 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -738,7 +738,7 @@ void rtc_migrate_timers(struct vcpu *v) } /* Save RTC hardware state */ -static int rtc_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check rtc_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; RTCState *s = domain_vrtc(d); @@ -756,7 +756,7 @@ static int rtc_save(struct vcpu *v, hvm_domain_context_t *h) } /* Reload the hardware state from a saved domain */ -static int rtc_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check rtc_load(struct domain *d, hvm_domain_context_t *h) { RTCState *s = domain_vrtc(d); diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c index b56549aa22..d5d5b02421 100644 --- a/xen/arch/x86/hvm/vioapic.c +++ b/xen/arch/x86/hvm/vioapic.c @@ -590,7 +590,7 @@ int vioapic_get_trigger_mode(const struct domain *d, unsigned int gsi) return vioapic->redirtbl[pin].fields.trig_mode; } -static int ioapic_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check ioapic_save(struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; struct hvm_vioapic *s; @@ -607,7 +607,7 @@ static int ioapic_save(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(IOAPIC, 0, h, &s->domU); } -static int ioapic_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check ioapic_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_vioapic *s; diff --git a/xen/arch/x86/hvm/viridian/viridian.c b/xen/arch/x86/hvm/viridian/viridian.c index 7ebcaa1c89..25dca93e8b 100644 --- a/xen/arch/x86/hvm/viridian/viridian.c +++ b/xen/arch/x86/hvm/viridian/viridian.c @@ -1104,8 +1104,8 @@ void viridian_unmap_guest_page(struct viridian_page *vp) put_page_and_type(page); } -static int viridian_save_domain_ctxt(struct vcpu *v, - hvm_domain_context_t *h) +static int cf_check viridian_save_domain_ctxt( + struct vcpu *v, hvm_domain_context_t *h) { const struct domain *d = v->domain; const struct viridian_domain *vd = d->arch.hvm.viridian; @@ -1123,8 +1123,8 @@ static int viridian_save_domain_ctxt(struct vcpu *v, return (hvm_save_entry(VIRIDIAN_DOMAIN, 0, h, &ctxt) != 0); } -static int viridian_load_domain_ctxt(struct domain *d, - hvm_domain_context_t *h) +static int cf_check viridian_load_domain_ctxt( + struct domain *d, hvm_domain_context_t *h) { struct viridian_domain *vd = d->arch.hvm.viridian; struct hvm_viridian_domain_context ctxt; @@ -1144,7 +1144,8 @@ static int viridian_load_domain_ctxt(struct domain *d, HVM_REGISTER_SAVE_RESTORE(VIRIDIAN_DOMAIN, viridian_save_domain_ctxt, viridian_load_domain_ctxt, 1, HVMSR_PER_DOM); -static int viridian_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check viridian_save_vcpu_ctxt( + struct vcpu *v, hvm_domain_context_t *h) { struct hvm_viridian_vcpu_context ctxt = {}; @@ -1157,8 +1158,8 @@ static int viridian_save_vcpu_ctxt(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(VIRIDIAN_VCPU, v->vcpu_id, h, &ctxt); } -static int viridian_load_vcpu_ctxt(struct domain *d, - hvm_domain_context_t *h) +static int cf_check viridian_load_vcpu_ctxt( + struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index 652e3cb87f..d4e29ef1ff 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -1482,7 +1482,7 @@ static void lapic_rearm(struct vlapic *s) s->timer_last_update = s->pt.last_plt_gtime; } -static int lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) { if ( !has_vlapic(v->domain) ) return 0; @@ -1490,7 +1490,7 @@ static int lapic_save_hidden(struct vcpu *v, hvm_domain_context_t *h) return hvm_save_entry(LAPIC, v->vcpu_id, h, &vcpu_vlapic(v)->hw); } -static int lapic_save_regs(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check lapic_save_regs(struct vcpu *v, hvm_domain_context_t *h) { if ( !has_vlapic(v->domain) ) return 0; @@ -1529,7 +1529,7 @@ static void lapic_load_fixup(struct vlapic *vlapic) } } -static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) +static int cf_check lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; @@ -1563,7 +1563,7 @@ static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h) return 0; } -static int lapic_load_regs(struct domain *d, hvm_domain_context_t *h) +static int cf_check lapic_load_regs(struct domain *d, hvm_domain_context_t *h) { unsigned int vcpuid = hvm_load_instance(h); struct vcpu *v; diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 5d8ef259b7..b3cafaab8f 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -400,7 +400,7 @@ static int cf_check vpic_intercept_elcr_io( return X86EMUL_OKAY; } -static int vpic_save(struct vcpu *v, hvm_domain_context_t *h) +static int cf_check vpic_save(struct vcpu *v, hvm_domain_context_t *h) { struct domain *d = v->domain; struct hvm_hw_vpic *s; @@ -420,7 +420,7 @@ static int vpic_save(struct vcpu *v, hvm_domain_context_t *h) return 0; } -static int vpic_load(struct domain *d, hvm_domain_context_t *h) +static int cf_check vpic_load(struct domain *d, hvm_domain_context_t *h) { struct hvm_hw_vpic *s; unsigned int inst = hvm_load_instance(h); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:50:58 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:50:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278012.474990 (Exim 4.92) (envelope-from ) id 1nN9py-0005lV-QX; Thu, 24 Feb 2022 08:50:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278012.474990; Thu, 24 Feb 2022 08:50:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9py-0005lL-NX; Thu, 24 Feb 2022 08:50:58 +0000 Received: by outflank-mailman (input) for mailman id 278012; Thu, 24 Feb 2022 08:50:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9px-0005lB-DN for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9px-00016o-Cf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9px-0005h2-Br for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:50:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BmSMqY7XJVPYyhIvHmDLjWSMmm1J5R0t5WDcEKYrCVE=; b=J6AWRf7D6qDSVldo20nz9xFmP0 ccRXKukDuZocPfBXe58IGXHVcUZIDg3WrUKemvj/kREFivXWb3BzQKqaifls/aHPVcbzIPqHd8vq3 O5WzSXIYgRP5+wEcinIwTe6fik3ihQaYeMOBMUUYCvQOmCQrf4yvhj8z1JQQ6nhOIyk8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mce: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:50:57 +0000 commit f716c734e9573da42f8c5c6ce301801bf0eb620e Author: Andrew Cooper AuthorDate: Fri Oct 29 11:15:03 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/mce: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/mce.c | 8 ++++---- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 9 ++++---- xen/arch/x86/cpu/mcheck/mce_amd.h | 4 ++-- xen/arch/x86/cpu/mcheck/mce_intel.c | 41 +++++++++++++++++-------------------- 5 files changed, 31 insertions(+), 33 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 3467e0f1a3..275c54be7c 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -75,7 +75,7 @@ static int __init cf_check mce_set_verbosity(const char *str) custom_param("mce_verbosity", mce_set_verbosity); /* Handle unconfigured int18 (should never happen) */ -static void unexpected_machine_check(const struct cpu_user_regs *regs) +static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) { console_force_unlock(); printk("Unexpected Machine Check Exception\n"); @@ -469,7 +469,7 @@ static int mce_urgent_action(const struct cpu_user_regs *regs, } /* Shared #MC handler. */ -void mcheck_cmn_handler(const struct cpu_user_regs *regs) +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs) { static DEFINE_MCE_BARRIER(mce_trap_bar); static atomic_t severity_cpu = ATOMIC_INIT(-1); @@ -1684,7 +1684,7 @@ long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) } int mcinfo_dumpped; -static int x86_mcinfo_dump_panic(mctelem_cookie_t mctc) +static int cf_check x86_mcinfo_dump_panic(mctelem_cookie_t mctc) { struct mc_info *mcip = mctelem_dataptr(mctc); @@ -1801,7 +1801,7 @@ static enum mce_result mce_action(const struct cpu_user_regs *regs, * should be committed for dom0 consumption, 0 if it should be * dismissed. */ -static int mce_delayed_action(mctelem_cookie_t mctc) +static int cf_check mce_delayed_action(mctelem_cookie_t mctc) { enum mce_result result; int ret = 0; diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 1953626919..535d0abf8f 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -70,7 +70,7 @@ extern void x86_mce_vector_register(x86_mce_vector_t); * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ -extern void mcheck_cmn_handler(const struct cpu_user_regs *regs); +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); /* Register a handler for judging whether mce is recoverable. */ typedef bool (*mce_recoverable_t)(uint64_t status); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index 279a8e6f12..d7ae8919df 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -113,7 +113,7 @@ mc_ec2type(uint16_t errorcode) return 0; } -bool mc_amd_recoverable_scan(uint64_t status) +bool cf_check mc_amd_recoverable_scan(uint64_t status) { bool ret = false; enum mc_ec_type ectype; @@ -143,7 +143,7 @@ bool mc_amd_recoverable_scan(uint64_t status) return ret; } -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) { enum mc_ec_type ectype; uint16_t errorcode; @@ -216,7 +216,7 @@ static void mcequirk_amd_apply(enum mcequirk_amd_flags flags) } } -static struct mcinfo_extended * +static struct mcinfo_extended *cf_check amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) { struct mcinfo_extended *mc_ext; @@ -252,7 +252,8 @@ amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) return mc_ext; } -static bool amd_need_clearbank_scan(enum mca_source who, uint64_t status) +static bool cf_check amd_need_clearbank_scan( + enum mca_source who, uint64_t status) { if ( who != MCA_MCE_SCAN ) return true; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.h b/xen/arch/x86/cpu/mcheck/mce_amd.h index 67c4545470..c12c25d745 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.h +++ b/xen/arch/x86/cpu/mcheck/mce_amd.h @@ -1,7 +1,7 @@ #ifndef _MCHECK_AMD_H #define _MCHECK_AMD_H -bool mc_amd_recoverable_scan(uint64_t status); -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); +bool cf_check mc_amd_recoverable_scan(uint64_t status); +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); #endif diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 7aaa56fd02..50198e0c29 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -271,12 +271,13 @@ static void intel_memerr_dhandler( mc_memerr_dhandler(binfo, result, regs); } -static bool intel_srar_check(uint64_t status) +static bool cf_check intel_srar_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srar); } -static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) +static bool cf_check intel_checkaddr( + uint64_t status, uint64_t misc, int addrtype) { if ( !(status & MCi_STATUS_ADDRV) || !(status & MCi_STATUS_MISCV) || @@ -287,10 +288,9 @@ static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) return (addrtype == MC_ADDR_PHYSICAL); } -static void intel_srar_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srar_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -306,15 +306,14 @@ static void intel_srar_dhandler( } } -static bool intel_srao_check(uint64_t status) +static bool cf_check intel_srao_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srao); } -static void intel_srao_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srao_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -333,15 +332,14 @@ static void intel_srao_dhandler( } } -static bool intel_default_check(uint64_t status) +static bool cf_check intel_default_check(uint64_t status) { return true; } -static void intel_default_mce_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs * regs) +static void cf_check intel_default_mce_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs * regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -360,10 +358,9 @@ static const struct mca_error_handler intel_mce_dhandlers[] = { {intel_default_check, intel_default_mce_dhandler} }; -static void intel_default_mce_uhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_default_mce_uhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -396,7 +393,7 @@ static const struct mca_error_handler intel_mce_uhandlers[] = { * 3) ser_support = 1, SRAO, UC = 1, S = 1, AR = 0, [EN = 1] */ -static bool intel_need_clearbank_scan(enum mca_source who, u64 status) +static bool cf_check intel_need_clearbank_scan(enum mca_source who, u64 status) { if ( who == MCA_CMCI_HANDLER ) { @@ -453,7 +450,7 @@ static bool intel_need_clearbank_scan(enum mca_source who, u64 status) * 4) SRAO ser_support = 1, PCC = 0, S = 1, AR = 0, EN = 1 [UC = 1] * 5) UCNA ser_support = 1, OVER = 0, EN = 1, PCC = 0, S = 0, AR = 0, [UC = 1] */ -static bool intel_recoverable_scan(uint64_t status) +static bool cf_check intel_recoverable_scan(uint64_t status) { if ( !(status & MCi_STATUS_UC ) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278013.474995 (Exim 4.92) (envelope-from ) id 1nN9q7-0005oG-SS; Thu, 24 Feb 2022 08:51:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278013.474995; Thu, 24 Feb 2022 08:51:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9q7-0005o7-P2; Thu, 24 Feb 2022 08:51:07 +0000 Received: by outflank-mailman (input) for mailman id 278013; Thu, 24 Feb 2022 08:51:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9q7-0005nx-Gd for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9q7-00017O-Fw for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9q7-0005hs-FF for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fnDNxKKktYDDVMAql4UoxyNR2G0pvcKqMnUd/1ktE3g=; b=XThr6rggtvrWBYw9fKxg6myeKo hND1oovklQTVYVMD0IxLu3NwavyrNKOjSXiqBCwzVM8UK5p4IYsrc60AbXowG9/7B4EgGur09k9Ct S67uxgr9rEYGBnzQkbMkbtQyVWm9ojFz0w4eFWnlleTJbzl5+kyYljndIYJxikpdrwOA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pmu: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:07 +0000 commit 8ec706d9024f82e4be8deadf7bebbb25efae8396 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:07:04 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/pmu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/vpmu_amd.c | 16 ++++++++-------- xen/arch/x86/cpu/vpmu_intel.c | 16 ++++++++-------- xen/arch/x86/oprofile/op_model_athlon.c | 16 ++++++++-------- xen/arch/x86/oprofile/op_model_p4.c | 14 +++++++------- xen/arch/x86/oprofile/op_model_ppro.c | 26 ++++++++++++++------------ 5 files changed, 45 insertions(+), 43 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 25ad4ecf48..5963ce9015 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -186,7 +186,7 @@ static void amd_vpmu_unset_msr_bitmap(struct vcpu *v) msr_bitmap_off(vpmu); } -static int amd_vpmu_do_interrupt(struct cpu_user_regs *regs) +static int cf_check amd_vpmu_do_interrupt(struct cpu_user_regs *regs) { return 1; } @@ -206,7 +206,7 @@ static inline void context_load(struct vcpu *v) } } -static int amd_vpmu_load(struct vcpu *v, bool_t from_guest) +static int cf_check amd_vpmu_load(struct vcpu *v, bool from_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct xen_pmu_amd_ctxt *ctxt; @@ -280,7 +280,7 @@ static inline void context_save(struct vcpu *v) rdmsrl(counters[i], counter_regs[i]); } -static int amd_vpmu_save(struct vcpu *v, bool_t to_guest) +static int cf_check amd_vpmu_save(struct vcpu *v, bool to_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); unsigned int i; @@ -348,7 +348,7 @@ static void context_update(unsigned int msr, u64 msr_content) } } -static int amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) +static int cf_check amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) { struct vcpu *v = current; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -404,7 +404,7 @@ static int amd_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) return 0; } -static int amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) +static int cf_check amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) { struct vcpu *v = current; struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -422,7 +422,7 @@ static int amd_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) return 0; } -static void amd_vpmu_destroy(struct vcpu *v) +static void cf_check amd_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -440,7 +440,7 @@ static void amd_vpmu_destroy(struct vcpu *v) } /* VPMU part of the 'q' keyhandler */ -static void amd_vpmu_dump(const struct vcpu *v) +static void cf_check amd_vpmu_dump(const struct vcpu *v) { const struct vpmu_struct *vpmu = vcpu_vpmu(v); const struct xen_pmu_amd_ctxt *ctxt = vpmu->context; @@ -480,7 +480,7 @@ static void amd_vpmu_dump(const struct vcpu *v) } } -static int svm_vpmu_initialise(struct vcpu *v) +static int cf_check svm_vpmu_initialise(struct vcpu *v) { struct xen_pmu_amd_ctxt *ctxt; struct vpmu_struct *vpmu = vcpu_vpmu(v); diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 22dd4469d9..48b81ab6f0 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -288,7 +288,7 @@ static inline void __core2_vpmu_save(struct vcpu *v) rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, core2_vpmu_cxt->global_status); } -static int core2_vpmu_save(struct vcpu *v, bool_t to_guest) +static int cf_check core2_vpmu_save(struct vcpu *v, bool to_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -407,7 +407,7 @@ static int core2_vpmu_verify(struct vcpu *v) return 0; } -static int core2_vpmu_load(struct vcpu *v, bool_t from_guest) +static int cf_check core2_vpmu_load(struct vcpu *v, bool from_guest) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -522,7 +522,7 @@ static int core2_vpmu_msr_common_check(u32 msr_index, int *type, int *index) return 1; } -static int core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) +static int cf_check core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) { int i, tmp; int type = -1, index = -1; @@ -690,7 +690,7 @@ static int core2_vpmu_do_wrmsr(unsigned int msr, uint64_t msr_content) return 0; } -static int core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) +static int cf_check core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) { int type = -1, index = -1; struct vcpu *v = current; @@ -730,7 +730,7 @@ static int core2_vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) } /* Dump vpmu info on console, called in the context of keyhandler 'q'. */ -static void core2_vpmu_dump(const struct vcpu *v) +static void cf_check core2_vpmu_dump(const struct vcpu *v) { const struct vpmu_struct *vpmu = vcpu_vpmu(v); unsigned int i; @@ -775,7 +775,7 @@ static void core2_vpmu_dump(const struct vcpu *v) } } -static int core2_vpmu_do_interrupt(struct cpu_user_regs *regs) +static int cf_check core2_vpmu_do_interrupt(struct cpu_user_regs *regs) { struct vcpu *v = current; u64 msr_content; @@ -802,7 +802,7 @@ static int core2_vpmu_do_interrupt(struct cpu_user_regs *regs) return 1; } -static void core2_vpmu_destroy(struct vcpu *v) +static void cf_check core2_vpmu_destroy(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -816,7 +816,7 @@ static void core2_vpmu_destroy(struct vcpu *v) vpmu_clear(vpmu); } -static int vmx_vpmu_initialise(struct vcpu *v) +static int cf_check vmx_vpmu_initialise(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); u64 msr_content; diff --git a/xen/arch/x86/oprofile/op_model_athlon.c b/xen/arch/x86/oprofile/op_model_athlon.c index 2177f02946..7bc5853a6c 100644 --- a/xen/arch/x86/oprofile/op_model_athlon.c +++ b/xen/arch/x86/oprofile/op_model_athlon.c @@ -164,7 +164,7 @@ static inline u64 op_amd_randomize_ibs_op(u64 val) return val; } -static void athlon_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check athlon_fill_in_addresses(struct op_msrs * const msrs) { msrs->counters[0].addr = MSR_K7_PERFCTR0; msrs->counters[1].addr = MSR_K7_PERFCTR1; @@ -177,7 +177,7 @@ static void athlon_fill_in_addresses(struct op_msrs * const msrs) msrs->controls[3].addr = MSR_K7_EVNTSEL3; } -static void fam15h_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check fam15h_fill_in_addresses(struct op_msrs * const msrs) { msrs->counters[0].addr = MSR_AMD_FAM15H_PERFCTR0; msrs->counters[1].addr = MSR_AMD_FAM15H_PERFCTR1; @@ -194,7 +194,7 @@ static void fam15h_fill_in_addresses(struct op_msrs * const msrs) msrs->controls[5].addr = MSR_AMD_FAM15H_EVNTSEL5; } -static void athlon_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check athlon_setup_ctrs(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -308,9 +308,9 @@ static inline int handle_ibs(int mode, struct cpu_user_regs const * const regs) return 1; } -static int athlon_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check athlon_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { uint64_t msr_content; @@ -386,7 +386,7 @@ static inline void start_ibs(void) } } -static void athlon_start(struct op_msrs const * const msrs) +static void cf_check athlon_start(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -415,7 +415,7 @@ static void stop_ibs(void) wrmsrl(MSR_AMD64_IBSOPCTL, 0); } -static void athlon_stop(struct op_msrs const * const msrs) +static void cf_check athlon_stop(struct op_msrs const * const msrs) { uint64_t msr_content; int i; diff --git a/xen/arch/x86/oprofile/op_model_p4.c b/xen/arch/x86/oprofile/op_model_p4.c index b08ba53cbd..d047258644 100644 --- a/xen/arch/x86/oprofile/op_model_p4.c +++ b/xen/arch/x86/oprofile/op_model_p4.c @@ -390,7 +390,7 @@ static unsigned int get_stagger(void) static unsigned long reset_value[NUM_COUNTERS_NON_HT]; -static void p4_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check p4_fill_in_addresses(struct op_msrs * const msrs) { unsigned int i; unsigned int addr, stag; @@ -530,7 +530,7 @@ static void pmc_setup_one_p4_counter(unsigned int ctr) } -static void p4_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check p4_setup_ctrs(struct op_msrs const * const msrs) { unsigned int i; uint64_t msr_content; @@ -609,9 +609,9 @@ static void p4_setup_ctrs(struct op_msrs const * const msrs) } } -static int p4_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check p4_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { unsigned long ctr, stag, real; uint64_t msr_content; @@ -665,7 +665,7 @@ static int p4_check_ctrs(unsigned int const cpu, } -static void p4_start(struct op_msrs const * const msrs) +static void cf_check p4_start(struct op_msrs const * const msrs) { unsigned int stag; uint64_t msr_content; @@ -683,7 +683,7 @@ static void p4_start(struct op_msrs const * const msrs) } -static void p4_stop(struct op_msrs const * const msrs) +static void cf_check p4_stop(struct op_msrs const * const msrs) { unsigned int stag; uint64_t msr_content; diff --git a/xen/arch/x86/oprofile/op_model_ppro.c b/xen/arch/x86/oprofile/op_model_ppro.c index 72c504a102..8d7e13ea87 100644 --- a/xen/arch/x86/oprofile/op_model_ppro.c +++ b/xen/arch/x86/oprofile/op_model_ppro.c @@ -63,7 +63,7 @@ static int counter_width = 32; static unsigned long reset_value[OP_MAX_COUNTER]; int ppro_has_global_ctrl = 0; -static void ppro_fill_in_addresses(struct op_msrs * const msrs) +static void cf_check ppro_fill_in_addresses(struct op_msrs * const msrs) { int i; @@ -74,7 +74,7 @@ static void ppro_fill_in_addresses(struct op_msrs * const msrs) } -static void ppro_setup_ctrs(struct op_msrs const * const msrs) +static void cf_check ppro_setup_ctrs(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -128,9 +128,9 @@ static void ppro_setup_ctrs(struct op_msrs const * const msrs) } } -static int ppro_check_ctrs(unsigned int const cpu, - struct op_msrs const * const msrs, - struct cpu_user_regs const * const regs) +static int cf_check ppro_check_ctrs( + unsigned int const cpu, struct op_msrs const * const msrs, + struct cpu_user_regs const * const regs) { u64 val; int i; @@ -170,7 +170,7 @@ static int ppro_check_ctrs(unsigned int const cpu, } -static void ppro_start(struct op_msrs const * const msrs) +static void cf_check ppro_start(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -190,7 +190,7 @@ static void ppro_start(struct op_msrs const * const msrs) } -static void ppro_stop(struct op_msrs const * const msrs) +static void cf_check ppro_stop(struct op_msrs const * const msrs) { uint64_t msr_content; int i; @@ -206,7 +206,7 @@ static void ppro_stop(struct op_msrs const * const msrs) wrmsrl(MSR_CORE_PERF_GLOBAL_CTRL, 0x0ULL); } -static int ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) +static int cf_check ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) { if ( (msr_index >= MSR_IA32_PERFCTR0) && (msr_index < (MSR_IA32_PERFCTR0 + num_counters)) ) @@ -226,7 +226,7 @@ static int ppro_is_arch_pmu_msr(u64 msr_index, int *type, int *index) return 0; } -static int ppro_allocate_msr(struct vcpu *v) +static int cf_check ppro_allocate_msr(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); struct arch_msr_pair *msr_content; @@ -245,7 +245,7 @@ out: return 0; } -static void ppro_free_msr(struct vcpu *v) +static void cf_check ppro_free_msr(struct vcpu *v) { struct vpmu_struct *vpmu = vcpu_vpmu(v); @@ -255,7 +255,8 @@ static void ppro_free_msr(struct vcpu *v) vpmu_reset(vpmu, VPMU_PASSIVE_DOMAIN_ALLOCATED); } -static void ppro_load_msr(struct vcpu *v, int type, int index, u64 *msr_content) +static void cf_check ppro_load_msr( + struct vcpu *v, int type, int index, u64 *msr_content) { struct arch_msr_pair *msrs = vcpu_vpmu(v)->context; switch ( type ) @@ -269,7 +270,8 @@ static void ppro_load_msr(struct vcpu *v, int type, int index, u64 *msr_content) } } -static void ppro_save_msr(struct vcpu *v, int type, int index, u64 msr_content) +static void cf_check ppro_save_msr( + struct vcpu *v, int type, int index, u64 msr_content) { struct arch_msr_pair *msrs = vcpu_vpmu(v)->context; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278014.474998 (Exim 4.92) (envelope-from ) id 1nN9qI-0005qp-Tj; Thu, 24 Feb 2022 08:51:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278014.474998; Thu, 24 Feb 2022 08:51:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qI-0005qh-Qn; Thu, 24 Feb 2022 08:51:18 +0000 Received: by outflank-mailman (input) for mailman id 278014; Thu, 24 Feb 2022 08:51:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qH-0005qZ-Jm for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qH-00017S-J9 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9qH-0005if-IX for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8XN3uHJtBsNdFPeXF4fxjurxnlhCNge0zh92l4740Fc=; b=Q1WyVZ3R5S9a169xuJls81ieZ5 6/IW9PdesJOxndJnSYUSsHdF8H2OQRu5ME4O3VQCLvPgrN5dzUBKh67AheLeiTPLwre1wpZf5SiJP 325Qrms6c1Z75887B5Uzf99QSEV4KqdewagOJOTCvOGzObnPH6MnDTVImtJTcupt0rng=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpu: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:17 +0000 commit 78f14da74c79864d5b1c5b9df3d3f0ac5a28a546 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:11:52 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/cpu: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/cpu/amd.c | 6 +++--- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/cpu.h | 2 +- xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 6 +++--- xen/arch/x86/cpu/shanghai.c | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 2d18223f20..4999f8be2b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -208,7 +208,7 @@ static void __init noinline probe_masking_msrs(void) * parameter of NULL is used to context switch to the default host state (by * the cpu bringup-code, crash path, etc). */ -static void amd_ctxt_switch_masking(const struct vcpu *next) +static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) { struct cpuidmasks *these_masks = &this_cpu(cpuidmasks); const struct domain *nextd = next ? next->domain : NULL; @@ -634,7 +634,7 @@ void amd_log_freq(const struct cpuinfo_x86 *c) #undef FREQ } -void early_init_amd(struct cpuinfo_x86 *c) +void cf_check early_init_amd(struct cpuinfo_x86 *c) { if (c == &boot_cpu_data) amd_init_levelling(); @@ -744,7 +744,7 @@ void __init detect_zen2_null_seg_behaviour(void) } -static void init_amd(struct cpuinfo_x86 *c) +static void cf_check init_amd(struct cpuinfo_x86 *c) { u32 l, h; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index 34a5bfcaee..eac49d78db 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -48,7 +48,7 @@ static void init_c3(struct cpuinfo_x86 *c) display_cacheinfo(c); } -static void init_centaur(struct cpuinfo_x86 *c) +static void cf_check init_centaur(struct cpuinfo_x86 *c) { if (c->x86 == 6) init_c3(c); diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 3d61d95386..2429818e60 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -104,7 +104,7 @@ bool __init is_forced_cpu_cap(unsigned int cap) return test_bit(cap, forced_caps); } -static void default_init(struct cpuinfo_x86 * c) +static void cf_check default_init(struct cpuinfo_x86 * c) { /* Not much we can do here... */ /* Check if at least it has cpuid */ diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index b593bd85f0..a228087f91 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -18,7 +18,7 @@ extern void display_cacheinfo(struct cpuinfo_x86 *c); extern void detect_ht(struct cpuinfo_x86 *c); extern bool detect_extended_topology(struct cpuinfo_x86 *c); -void early_init_amd(struct cpuinfo_x86 *c); +void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index cdc94130dd..3c8516e014 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -28,7 +28,7 @@ static void hygon_get_topology(struct cpuinfo_x86 *c) c->phys_proc_id, c->cpu_core_id); } -static void init_hygon(struct cpuinfo_x86 *c) +static void cf_check init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index eb5fba35ca..dc6a0c7807 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -176,7 +176,7 @@ static void __init probe_masking_msrs(void) * parameter of NULL is used to context switch to the default host state (by * the cpu bringup-code, crash path, etc). */ -static void intel_ctxt_switch_masking(const struct vcpu *next) +static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) { struct cpuidmasks *these_masks = &this_cpu(cpuidmasks); const struct domain *nextd = next ? next->domain : NULL; @@ -286,7 +286,7 @@ static void __init noinline intel_init_levelling(void) ctxt_switch_masking = intel_ctxt_switch_masking; } -static void early_init_intel(struct cpuinfo_x86 *c) +static void cf_check early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable, disable; @@ -518,7 +518,7 @@ static void intel_log_freq(const struct cpuinfo_x86 *c) printk("%u MHz\n", (factor * max_ratio + 50) / 100); } -static void init_intel(struct cpuinfo_x86 *c) +static void cf_check init_intel(struct cpuinfo_x86 *c) { /* Detect the extended topology information if available */ detect_extended_topology(c); diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 08a81f0f0c..95ae544f8c 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -3,7 +3,7 @@ #include #include "cpu.h" -static void init_shanghai(struct cpuinfo_x86 *c) +static void cf_check init_shanghai(struct cpuinfo_x86 *c) { if ( cpu_has(c, X86_FEATURE_ITSC) ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278015.475002 (Exim 4.92) (envelope-from ) id 1nN9qT-0005uW-0I; Thu, 24 Feb 2022 08:51:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278015.475002; Thu, 24 Feb 2022 08:51:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qS-0005uO-Tk; Thu, 24 Feb 2022 08:51:28 +0000 Received: by outflank-mailman (input) for mailman id 278015; Thu, 24 Feb 2022 08:51:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qR-0005uD-N5 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qR-00017Y-ML for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9qR-0005jM-Lc for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z3HXZ1wmcoGADX88wLJnAEVWY7KeJffiK6ite9RoPxs=; b=uGIw91WCqZtAynOmt38HxvzdQz pO0hcKyvjowg+bW/jGW98Y2EBv0iTALcDRogodigDJSZTIh5FQjsPjllVwTT0AGTmHRw6lTOgNZ4T T/dy4FzL+LKzw452s9trv8IWqy22Jdqvc3sa0IDB3TlgTPn5Egrr9CQfSRd+BhvRjGC4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/guest: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:27 +0000 commit ba2aec1b7a54284535cb1c093c219e9d4e63a298 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:23:09 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/guest: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/guest/hyperv/hyperv.c | 10 +++++----- xen/arch/x86/guest/xen/xen.c | 11 ++++++----- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index 84221b7514..b101ba3080 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -175,7 +175,7 @@ static int setup_vp_assist(void) return 0; } -static void __init setup(void) +static void __init cf_check setup(void) { ASM_CONSTANT(HV_HCALL_PAGE, __fix_x_to_virt(FIX_X_HYPERV_HCALL)); @@ -188,7 +188,7 @@ static void __init setup(void) panic("VP assist page setup failed\n"); } -static int ap_setup(void) +static int cf_check ap_setup(void) { int rc; @@ -199,7 +199,7 @@ static int ap_setup(void) return setup_vp_assist(); } -static void __init e820_fixup(struct e820map *e820) +static void __init cf_check e820_fixup(struct e820map *e820) { uint64_t s = HV_HCALL_MFN << PAGE_SHIFT; @@ -207,8 +207,8 @@ static void __init e820_fixup(struct e820map *e820) panic("Unable to reserve Hyper-V hypercall range\n"); } -static int flush_tlb(const cpumask_t *mask, const void *va, - unsigned int flags) +static int cf_check flush_tlb( + const cpumask_t *mask, const void *va, unsigned int flags) { if ( !(ms_hyperv.hints & HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED) ) return -EOPNOTSUPP; diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 17807cdea6..9c2defaa66 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -237,7 +237,7 @@ static int init_evtchn(void) return rc; } -static void __init setup(void) +static void __init cf_check setup(void) { init_memmap(); @@ -265,7 +265,7 @@ static void __init setup(void) BUG_ON(init_evtchn()); } -static int ap_setup(void) +static int cf_check ap_setup(void) { set_vcpu_id(); @@ -295,7 +295,7 @@ static void cf_check ap_resume(void *unused) BUG_ON(init_evtchn()); } -static void resume(void) +static void cf_check resume(void) { /* Reset shared info page. */ map_shared_info(); @@ -318,13 +318,14 @@ static void resume(void) pv_console_init(); } -static void __init e820_fixup(struct e820map *e820) +static void __init cf_check e820_fixup(struct e820map *e820) { if ( pv_shim ) pv_shim_fixup_e820(e820); } -static int flush_tlb(const cpumask_t *mask, const void *va, unsigned int flags) +static int cf_check flush_tlb( + const cpumask_t *mask, const void *va, unsigned int flags) { return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278016.475006 (Exim 4.92) (envelope-from ) id 1nN9qd-0005wj-28; Thu, 24 Feb 2022 08:51:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278016.475006; Thu, 24 Feb 2022 08:51:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qc-0005wZ-VC; Thu, 24 Feb 2022 08:51:38 +0000 Received: by outflank-mailman (input) for mailman id 278016; Thu, 24 Feb 2022 08:51:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qb-0005wP-Qh for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qb-00017c-Pu for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9qb-0005k2-Ox for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ddERvtmE3y3vl68jiJnNoVdOkMwntDS39HnmFg18WfU=; b=0Hfri+UvSLiDZ2spZX6jJ34mXU 02Afo/60M7OJfvdLEqA7LAROQAsjkNFkWfWdGOB5RKOx/CjdzEGSnbUDlZxa4n935J/7qkNxWr2EU /+gOucQZzYkj9SI2MA6dNbgCtj67FELigKDlJ2c+sfUsLVVvRS2DD3YxbVFyqt6znsa0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/logdirty: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:37 +0000 commit 82081d6ef72b287d7e41807f50f070e0ebd408fe Author: Andrew Cooper AuthorDate: Fri Oct 29 17:35:26 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/logdirty: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/hap.c | 6 +++--- xen/arch/x86/mm/shadow/common.c | 12 ++++++------ xen/arch/x86/mm/shadow/none.c | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index de4b13565a..ed5112b00b 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -180,7 +180,7 @@ out: * NB: Domain that having device assigned should not set log_global. Because * there is no way to track the memory updating from device. */ -static int hap_enable_log_dirty(struct domain *d, bool_t log_global) +static int cf_check hap_enable_log_dirty(struct domain *d, bool log_global) { struct p2m_domain *p2m = p2m_get_hostp2m(d); @@ -211,7 +211,7 @@ static int hap_enable_log_dirty(struct domain *d, bool_t log_global) return 0; } -static int hap_disable_log_dirty(struct domain *d) +static int cf_check hap_disable_log_dirty(struct domain *d) { paging_lock(d); d->arch.paging.mode &= ~PG_log_dirty; @@ -228,7 +228,7 @@ static int hap_disable_log_dirty(struct domain *d) return 0; } -static void hap_clean_dirty_bitmap(struct domain *d) +static void cf_check hap_clean_dirty_bitmap(struct domain *d) { /* * Switch to log-dirty mode, either by setting l1e entries of P2M table to diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 83dedc8870..071a19adce 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -40,9 +40,9 @@ DEFINE_PER_CPU(uint32_t,trace_shadow_path_flags); -static int sh_enable_log_dirty(struct domain *, bool log_global); -static int sh_disable_log_dirty(struct domain *); -static void sh_clean_dirty_bitmap(struct domain *); +static int cf_check sh_enable_log_dirty(struct domain *, bool log_global); +static int cf_check sh_disable_log_dirty(struct domain *); +static void cf_check sh_clean_dirty_bitmap(struct domain *); /* Set up the shadow-specific parts of a domain struct at start of day. * Called for every domain from arch_domain_create() */ @@ -3016,7 +3016,7 @@ static int shadow_test_disable(struct domain *d) /* Shadow specific code which is called in paging_log_dirty_enable(). * Return 0 if no problem found. */ -static int sh_enable_log_dirty(struct domain *d, bool log_global) +static int cf_check sh_enable_log_dirty(struct domain *d, bool log_global) { int ret; @@ -3044,7 +3044,7 @@ static int sh_enable_log_dirty(struct domain *d, bool log_global) } /* shadow specfic code which is called in paging_log_dirty_disable() */ -static int sh_disable_log_dirty(struct domain *d) +static int cf_check sh_disable_log_dirty(struct domain *d) { int ret; @@ -3058,7 +3058,7 @@ static int sh_disable_log_dirty(struct domain *d) /* This function is called when we CLEAN log dirty bitmap. See * paging_log_dirty_op() for details. */ -static void sh_clean_dirty_bitmap(struct domain *d) +static void cf_check sh_clean_dirty_bitmap(struct domain *d) { paging_lock(d); /* Need to revoke write access to the domain's pages again. diff --git a/xen/arch/x86/mm/shadow/none.c b/xen/arch/x86/mm/shadow/none.c index 79889b926a..463a0e3e89 100644 --- a/xen/arch/x86/mm/shadow/none.c +++ b/xen/arch/x86/mm/shadow/none.c @@ -1,19 +1,19 @@ #include #include -static int _enable_log_dirty(struct domain *d, bool log_global) +static int cf_check _enable_log_dirty(struct domain *d, bool log_global) { ASSERT(is_pv_domain(d)); return -EOPNOTSUPP; } -static int _disable_log_dirty(struct domain *d) +static int cf_check _disable_log_dirty(struct domain *d) { ASSERT(is_pv_domain(d)); return -EOPNOTSUPP; } -static void _clean_dirty_bitmap(struct domain *d) +static void cf_check _clean_dirty_bitmap(struct domain *d) { ASSERT(is_pv_domain(d)); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278017.475010 (Exim 4.92) (envelope-from ) id 1nN9qn-00060C-3S; Thu, 24 Feb 2022 08:51:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278017.475010; Thu, 24 Feb 2022 08:51:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qn-000604-0Z; Thu, 24 Feb 2022 08:51:49 +0000 Received: by outflank-mailman (input) for mailman id 278017; Thu, 24 Feb 2022 08:51:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ql-0005zs-UE for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ql-00017o-TV for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ql-0005kr-Sh for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8WXk1BonH/1MCPwRoUVwF8LFLa0dyn1IGjemA6oOiqE=; b=bhCPLWdVbdamADVfRXIDEqld5m t/apY8/PLW862H/HFc2W4ycndwvVIOlW6yHAkL1ysHNfKJGeHqczY6D9eeApbNd+7sIJRz+RvRprz j2p0FpU3JEryL17/Yosh6hkdxdalR21OgNmg85yjlA0ru1RJ4eDXJyC2X6J9GBb2xLvQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/shadow: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:47 +0000 commit 5ea89176628017620899ce119913eee1c313137f Author: Andrew Cooper AuthorDate: Fri Oct 29 15:41:15 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/shadow: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/shadow/common.c | 11 +++--- xen/arch/x86/mm/shadow/hvm.c | 8 ++-- xen/arch/x86/mm/shadow/multi.c | 80 ++++++++++++++++++++-------------------- xen/arch/x86/mm/shadow/multi.h | 20 +++++----- xen/arch/x86/mm/shadow/none.c | 14 +++---- xen/arch/x86/mm/shadow/private.h | 12 +++--- xen/arch/x86/mm/shadow/pv.c | 4 +- 7 files changed, 74 insertions(+), 75 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 071a19adce..8f11190173 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1215,7 +1215,7 @@ void shadow_free(struct domain *d, mfn_t smfn) * This action is irreversible: the p2m mapping only ever grows. * That's OK because the p2m table only exists for translated domains, * and those domains can't ever turn off shadow mode. */ -static struct page_info * +static struct page_info *cf_check shadow_alloc_p2m_page(struct domain *d) { struct page_info *pg; @@ -1251,7 +1251,7 @@ shadow_alloc_p2m_page(struct domain *d) return pg; } -static void +static void cf_check shadow_free_p2m_page(struct domain *d, struct page_info *pg) { struct domain *owner = page_get_owner(pg); @@ -2290,7 +2290,8 @@ void shadow_prepare_page_type_change(struct domain *d, struct page_info *page, /* Reset the up-pointers of every L3 shadow to 0. * This is called when l3 shadows stop being pinnable, to clear out all * the list-head bits so the up-pointer field is properly inititalised. */ -static int sh_clear_up_pointer(struct vcpu *v, mfn_t smfn, mfn_t unused) +static int cf_check sh_clear_up_pointer( + struct vcpu *v, mfn_t smfn, mfn_t unused) { mfn_to_page(smfn)->up = 0; return 0; @@ -2490,7 +2491,7 @@ static void sh_update_paging_modes(struct vcpu *v) v->arch.paging.mode->update_cr3(v, 0, false); } -void shadow_update_paging_modes(struct vcpu *v) +void cf_check shadow_update_paging_modes(struct vcpu *v) { paging_lock(v->domain); sh_update_paging_modes(v); @@ -3075,7 +3076,7 @@ static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap) } /* Flush TLB of selected vCPUs. NULL for all. */ -bool shadow_flush_tlb(const unsigned long *vcpu_bitmap) +bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap) { static DEFINE_PER_CPU(cpumask_t, flush_cpumask); cpumask_t *mask = &this_cpu(flush_cpumask); diff --git a/xen/arch/x86/mm/shadow/hvm.c b/xen/arch/x86/mm/shadow/hvm.c index c90d326bec..27dd99f1a1 100644 --- a/xen/arch/x86/mm/shadow/hvm.c +++ b/xen/arch/x86/mm/shadow/hvm.c @@ -794,9 +794,9 @@ sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn) * It means extra emulated writes and slows down removal of mappings. */ } -static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn, - l1_pgentry_t old, l1_pgentry_t new, - unsigned int level) +static void cf_check sh_unshadow_for_p2m_change( + struct domain *d, unsigned long gfn, l1_pgentry_t old, l1_pgentry_t new, + unsigned int level) { mfn_t omfn = l1e_get_mfn(old); unsigned int oflags = l1e_get_flags(old); @@ -879,7 +879,7 @@ static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn, } #if (SHADOW_OPTIMIZATIONS & SHOPT_FAST_FAULT_PATH) -static void +static void cf_check sh_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { struct domain *d = p2m->domain; diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index bddef53163..b0b1c31ee0 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -369,7 +369,7 @@ static void sh_audit_gw(struct vcpu *v, const walk_t *gw) #if GUEST_PAGING_LEVELS == 2 /* From one page of a multi-page shadow, find the next one */ -static inline mfn_t sh_next_page(mfn_t smfn) +static inline mfn_t cf_check sh_next_page(mfn_t smfn) { struct page_info *pg = mfn_to_page(smfn), *next; struct page_list_head h = PAGE_LIST_HEAD_INIT(h); @@ -399,8 +399,7 @@ guest_index(void *ptr) return (u32)((unsigned long)ptr & ~PAGE_MASK) / sizeof(guest_l1e_t); } -static u32 -shadow_l1_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l1_index(mfn_t *smfn, u32 guest_index) { #if (GUEST_PAGING_LEVELS == 2) ASSERT(mfn_to_page(*smfn)->u.sh.head); @@ -412,8 +411,7 @@ shadow_l1_index(mfn_t *smfn, u32 guest_index) #endif } -static u32 -shadow_l2_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l2_index(mfn_t *smfn, u32 guest_index) { #if (GUEST_PAGING_LEVELS == 2) int i; @@ -432,14 +430,12 @@ shadow_l2_index(mfn_t *smfn, u32 guest_index) #if GUEST_PAGING_LEVELS >= 4 -static u32 -shadow_l3_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l3_index(mfn_t *smfn, u32 guest_index) { return guest_index; } -static u32 -shadow_l4_index(mfn_t *smfn, u32 guest_index) +static u32 cf_check shadow_l4_index(mfn_t *smfn, u32 guest_index) { return guest_index; } @@ -924,7 +920,7 @@ do { \ /**************************************************************************/ /* Create a shadow of a given guest page. */ -static mfn_t +static mfn_t cf_check sh_make_shadow(struct vcpu *v, mfn_t gmfn, u32 shadow_type) { struct domain *d = v->domain; @@ -1459,7 +1455,8 @@ void sh_unhook_64b_mappings(struct domain *d, mfn_t sl4mfn, int user_only) */ #if GUEST_PAGING_LEVELS >= 4 -static int validate_gl4e(struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) +static int cf_check validate_gl4e( + struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) { shadow_l4e_t new_sl4e; guest_l4e_t new_gl4e = *(guest_l4e_t *)new_ge; @@ -1518,7 +1515,8 @@ static int validate_gl4e(struct vcpu *v, void *new_ge, mfn_t sl4mfn, void *se) } -static int validate_gl3e(struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) +static int cf_check validate_gl3e( + struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) { struct domain *d = v->domain; shadow_l3e_t new_sl3e; @@ -1552,7 +1550,8 @@ static int validate_gl3e(struct vcpu *v, void *new_ge, mfn_t sl3mfn, void *se) } #endif // GUEST_PAGING_LEVELS >= 4 -static int validate_gl2e(struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) +static int cf_check validate_gl2e( + struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) { struct domain *d = v->domain; shadow_l2e_t new_sl2e; @@ -1599,7 +1598,8 @@ static int validate_gl2e(struct vcpu *v, void *new_ge, mfn_t sl2mfn, void *se) return result; } -static int validate_gl1e(struct vcpu *v, void *new_ge, mfn_t sl1mfn, void *se) +static int cf_check validate_gl1e( + struct vcpu *v, void *new_ge, mfn_t sl1mfn, void *se) { struct domain *d = v->domain; shadow_l1e_t new_sl1e; @@ -2089,8 +2089,8 @@ static DEFINE_PER_CPU(int,trace_extra_emulation_count); #endif static DEFINE_PER_CPU(guest_pa_t,trace_emulate_write_val); -static void trace_emulate_write_val(const void *ptr, unsigned long vaddr, - const void *src, unsigned int bytes) +static void cf_check trace_emulate_write_val( + const void *ptr, unsigned long vaddr, const void *src, unsigned int bytes) { #if GUEST_PAGING_LEVELS == 3 if ( vaddr == this_cpu(trace_emulate_initial_va) ) @@ -2144,9 +2144,8 @@ static inline void trace_shadow_emulate(guest_l1e_t gl1e, unsigned long va) * shadow code (and the guest should retry) or 0 if it is not (and the * fault should be handled elsewhere or passed to the guest). */ -static int sh_page_fault(struct vcpu *v, - unsigned long va, - struct cpu_user_regs *regs) +static int cf_check sh_page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { struct domain *d = v->domain; walk_t gw; @@ -2898,7 +2897,7 @@ propagate: * instruction should be issued on the hardware, or false if it's safe not * to do so. */ -static bool sh_invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check sh_invlpg(struct vcpu *v, unsigned long linear) { mfn_t sl1mfn; shadow_l2e_t sl2e; @@ -3030,9 +3029,8 @@ static bool sh_invlpg(struct vcpu *v, unsigned long linear) #ifdef CONFIG_HVM -static unsigned long -sh_gva_to_gfn(struct vcpu *v, struct p2m_domain *p2m, - unsigned long va, uint32_t *pfec) +static unsigned long cf_check sh_gva_to_gfn( + struct vcpu *v, struct p2m_domain *p2m, unsigned long va, uint32_t *pfec) /* Called to translate a guest virtual address to what the *guest* * pagetables would map it to. */ { @@ -3196,8 +3194,7 @@ sh_update_linear_entries(struct vcpu *v) * Removes v->arch.paging.shadow.shadow_table[]. * Does all appropriate management/bookkeeping/refcounting/etc... */ -static void -sh_detach_old_tables(struct vcpu *v) +static void cf_check sh_detach_old_tables(struct vcpu *v) { struct domain *d = v->domain; mfn_t smfn; @@ -3216,8 +3213,7 @@ sh_detach_old_tables(struct vcpu *v) } } -static void -sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check sh_update_cr3(struct vcpu *v, int do_locking, bool noflush) /* Updates vcpu->arch.cr3 after the guest has changed CR3. * Paravirtual guests should set v->arch.guest_table (and guest_table_user, * if appropriate). @@ -3525,7 +3521,8 @@ int sh_rm_write_access_from_sl1p(struct domain *d, mfn_t gmfn, #endif /* OOS */ #if defined(CONFIG_HVM) && (SHADOW_OPTIMIZATIONS & SHOPT_WRITABLE_HEURISTIC) -static int sh_guess_wrmap(struct vcpu *v, unsigned long vaddr, mfn_t gmfn) +static int cf_check sh_guess_wrmap( + struct vcpu *v, unsigned long vaddr, mfn_t gmfn) /* Look up this vaddr in the current shadow and see if it's a writeable * mapping of this gmfn. If so, remove it. Returns 1 if it worked. */ { @@ -3589,8 +3586,8 @@ static int sh_guess_wrmap(struct vcpu *v, unsigned long vaddr, mfn_t gmfn) } #endif -int sh_rm_write_access_from_l1(struct domain *d, mfn_t sl1mfn, - mfn_t readonly_mfn) +int cf_check sh_rm_write_access_from_l1( + struct domain *d, mfn_t sl1mfn, mfn_t readonly_mfn) /* Excises all writeable mappings to readonly_mfn from this l1 shadow table */ { shadow_l1e_t *sl1e; @@ -3626,7 +3623,8 @@ int sh_rm_write_access_from_l1(struct domain *d, mfn_t sl1mfn, } -int sh_rm_mappings_from_l1(struct domain *d, mfn_t sl1mfn, mfn_t target_mfn) +int cf_check sh_rm_mappings_from_l1( + struct domain *d, mfn_t sl1mfn, mfn_t target_mfn) /* Excises all mappings to guest frame from this shadow l1 table */ { shadow_l1e_t *sl1e; @@ -3677,7 +3675,7 @@ void sh_clear_shadow_entry(struct domain *d, void *ep, mfn_t smfn) } } -int sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) +int cf_check sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) /* Remove all mappings of this l1 shadow from this l2 shadow */ { shadow_l2e_t *sl2e; @@ -3700,7 +3698,7 @@ int sh_remove_l1_shadow(struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn) } #if GUEST_PAGING_LEVELS >= 4 -int sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) +int cf_check sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) /* Remove all mappings of this l2 shadow from this l3 shadow */ { shadow_l3e_t *sl3e; @@ -3722,7 +3720,7 @@ int sh_remove_l2_shadow(struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn) return done; } -int sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) +int cf_check sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) /* Remove all mappings of this l3 shadow from this l4 shadow */ { shadow_l4e_t *sl4e; @@ -3752,7 +3750,7 @@ int sh_remove_l3_shadow(struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn) * and in the meantime we unhook its top-level user-mode entries. */ #if GUEST_PAGING_LEVELS == 3 -static void sh_pagetable_dying(paddr_t gpa) +static void cf_check sh_pagetable_dying(paddr_t gpa) { struct vcpu *v = current; struct domain *d = v->domain; @@ -3833,7 +3831,7 @@ out_put_gfn: put_gfn(d, l3gfn); } #else -static void sh_pagetable_dying(paddr_t gpa) +static void cf_check sh_pagetable_dying(paddr_t gpa) { struct vcpu *v = current; struct domain *d = v->domain; @@ -3932,7 +3930,7 @@ static const char *sh_audit_flags(struct vcpu *v, int level, return NULL; } -int sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) +int cf_check sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) { guest_l1e_t *gl1e, *gp; shadow_l1e_t *sl1e; @@ -4000,7 +3998,7 @@ int sh_audit_l1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) return done; } -int sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) +int cf_check sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) { guest_l1e_t *gl1e, e; shadow_l1e_t *sl1e; @@ -4026,7 +4024,7 @@ int sh_audit_fl1_table(struct vcpu *v, mfn_t sl1mfn, mfn_t x) return 0; } -int sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) +int cf_check sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) { struct domain *d = v->domain; guest_l2e_t *gl2e, *gp; @@ -4078,7 +4076,7 @@ int sh_audit_l2_table(struct vcpu *v, mfn_t sl2mfn, mfn_t x) } #if GUEST_PAGING_LEVELS >= 4 -int sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) +int cf_check sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) { struct domain *d = v->domain; guest_l3e_t *gl3e, *gp; @@ -4126,7 +4124,7 @@ int sh_audit_l3_table(struct vcpu *v, mfn_t sl3mfn, mfn_t x) return 0; } -int sh_audit_l4_table(struct vcpu *v, mfn_t sl4mfn, mfn_t x) +int cf_check sh_audit_l4_table(struct vcpu *v, mfn_t sl4mfn, mfn_t x) { struct domain *d = v->domain; guest_l4e_t *gl4e, *gp; diff --git a/xen/arch/x86/mm/shadow/multi.h b/xen/arch/x86/mm/shadow/multi.h index 0bd6a2d5b7..5bcd6ae1a8 100644 --- a/xen/arch/x86/mm/shadow/multi.h +++ b/xen/arch/x86/mm/shadow/multi.h @@ -59,10 +59,10 @@ extern void SHADOW_INTERNAL_NAME(sh_unhook_64b_mappings, GUEST_LEVELS) (struct domain *d, mfn_t sl4mfn, int user_only); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_rm_write_access_from_l1, GUEST_LEVELS) (struct domain *d, mfn_t sl1mfn, mfn_t readonly_mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_rm_mappings_from_l1, GUEST_LEVELS) (struct domain *d, mfn_t sl1mfn, mfn_t target_mfn); @@ -70,30 +70,30 @@ extern void SHADOW_INTERNAL_NAME(sh_clear_shadow_entry, GUEST_LEVELS) (struct domain *d, void *ep, mfn_t smfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l1_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl2mfn, mfn_t sl1mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l2_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl3mfn, mfn_t sl2mfn); -extern int +int cf_check SHADOW_INTERNAL_NAME(sh_remove_l3_shadow, GUEST_LEVELS) (struct domain *d, mfn_t sl4mfn, mfn_t sl3mfn); #if SHADOW_AUDIT & SHADOW_AUDIT_ENTRIES -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l1_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl1mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_fl1_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl1mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l2_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl2mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l3_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl3mfn, mfn_t x); -int +int cf_check SHADOW_INTERNAL_NAME(sh_audit_l4_table, GUEST_LEVELS) (struct vcpu *v, mfn_t sl4mfn, mfn_t x); #endif diff --git a/xen/arch/x86/mm/shadow/none.c b/xen/arch/x86/mm/shadow/none.c index 463a0e3e89..eaaa874b11 100644 --- a/xen/arch/x86/mm/shadow/none.c +++ b/xen/arch/x86/mm/shadow/none.c @@ -30,34 +30,34 @@ int shadow_domain_init(struct domain *d) return is_hvm_domain(d) ? -EOPNOTSUPP : 0; } -static int _page_fault(struct vcpu *v, unsigned long va, - struct cpu_user_regs *regs) +static int cf_check _page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { ASSERT_UNREACHABLE(); return 0; } -static bool _invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check _invlpg(struct vcpu *v, unsigned long linear) { ASSERT_UNREACHABLE(); return true; } #ifdef CONFIG_HVM -static unsigned long _gva_to_gfn(struct vcpu *v, struct p2m_domain *p2m, - unsigned long va, uint32_t *pfec) +static unsigned long cf_check _gva_to_gfn( + struct vcpu *v, struct p2m_domain *p2m, unsigned long va, uint32_t *pfec) { ASSERT_UNREACHABLE(); return gfn_x(INVALID_GFN); } #endif -static void _update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check _update_cr3(struct vcpu *v, int do_locking, bool noflush) { ASSERT_UNREACHABLE(); } -static void _update_paging_modes(struct vcpu *v) +static void cf_check _update_paging_modes(struct vcpu *v) { ASSERT_UNREACHABLE(); } diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h index e4db8d3254..3dc024e30f 100644 --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -420,15 +420,15 @@ static inline int sh_remove_write_access(struct domain *d, mfn_t readonly_mfn, #endif /* Functions that atomically write PV guest PT entries */ -void sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, - mfn_t gmfn); -intpte_t sh_cmpxchg_guest_entry(struct vcpu *v, intpte_t *p, intpte_t old, - intpte_t new, mfn_t gmfn); +void cf_check sh_write_guest_entry( + struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn); +intpte_t cf_check sh_cmpxchg_guest_entry( + struct vcpu *v, intpte_t *p, intpte_t old, intpte_t new, mfn_t gmfn); /* Update all the things that are derived from the guest's CR0/CR3/CR4. * Called to initialize paging structures if the paging mode * has changed, and when bringing up a VCPU for the first time. */ -void shadow_update_paging_modes(struct vcpu *v); +void cf_check shadow_update_paging_modes(struct vcpu *v); /* Unhook the non-Xen mappings in this top-level shadow mfn. * With user_only == 1, unhooks only the user-mode mappings. */ @@ -922,7 +922,7 @@ static inline int sh_check_page_has_no_refs(struct page_info *page) } /* Flush the TLB of the selected vCPUs. */ -bool shadow_flush_tlb(const unsigned long *vcpu_bitmap); +bool cf_check shadow_flush_tlb(const unsigned long *vcpu_bitmap); #endif /* _XEN_SHADOW_PRIVATE_H */ diff --git a/xen/arch/x86/mm/shadow/pv.c b/xen/arch/x86/mm/shadow/pv.c index f51f980f26..ed10d5479c 100644 --- a/xen/arch/x86/mm/shadow/pv.c +++ b/xen/arch/x86/mm/shadow/pv.c @@ -28,7 +28,7 @@ * Write a new value into the guest pagetable, and update the shadows * appropriately. */ -void +void cf_check sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn) { paging_lock(v->domain); @@ -42,7 +42,7 @@ sh_write_guest_entry(struct vcpu *v, intpte_t *p, intpte_t new, mfn_t gmfn) * appropriately. Returns the previous entry found, which the caller is * expected to check to see if the cmpxchg was successful. */ -intpte_t +intpte_t cf_check sh_cmpxchg_guest_entry(struct vcpu *v, intpte_t *p, intpte_t old, intpte_t new, mfn_t gmfn) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:51:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:51:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278018.475014 (Exim 4.92) (envelope-from ) id 1nN9qx-00063T-6N; Thu, 24 Feb 2022 08:51:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278018.475014; Thu, 24 Feb 2022 08:51:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qx-00063L-3S; Thu, 24 Feb 2022 08:51:59 +0000 Received: by outflank-mailman (input) for mailman id 278018; Thu, 24 Feb 2022 08:51:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qw-00063D-18 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9qw-00017z-0V for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9qv-0005lU-Vz for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:51:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sKrLZTjbjNd8RPMt7Mvtuz3B9gwEpHxKJ3Gn5G0WYpU=; b=qE6GACywXyO+pA31dNOadtev0C RrW/N3Hp25EKwDAPBHm5tqGnitdkKuOT6oJW+P5wlzwLBENzChOHWH3fW/lMVZmukGWn/SXICbI1g eVhRFHQvPOpk4lv7+7in9bBbNk04jFwnlT+G0vxsOks0AL3FoZvY0NRLjYQpqvyhMniM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hap: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:51:57 +0000 commit b0331a678e07eb5cd9da4b1b1e784e1f37b91a23 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:44:02 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hap: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/guest_walk.c | 4 ++-- xen/arch/x86/mm/hap/hap.c | 21 +++++++++++---------- xen/arch/x86/mm/hap/private.h | 30 ++++++++++++------------------ 3 files changed, 25 insertions(+), 30 deletions(-) diff --git a/xen/arch/x86/mm/hap/guest_walk.c b/xen/arch/x86/mm/hap/guest_walk.c index 832a805847..1da8d3b99e 100644 --- a/xen/arch/x86/mm/hap/guest_walk.c +++ b/xen/arch/x86/mm/hap/guest_walk.c @@ -36,14 +36,14 @@ #include #include -unsigned long hap_gva_to_gfn(GUEST_PAGING_LEVELS)( +unsigned long cf_check hap_gva_to_gfn(GUEST_PAGING_LEVELS)( struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec) { unsigned long cr3 = v->arch.hvm.guest_cr[3]; return hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)(v, p2m, cr3, gva, pfec, NULL); } -unsigned long hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)( +unsigned long cf_check hap_p2m_ga_to_gfn(GUEST_PAGING_LEVELS)( struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order) { diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index ed5112b00b..9d67a47f5f 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -268,7 +268,7 @@ static void hap_free(struct domain *d, mfn_t mfn) page_list_add_tail(pg, &d->arch.paging.hap.freelist); } -static struct page_info *hap_alloc_p2m_page(struct domain *d) +static struct page_info *cf_check hap_alloc_p2m_page(struct domain *d) { struct page_info *pg; @@ -294,7 +294,7 @@ static struct page_info *hap_alloc_p2m_page(struct domain *d) return pg; } -static void hap_free_p2m_page(struct domain *d, struct page_info *pg) +static void cf_check hap_free_p2m_page(struct domain *d, struct page_info *pg) { struct domain *owner = page_get_owner(pg); @@ -662,8 +662,8 @@ void hap_vcpu_init(struct vcpu *v) * HAP guests can handle page faults (in the guest page tables) without * needing any action from Xen, so we should not be intercepting them. */ -static int hap_page_fault(struct vcpu *v, unsigned long va, - struct cpu_user_regs *regs) +static int cf_check hap_page_fault( + struct vcpu *v, unsigned long va, struct cpu_user_regs *regs) { struct domain *d = v->domain; @@ -677,7 +677,7 @@ static int hap_page_fault(struct vcpu *v, unsigned long va, * should not be intercepting it. However, we need to correctly handle * getting here from instruction emulation. */ -static bool_t hap_invlpg(struct vcpu *v, unsigned long linear) +static bool cf_check hap_invlpg(struct vcpu *v, unsigned long linear) { /* * Emulate INVLPGA: @@ -690,7 +690,8 @@ static bool_t hap_invlpg(struct vcpu *v, unsigned long linear) return 1; } -static void hap_update_cr3(struct vcpu *v, int do_locking, bool noflush) +static void cf_check hap_update_cr3( + struct vcpu *v, int do_locking, bool noflush) { v->arch.hvm.hw_cr[3] = v->arch.hvm.guest_cr[3]; hvm_update_guest_cr3(v, noflush); @@ -702,7 +703,7 @@ static bool flush_vcpu(const struct vcpu *v, const unsigned long *vcpu_bitmap) } /* Flush TLB of selected vCPUs. NULL for all. */ -static bool flush_tlb(const unsigned long *vcpu_bitmap) +static bool cf_check flush_tlb(const unsigned long *vcpu_bitmap) { static DEFINE_PER_CPU(cpumask_t, flush_cpumask); cpumask_t *mask = &this_cpu(flush_cpumask); @@ -747,7 +748,7 @@ hap_paging_get_mode(struct vcpu *v) &hap_paging_protected_mode); } -static void hap_update_paging_modes(struct vcpu *v) +static void cf_check hap_update_paging_modes(struct vcpu *v) { struct domain *d = v->domain; unsigned long cr3_gfn = v->arch.hvm.guest_cr[3] >> PAGE_SHIFT; @@ -791,13 +792,13 @@ void hap_p2m_init(struct p2m_domain *p2m) p2m->write_p2m_entry_post = hap_write_p2m_entry_post; } -static unsigned long hap_gva_to_gfn_real_mode( +static unsigned long cf_check hap_gva_to_gfn_real_mode( struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec) { return ((paddr_t)gva >> PAGE_SHIFT); } -static unsigned long hap_p2m_ga_to_gfn_real_mode( +static unsigned long cf_check hap_p2m_ga_to_gfn_real_mode( struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order) { diff --git a/xen/arch/x86/mm/hap/private.h b/xen/arch/x86/mm/hap/private.h index 973fbe8be5..1040eaf69f 100644 --- a/xen/arch/x86/mm/hap/private.h +++ b/xen/arch/x86/mm/hap/private.h @@ -24,27 +24,21 @@ /********************************************/ /* GUEST TRANSLATION FUNCS */ /********************************************/ -unsigned long hap_gva_to_gfn_2_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); -unsigned long hap_gva_to_gfn_3_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); -unsigned long hap_gva_to_gfn_4_levels(struct vcpu *v, - struct p2m_domain *p2m, - unsigned long gva, - uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_2_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_3_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); +unsigned long cf_check hap_gva_to_gfn_4_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long gva, uint32_t *pfec); -unsigned long hap_p2m_ga_to_gfn_2_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_2_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); -unsigned long hap_p2m_ga_to_gfn_3_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_3_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); -unsigned long hap_p2m_ga_to_gfn_4_levels(struct vcpu *v, - struct p2m_domain *p2m, unsigned long cr3, +unsigned long cf_check hap_p2m_ga_to_gfn_4_levels( + struct vcpu *v, struct p2m_domain *p2m, unsigned long cr3, paddr_t ga, uint32_t *pfec, unsigned int *page_order); #endif /* __HAP_PRIVATE_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278019.475018 (Exim 4.92) (envelope-from ) id 1nN9r7-00066L-7r; Thu, 24 Feb 2022 08:52:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278019.475018; Thu, 24 Feb 2022 08:52:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9r7-00066D-4w; Thu, 24 Feb 2022 08:52:09 +0000 Received: by outflank-mailman (input) for mailman id 278019; Thu, 24 Feb 2022 08:52:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9r6-000665-4k for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9r6-00018c-3x for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9r6-0005mD-3B for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wkbNcJplpdAi9TgH+yLDtxkz6tsWFYyXnEILH5pwaQ0=; b=eGF+Ge8yDmoZzlEebn+nP8E4Ws RX6EdAoXN2zxcV8mhJekJhvSdhvHT9P6B1nHXZGZI6awoeJPuYnMYSiXE/YZ6GwXJ3zlDR7n75Wus 47x/jhKJdZgRdYOp+kjXma4yeh41DYaTcF+Df747MsrODQ9ih5CqV3okqiF7rLB/dCQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/p2m: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:08 +0000 commit 84667b15cdb7d7039f179e9160950a944f9b41e0 Author: Andrew Cooper AuthorDate: Fri Oct 29 15:47:59 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/p2m: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/p2m.h | 4 ++-- xen/arch/x86/mm/hap/hap.c | 2 +- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm/p2m-ept.c | 32 +++++++++++++++----------------- xen/arch/x86/mm/p2m-pt.c | 19 +++++++++---------- 5 files changed, 28 insertions(+), 31 deletions(-) diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 6e2206874d..7873744263 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -820,8 +820,8 @@ void np2m_flush_base(struct vcpu *v, unsigned long np2m_base); void hap_p2m_init(struct p2m_domain *p2m); void shadow_p2m_init(struct p2m_domain *p2m); -void nestedp2m_write_p2m_entry_post(struct p2m_domain *p2m, - unsigned int oflags); +void cf_check nestedp2m_write_p2m_entry_post( + struct p2m_domain *p2m, unsigned int oflags); /* * Alternate p2m: shadow p2m tables used for alternate memory views diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 9d67a47f5f..c19e337d65 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -778,7 +778,7 @@ static void cf_check hap_update_paging_modes(struct vcpu *v) put_gfn(d, cr3_gfn); } -static void +static void cf_check hap_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { struct domain *d = p2m->domain; diff --git a/xen/arch/x86/mm/hap/nested_hap.c b/xen/arch/x86/mm/hap/nested_hap.c index d8a7b3b401..dbe5ad23a1 100644 --- a/xen/arch/x86/mm/hap/nested_hap.c +++ b/xen/arch/x86/mm/hap/nested_hap.c @@ -71,7 +71,7 @@ /* NESTED VIRT P2M FUNCTIONS */ /********************************************/ -void +void cf_check nestedp2m_write_p2m_entry_post(struct p2m_domain *p2m, unsigned int oflags) { if ( oflags & _PAGE_PRESENT ) diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index a8a6ad6295..70a401c3a7 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -624,7 +624,7 @@ int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, * - zero if no adjustment was done, * - a positive value if at least one adjustment was done. */ -static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) +static int cf_check resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) { struct ept_data *ept = &p2m->ept; unsigned int level = ept->wl; @@ -793,7 +793,7 @@ bool_t ept_handle_misconfig(uint64_t gpa) * * Returns: 0 for success, -errno for failure */ -static int +static int cf_check ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, unsigned int order, p2m_type_t p2mt, p2m_access_t p2ma, int sve) @@ -1002,10 +1002,9 @@ out: } /* Read ept p2m entries */ -static mfn_t ept_get_entry(struct p2m_domain *p2m, - gfn_t gfn_, p2m_type_t *t, p2m_access_t* a, - p2m_query_t q, unsigned int *page_order, - bool_t *sve) +static mfn_t cf_check ept_get_entry( + struct p2m_domain *p2m, gfn_t gfn_, p2m_type_t *t, p2m_access_t *a, + p2m_query_t q, unsigned int *page_order, bool *sve) { ept_entry_t *table = map_domain_page(pagetable_get_mfn(p2m_get_pagetable(p2m))); @@ -1165,8 +1164,8 @@ out: return; } -static void ept_change_entry_type_global(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt) +static void cf_check ept_change_entry_type_global( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { unsigned long mfn = p2m->ept.mfn; @@ -1177,10 +1176,9 @@ static void ept_change_entry_type_global(struct p2m_domain *p2m, ept_sync_domain(p2m); } -static int ept_change_entry_type_range(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt, - unsigned long first_gfn, - unsigned long last_gfn) +static int cf_check ept_change_entry_type_range( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt, + unsigned long first_gfn, unsigned long last_gfn) { unsigned int i, wl = p2m->ept.wl; unsigned long mask = (1 << EPT_TABLE_ORDER) - 1; @@ -1224,7 +1222,7 @@ static int ept_change_entry_type_range(struct p2m_domain *p2m, return rc < 0 ? rc : 0; } -static void ept_memory_type_changed(struct p2m_domain *p2m) +static void cf_check ept_memory_type_changed(struct p2m_domain *p2m) { unsigned long mfn = p2m->ept.mfn; @@ -1283,7 +1281,7 @@ void ept_sync_domain(struct p2m_domain *p2m) ept_sync_domain_mask(p2m, d->dirty_cpumask); } -static void ept_tlb_flush(struct p2m_domain *p2m) +static void cf_check ept_tlb_flush(struct p2m_domain *p2m) { ept_sync_domain_mask(p2m, p2m->domain->dirty_cpumask); } @@ -1346,7 +1344,7 @@ static void ept_disable_pml(struct p2m_domain *p2m) vmx_domain_update_eptp(p2m->domain); } -static void ept_enable_hardware_log_dirty(struct p2m_domain *p2m) +static void cf_check ept_enable_hardware_log_dirty(struct p2m_domain *p2m) { struct p2m_domain *hostp2m = p2m_get_hostp2m(p2m->domain); @@ -1355,7 +1353,7 @@ static void ept_enable_hardware_log_dirty(struct p2m_domain *p2m) p2m_unlock(hostp2m); } -static void ept_disable_hardware_log_dirty(struct p2m_domain *p2m) +static void cf_check ept_disable_hardware_log_dirty(struct p2m_domain *p2m) { struct p2m_domain *hostp2m = p2m_get_hostp2m(p2m->domain); @@ -1364,7 +1362,7 @@ static void ept_disable_hardware_log_dirty(struct p2m_domain *p2m) p2m_unlock(hostp2m); } -static void ept_flush_pml_buffers(struct p2m_domain *p2m) +static void cf_check ept_flush_pml_buffers(struct p2m_domain *p2m) { /* Domain must have been paused */ ASSERT(atomic_read(&p2m->domain->pause_count)); diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index ef3f8e02a4..eaba2b0fb4 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -399,7 +399,7 @@ static int p2m_pt_set_recalc_range(struct p2m_domain *p2m, * GFN. Propagate the re-calculation flag down to the next page table level * for entries not involved in the translation of the given GFN. */ -static int do_recalc(struct p2m_domain *p2m, unsigned long gfn) +static int cf_check do_recalc(struct p2m_domain *p2m, unsigned long gfn) { void *table; unsigned long gfn_remainder = gfn; @@ -573,7 +573,7 @@ static void check_entry(mfn_t mfn, p2m_type_t new, p2m_type_t old, } /* Returns: 0 for success, -errno for failure */ -static int +static int cf_check p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma, int sve) @@ -774,7 +774,7 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, return rc; } -static mfn_t +static mfn_t cf_check p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_, p2m_type_t *t, p2m_access_t *a, p2m_query_t q, unsigned int *page_order, bool_t *sve) @@ -943,8 +943,8 @@ pod_retry_l1: return (p2m_is_valid(*t) || p2m_is_any_ram(*t)) ? mfn : INVALID_MFN; } -static void p2m_pt_change_entry_type_global(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt) +static void cf_check p2m_pt_change_entry_type_global( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt) { l1_pgentry_t *tab; unsigned long gfn = 0; @@ -983,10 +983,9 @@ static void p2m_pt_change_entry_type_global(struct p2m_domain *p2m, guest_flush_tlb_mask(d, d->dirty_cpumask); } -static int p2m_pt_change_entry_type_range(struct p2m_domain *p2m, - p2m_type_t ot, p2m_type_t nt, - unsigned long first_gfn, - unsigned long last_gfn) +static int cf_check p2m_pt_change_entry_type_range( + struct p2m_domain *p2m, p2m_type_t ot, p2m_type_t nt, + unsigned long first_gfn, unsigned long last_gfn) { unsigned long mask = (1 << PAGETABLE_ORDER) - 1; unsigned int i; @@ -1025,7 +1024,7 @@ static int p2m_pt_change_entry_type_range(struct p2m_domain *p2m, } #if P2M_AUDIT -static long p2m_pt_audit_p2m(struct p2m_domain *p2m) +static long cf_check p2m_pt_audit_p2m(struct p2m_domain *p2m) { unsigned long entry_count = 0, pmbad = 0; unsigned long mfn, gfn, m2pfn; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278020.475022 (Exim 4.92) (envelope-from ) id 1nN9rH-00069D-9t; Thu, 24 Feb 2022 08:52:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278020.475022; Thu, 24 Feb 2022 08:52:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rH-000691-6T; Thu, 24 Feb 2022 08:52:19 +0000 Received: by outflank-mailman (input) for mailman id 278020; Thu, 24 Feb 2022 08:52:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rG-00068r-8a for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rG-00018m-7v for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9rG-0005mx-77 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BBkPBQBM656ujph5fjxKR5UcNV9sLEIx7MIOegV8JvY=; b=cVy+IJH+7N2WsbrUgvBqGofvtH QeTV/sA5e6IHVrRPrRsUzbpD38GjhmGurTAz2g7qpDSC4d2hYnA0wj9HzjN9WDjB8BKhiabVVrA/b bSSY91No6/aoZ7YVxYDfTX/B/eHZzptPW1djB590pbCGNoMXKNibCRnu9uSubHKf4TkY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/irq: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:18 +0000 commit 287f541c6e0a47904b4ee2908746d2279eceef6d Author: Andrew Cooper AuthorDate: Fri Oct 29 18:45:59 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/irq: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hpet.c | 11 ++++++----- xen/arch/x86/i8259.c | 10 +++++----- xen/arch/x86/include/asm/irq.h | 8 ++++---- xen/arch/x86/include/asm/msi.h | 8 ++++---- xen/arch/x86/io_apic.c | 24 ++++++++++++------------ xen/arch/x86/irq.c | 6 +++--- xen/arch/x86/msi.c | 14 +++++++------- xen/common/irq.c | 6 +++--- xen/drivers/passthrough/amd/iommu_init.c | 15 ++++++++------- xen/drivers/passthrough/vtd/iommu.c | 13 +++++++------ xen/include/xen/irq.h | 6 +++--- 11 files changed, 62 insertions(+), 59 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 1632993f72..19cab52587 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -253,7 +253,7 @@ static void cf_check hpet_interrupt_handler( ch->event_handler(ch); } -static void hpet_msi_unmask(struct irq_desc *desc) +static void cf_check hpet_msi_unmask(struct irq_desc *desc) { u32 cfg; struct hpet_event_channel *ch = desc->action->dev_id; @@ -264,7 +264,7 @@ static void hpet_msi_unmask(struct irq_desc *desc) ch->msi.msi_attrib.host_masked = 0; } -static void hpet_msi_mask(struct irq_desc *desc) +static void cf_check hpet_msi_mask(struct irq_desc *desc) { u32 cfg; struct hpet_event_channel *ch = desc->action->dev_id; @@ -293,7 +293,7 @@ static int hpet_msi_write(struct hpet_event_channel *ch, struct msi_msg *msg) return 0; } -static unsigned int hpet_msi_startup(struct irq_desc *desc) +static unsigned int cf_check hpet_msi_startup(struct irq_desc *desc) { hpet_msi_unmask(desc); return 0; @@ -301,14 +301,15 @@ static unsigned int hpet_msi_startup(struct irq_desc *desc) #define hpet_msi_shutdown hpet_msi_mask -static void hpet_msi_ack(struct irq_desc *desc) +static void cf_check hpet_msi_ack(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); ack_APIC_irq(); } -static void hpet_msi_set_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check hpet_msi_set_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct hpet_event_channel *ch = desc->action->dev_id; struct msi_msg msg = ch->msi.msg; diff --git a/xen/arch/x86/i8259.c b/xen/arch/x86/i8259.c index b389bb2176..6b35be10f0 100644 --- a/xen/arch/x86/i8259.c +++ b/xen/arch/x86/i8259.c @@ -40,18 +40,18 @@ bool bogus_8259A_irq(unsigned int irq) return _mask_and_ack_8259A_irq(irq); } -static void mask_and_ack_8259A_irq(struct irq_desc *desc) +static void cf_check mask_and_ack_8259A_irq(struct irq_desc *desc) { _mask_and_ack_8259A_irq(desc->irq); } -static unsigned int startup_8259A_irq(struct irq_desc *desc) +static unsigned int cf_check startup_8259A_irq(struct irq_desc *desc) { enable_8259A_irq(desc); return 0; /* never anything pending */ } -static void end_8259A_irq(struct irq_desc *desc, u8 vector) +static void cf_check end_8259A_irq(struct irq_desc *desc, u8 vector) { if (!(desc->status & (IRQ_DISABLED|IRQ_INPROGRESS))) enable_8259A_irq(desc); @@ -108,12 +108,12 @@ static void _disable_8259A_irq(unsigned int irq) spin_unlock_irqrestore(&i8259A_lock, flags); } -void disable_8259A_irq(struct irq_desc *desc) +void cf_check disable_8259A_irq(struct irq_desc *desc) { _disable_8259A_irq(desc->irq); } -void enable_8259A_irq(struct irq_desc *desc) +void cf_check enable_8259A_irq(struct irq_desc *desc) { unsigned int mask = ~(1 << desc->irq); unsigned long flags; diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index b3f49abc55..76e6ed6d60 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -111,8 +111,8 @@ void alloc_direct_apic_vector( void do_IRQ(struct cpu_user_regs *regs); -void disable_8259A_irq(struct irq_desc *); -void enable_8259A_irq(struct irq_desc *); +void cf_check disable_8259A_irq(struct irq_desc *); +void cf_check enable_8259A_irq(struct irq_desc *); int i8259A_irq_pending(unsigned int irq); void mask_8259A(void); void unmask_8259A(void); @@ -173,7 +173,7 @@ int create_irq(nodeid_t node, bool grant_access); void destroy_irq(unsigned int irq); int assign_irq_vector(int irq, const cpumask_t *); -extern void irq_complete_move(struct irq_desc *); +void cf_check irq_complete_move(struct irq_desc *); extern struct irq_desc *irq_desc; @@ -187,7 +187,7 @@ void move_masked_irq(struct irq_desc *); int bind_irq_vector(int irq, int vector, const cpumask_t *); -void end_nonmaskable_irq(struct irq_desc *, uint8_t vector); +void cf_check end_nonmaskable_irq(struct irq_desc *, uint8_t vector); void irq_set_affinity(struct irq_desc *, const cpumask_t *mask); int init_domain_irq_mapping(struct domain *); diff --git a/xen/arch/x86/include/asm/msi.h b/xen/arch/x86/include/asm/msi.h index e228b0f3f3..117379318f 100644 --- a/xen/arch/x86/include/asm/msi.h +++ b/xen/arch/x86/include/asm/msi.h @@ -247,10 +247,10 @@ void early_msi_init(void); void msi_compose_msg(unsigned vector, const cpumask_t *mask, struct msi_msg *msg); void __msi_set_enable(u16 seg, u8 bus, u8 slot, u8 func, int pos, int enable); -void mask_msi_irq(struct irq_desc *); -void unmask_msi_irq(struct irq_desc *); +void cf_check mask_msi_irq(struct irq_desc *); +void cf_check unmask_msi_irq(struct irq_desc *); void guest_mask_msi_irq(struct irq_desc *, bool mask); -void ack_nonmaskable_msi_irq(struct irq_desc *); -void set_msi_affinity(struct irq_desc *, const cpumask_t *); +void cf_check ack_nonmaskable_msi_irq(struct irq_desc *); +void cf_check set_msi_affinity(struct irq_desc *, const cpumask_t *); #endif /* __ASM_MSI_H */ diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 4c5eaef862..c086f40f63 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -473,7 +473,7 @@ static void __level_IO_APIC_irq (unsigned int irq) modify_IO_APIC_irq(irq, IO_APIC_REDIR_LEVEL_TRIGGER, 0); } -static void mask_IO_APIC_irq(struct irq_desc *desc) +static void cf_check mask_IO_APIC_irq(struct irq_desc *desc) { unsigned long flags; @@ -482,7 +482,7 @@ static void mask_IO_APIC_irq(struct irq_desc *desc) spin_unlock_irqrestore(&ioapic_lock, flags); } -static void unmask_IO_APIC_irq(struct irq_desc *desc) +static void cf_check unmask_IO_APIC_irq(struct irq_desc *desc) { unsigned long flags; @@ -567,7 +567,7 @@ static void clear_IO_APIC (void) } } -static void +static void cf_check set_ioapic_affinity_irq(struct irq_desc *desc, const cpumask_t *mask) { unsigned int dest; @@ -1547,7 +1547,7 @@ static int __init timer_irq_works(void) * This is not complete - we should be able to fake * an edge even if it isn't on the 8259A... */ -static unsigned int startup_edge_ioapic_irq(struct irq_desc *desc) +static unsigned int cf_check startup_edge_ioapic_irq(struct irq_desc *desc) { int was_pending = 0; unsigned long flags; @@ -1569,7 +1569,7 @@ static unsigned int startup_edge_ioapic_irq(struct irq_desc *desc) * interrupt for real. This prevents IRQ storms from unhandled * devices. */ -static void ack_edge_ioapic_irq(struct irq_desc *desc) +static void cf_check ack_edge_ioapic_irq(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); @@ -1594,7 +1594,7 @@ static void ack_edge_ioapic_irq(struct irq_desc *desc) * generic IRQ layer and by the fact that an unacked local * APIC does not accept IRQs. */ -static unsigned int startup_level_ioapic_irq(struct irq_desc *desc) +static unsigned int cf_check startup_level_ioapic_irq(struct irq_desc *desc) { unmask_IO_APIC_irq(desc); @@ -1652,7 +1652,7 @@ static bool io_apic_level_ack_pending(unsigned int irq) return 0; } -static void mask_and_ack_level_ioapic_irq(struct irq_desc *desc) +static void cf_check mask_and_ack_level_ioapic_irq(struct irq_desc *desc) { unsigned long v; int i; @@ -1702,7 +1702,7 @@ static void mask_and_ack_level_ioapic_irq(struct irq_desc *desc) } } -static void end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) +static void cf_check end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) { if ( directed_eoi_enabled ) { @@ -1723,7 +1723,7 @@ static void end_level_ioapic_irq_old(struct irq_desc *desc, u8 vector) unmask_IO_APIC_irq(desc); } -static void end_level_ioapic_irq_new(struct irq_desc *desc, u8 vector) +static void cf_check end_level_ioapic_irq_new(struct irq_desc *desc, u8 vector) { /* * It appears there is an erratum which affects at least version 0x11 @@ -1807,7 +1807,7 @@ static inline void init_IO_APIC_traps(void) make_8259A_irq(irq); } -static void enable_lapic_irq(struct irq_desc *desc) +static void cf_check enable_lapic_irq(struct irq_desc *desc) { unsigned long v; @@ -1815,7 +1815,7 @@ static void enable_lapic_irq(struct irq_desc *desc) apic_write(APIC_LVT0, v & ~APIC_LVT_MASKED); } -static void disable_lapic_irq(struct irq_desc *desc) +static void cf_check disable_lapic_irq(struct irq_desc *desc) { unsigned long v; @@ -1823,7 +1823,7 @@ static void disable_lapic_irq(struct irq_desc *desc) apic_write(APIC_LVT0, v | APIC_LVT_MASKED); } -static void ack_lapic_irq(struct irq_desc *desc) +static void cf_check ack_lapic_irq(struct irq_desc *desc) { ack_APIC_irq(); } diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 61e09a356f..285ac399fb 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -468,7 +468,7 @@ int __init init_irq_data(void) return 0; } -static void ack_none(struct irq_desc *desc) +static void cf_check ack_none(struct irq_desc *desc) { ack_bad_irq(desc->irq); } @@ -832,7 +832,7 @@ static void send_cleanup_vector(struct irq_desc *desc) desc->arch.move_in_progress = 0; } -void irq_complete_move(struct irq_desc *desc) +void cf_check irq_complete_move(struct irq_desc *desc) { unsigned vector, me; @@ -1086,7 +1086,7 @@ bool cpu_has_pending_apic_eoi(void) return pending_eoi_sp(this_cpu(pending_eoi)) != 0; } -void end_nonmaskable_irq(struct irq_desc *desc, uint8_t vector) +void cf_check end_nonmaskable_irq(struct irq_desc *desc, uint8_t vector) { struct pending_eoi *peoi = this_cpu(pending_eoi); unsigned int sp = pending_eoi_sp(peoi); diff --git a/xen/arch/x86/msi.c b/xen/arch/x86/msi.c index 77a4fbf13f..b32b1378f8 100644 --- a/xen/arch/x86/msi.c +++ b/xen/arch/x86/msi.c @@ -241,7 +241,7 @@ static int write_msi_msg(struct msi_desc *entry, struct msi_msg *msg) return 0; } -void set_msi_affinity(struct irq_desc *desc, const cpumask_t *mask) +void cf_check set_msi_affinity(struct irq_desc *desc, const cpumask_t *mask) { struct msi_msg msg; unsigned int dest; @@ -416,14 +416,14 @@ static int msi_get_mask_bit(const struct msi_desc *entry) return -1; } -void mask_msi_irq(struct irq_desc *desc) +void cf_check mask_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 1, desc->msi_desc->msi_attrib.guest_masked)) ) BUG_ON(!(desc->status & IRQ_DISABLED)); } -void unmask_msi_irq(struct irq_desc *desc) +void cf_check unmask_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 0, desc->msi_desc->msi_attrib.guest_masked)) ) @@ -435,26 +435,26 @@ void guest_mask_msi_irq(struct irq_desc *desc, bool mask) msi_set_mask_bit(desc, desc->msi_desc->msi_attrib.host_masked, mask); } -static unsigned int startup_msi_irq(struct irq_desc *desc) +static unsigned int cf_check startup_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 0, !!(desc->status & IRQ_GUEST))) ) WARN(); return 0; } -static void shutdown_msi_irq(struct irq_desc *desc) +static void cf_check shutdown_msi_irq(struct irq_desc *desc) { if ( unlikely(!msi_set_mask_bit(desc, 1, 1)) ) BUG_ON(!(desc->status & IRQ_DISABLED)); } -void ack_nonmaskable_msi_irq(struct irq_desc *desc) +void cf_check ack_nonmaskable_msi_irq(struct irq_desc *desc) { irq_complete_move(desc); move_native_irq(desc); } -static void ack_maskable_msi_irq(struct irq_desc *desc) +static void cf_check ack_maskable_msi_irq(struct irq_desc *desc) { ack_nonmaskable_msi_irq(desc); ack_APIC_irq(); /* ACKTYPE_NONE */ diff --git a/xen/common/irq.c b/xen/common/irq.c index f42512db33..727cf8bd22 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -27,15 +27,15 @@ int init_one_irq_desc(struct irq_desc *desc) return err; } -void no_action(int cpl, void *dev_id, struct cpu_user_regs *regs) +void cf_check no_action(int cpl, void *dev_id, struct cpu_user_regs *regs) { } -void irq_actor_none(struct irq_desc *desc) +void cf_check irq_actor_none(struct irq_desc *desc) { } -unsigned int irq_startup_none(struct irq_desc *desc) +unsigned int cf_check irq_startup_none(struct irq_desc *desc) { return 0; } diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index d2ad282e93..657c7f619a 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -410,7 +410,7 @@ static void amd_iommu_msi_enable(struct amd_iommu *iommu, int flag) PCI_FUNC(iommu->bdf), iommu->msi.msi_attrib.pos, flag); } -static void iommu_msi_unmask(struct irq_desc *desc) +static void cf_check iommu_msi_unmask(struct irq_desc *desc) { unsigned long flags; struct amd_iommu *iommu = desc->action->dev_id; @@ -421,7 +421,7 @@ static void iommu_msi_unmask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 0; } -static void iommu_msi_mask(struct irq_desc *desc) +static void cf_check iommu_msi_mask(struct irq_desc *desc) { unsigned long flags; struct amd_iommu *iommu = desc->action->dev_id; @@ -434,13 +434,13 @@ static void iommu_msi_mask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 1; } -static unsigned int iommu_msi_startup(struct irq_desc *desc) +static unsigned int cf_check iommu_msi_startup(struct irq_desc *desc) { iommu_msi_unmask(desc); return 0; } -static void iommu_msi_end(struct irq_desc *desc, u8 vector) +static void cf_check iommu_msi_end(struct irq_desc *desc, u8 vector) { iommu_msi_unmask(desc); end_nonmaskable_irq(desc, vector); @@ -458,14 +458,14 @@ static hw_irq_controller iommu_msi_type = { .set_affinity = set_msi_affinity, }; -static unsigned int iommu_maskable_msi_startup(struct irq_desc *desc) +static unsigned int cf_check iommu_maskable_msi_startup(struct irq_desc *desc) { iommu_msi_unmask(desc); unmask_msi_irq(desc); return 0; } -static void iommu_maskable_msi_shutdown(struct irq_desc *desc) +static void cf_check iommu_maskable_msi_shutdown(struct irq_desc *desc) { mask_msi_irq(desc); iommu_msi_mask(desc); @@ -489,7 +489,8 @@ static hw_irq_controller iommu_maskable_msi_type = { .set_affinity = set_msi_affinity, }; -static void set_x2apic_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check set_x2apic_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct amd_iommu *iommu = desc->action->dev_id; unsigned int dest = set_desc_affinity(desc, mask); diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f2a5a4b4e4..56968a06a1 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1080,7 +1080,7 @@ static void cf_check iommu_page_fault( tasklet_schedule(&vtd_fault_tasklet); } -static void dma_msi_unmask(struct irq_desc *desc) +static void cf_check dma_msi_unmask(struct irq_desc *desc) { struct vtd_iommu *iommu = desc->action->dev_id; unsigned long flags; @@ -1095,7 +1095,7 @@ static void dma_msi_unmask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 0; } -static void dma_msi_mask(struct irq_desc *desc) +static void cf_check dma_msi_mask(struct irq_desc *desc) { unsigned long flags; struct vtd_iommu *iommu = desc->action->dev_id; @@ -1110,26 +1110,27 @@ static void dma_msi_mask(struct irq_desc *desc) iommu->msi.msi_attrib.host_masked = 1; } -static unsigned int dma_msi_startup(struct irq_desc *desc) +static unsigned int cf_check dma_msi_startup(struct irq_desc *desc) { dma_msi_unmask(desc); return 0; } -static void dma_msi_ack(struct irq_desc *desc) +static void cf_check dma_msi_ack(struct irq_desc *desc) { irq_complete_move(desc); dma_msi_mask(desc); move_masked_irq(desc); } -static void dma_msi_end(struct irq_desc *desc, u8 vector) +static void cf_check dma_msi_end(struct irq_desc *desc, u8 vector) { dma_msi_unmask(desc); end_nonmaskable_irq(desc, vector); } -static void dma_msi_set_affinity(struct irq_desc *desc, const cpumask_t *mask) +static void cf_check dma_msi_set_affinity( + struct irq_desc *desc, const cpumask_t *mask) { struct msi_msg msg; unsigned int dest; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 43d567fe44..d8beadd16b 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -116,9 +116,9 @@ extern int request_irq(unsigned int irq, unsigned int irqflags, const char * devname, void *dev_id); extern hw_irq_controller no_irq_type; -extern void no_action(int cpl, void *dev_id, struct cpu_user_regs *regs); -extern unsigned int irq_startup_none(struct irq_desc *); -extern void irq_actor_none(struct irq_desc *); +void cf_check no_action(int cpl, void *dev_id, struct cpu_user_regs *regs); +unsigned int cf_check irq_startup_none(struct irq_desc *); +void cf_check irq_actor_none(struct irq_desc *); #define irq_shutdown_none irq_actor_none #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278021.475026 (Exim 4.92) (envelope-from ) id 1nN9rR-0006CN-D0; Thu, 24 Feb 2022 08:52:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278021.475026; Thu, 24 Feb 2022 08:52:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rR-0006CF-A7; Thu, 24 Feb 2022 08:52:29 +0000 Received: by outflank-mailman (input) for mailman id 278021; Thu, 24 Feb 2022 08:52:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rQ-0006C8-Bo for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rQ-00018x-B6 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9rQ-0005nm-AM for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Q6oQUEWZDSNmHUZ7A/h2grGO561pKqMlgEyCI04OY2s=; b=6rE/VRRlLs/dBOC2HMqDzlEbMB 1GZdoRUSeBSnJfMKWQPIpQDHS60mn7pVMqdvw/LypZM/qSIA76I8mUb76PjrHPUjIDPWycjkZGDK6 3If03RCCiz6gMlnyy1h5tH5dvtIo97EYhmVqR2KroyExfMdkhQexB+q/FBVkgX73KKLs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/apei: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:28 +0000 commit c028bde9a6960b440e537dbde2c0327fce7f4955 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:37:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/apei: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/drivers/acpi/apei/apei-base.c | 32 ++++++++++---------- xen/drivers/acpi/apei/apei-internal.h | 20 ++++++------ xen/drivers/acpi/apei/erst.c | 57 +++++++++++++++++------------------ 3 files changed, 54 insertions(+), 55 deletions(-) diff --git a/xen/drivers/acpi/apei/apei-base.c b/xen/drivers/acpi/apei/apei-base.c index 6f81e7fa36..de75c1cef9 100644 --- a/xen/drivers/acpi/apei/apei-base.c +++ b/xen/drivers/acpi/apei/apei-base.c @@ -80,8 +80,8 @@ int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val) return 0; } -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val = 0; @@ -94,8 +94,8 @@ int apei_exec_read_register(struct apei_exec_context *ctx, return 0; } -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -126,14 +126,14 @@ int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val) return rc; } -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->value); } -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -143,8 +143,8 @@ int apei_exec_write_register_value(struct apei_exec_context *ctx, return rc; } -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return 0; } @@ -230,9 +230,9 @@ static int __init apei_exec_for_each_entry(struct apei_exec_context *ctx, return 0; } -static int __init pre_map_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check pre_map_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; @@ -259,9 +259,9 @@ int __init apei_exec_pre_map_gars(struct apei_exec_context *ctx) return rc; } -static int __init post_unmap_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check post_unmap_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; diff --git a/xen/drivers/acpi/apei/apei-internal.h b/xen/drivers/acpi/apei/apei-internal.h index b813d55b92..360e94b9c8 100644 --- a/xen/drivers/acpi/apei/apei-internal.h +++ b/xen/drivers/acpi/apei/apei-internal.h @@ -68,16 +68,16 @@ static inline int apei_exec_run_optional(struct apei_exec_context *ctx, u8 actio int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val); int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val); -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); int apei_exec_pre_map_gars(struct apei_exec_context *ctx); int apei_exec_post_unmap_gars(struct apei_exec_context *ctx); diff --git a/xen/drivers/acpi/apei/erst.c b/xen/drivers/acpi/apei/erst.c index c5df512b98..40d8f00270 100644 --- a/xen/drivers/acpi/apei/erst.c +++ b/xen/drivers/acpi/apei/erst.c @@ -114,40 +114,40 @@ static int erst_timedout(u64 *t, u64 spin_unit) return 0; } -static int erst_exec_load_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var1); } -static int erst_exec_load_var2(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var2( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var2); } -static int erst_exec_store_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_store_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->var1); } -static int erst_exec_add(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 += ctx->var2; return 0; } -static int erst_exec_subtract(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 -= ctx->var2; return 0; } -static int erst_exec_add_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -160,8 +160,8 @@ static int erst_exec_add_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_subtract_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -174,8 +174,8 @@ static int erst_exec_subtract_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_stall(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { udelay((ctx->var1 > FIRMWARE_MAX_STALL) ? FIRMWARE_MAX_STALL : @@ -183,8 +183,8 @@ static int erst_exec_stall(struct apei_exec_context *ctx, return 0; } -static int erst_exec_stall_while_true(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall_while_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -205,9 +205,8 @@ static int erst_exec_stall_while_true(struct apei_exec_context *ctx, return 0; } -static int erst_exec_skip_next_instruction_if_true( - struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_skip_next_instruction_if_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -223,27 +222,27 @@ static int erst_exec_skip_next_instruction_if_true( return 0; } -static int erst_exec_goto(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_goto( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->ip = ctx->value; return APEI_EXEC_SET_IP; } -static int erst_exec_set_src_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_src_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->src_base); } -static int erst_exec_set_dst_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_dst_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->dst_base); } -static int erst_exec_move_data(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_move_data( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 offset; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278022.475030 (Exim 4.92) (envelope-from ) id 1nN9rb-0006FL-Eh; Thu, 24 Feb 2022 08:52:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278022.475030; Thu, 24 Feb 2022 08:52:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rb-0006FC-Bf; Thu, 24 Feb 2022 08:52:39 +0000 Received: by outflank-mailman (input) for mailman id 278022; Thu, 24 Feb 2022 08:52:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ra-0006F2-Ex for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ra-000197-EF for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ra-0005oU-De for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UpE/pO890bYsp46ZVEALURW1cSqtGqD9mGFcq9Y+kIM=; b=0P7CjAwv7zqKL+/S2x9CAWem/S xd2JbzZYSvh/pS59QjxcW5aK+7jVFyw1OtAyterjMtGmD7oOoXZ0QwDX9cf+BacEEFcglH2BT5bZs nd62SIyrG5XuHigffNX1+9j5CsiH9O1L3JFmtH5biiC5I9n+IIryBRozekEDk/IBDK5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/psr: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:38 +0000 commit ab340ffdd8851e04103fcdb397331e57e69f32ce Author: Andrew Cooper AuthorDate: Fri Oct 29 13:48:47 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/psr: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/psr.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 6c9cabf384..ccb761998f 100644 --- a/xen/arch/x86/psr.c +++ b/xen/arch/x86/psr.c @@ -282,7 +282,7 @@ static enum psr_feat_type psr_type_to_feat_type(enum psr_type type) } /* Implementation of allocation features' functions. */ -static bool cat_check_cbm(const struct feat_node *feat, uint32_t *val) +static bool cf_check cat_check_cbm(const struct feat_node *feat, uint32_t *val) { unsigned int first_bit, zero_bit; unsigned int cbm_len = feat->cat.cbm_len; @@ -417,8 +417,8 @@ static bool mba_init_feature(const struct cpuid_leaf *regs, return true; } -static bool cat_get_feat_info(const struct feat_node *feat, - uint32_t data[], unsigned int array_len) +static bool cf_check cat_get_feat_info( + const struct feat_node *feat, uint32_t data[], unsigned int array_len) { if ( array_len != PSR_INFO_ARRAY_SIZE ) return false; @@ -431,8 +431,8 @@ static bool cat_get_feat_info(const struct feat_node *feat, } /* L3 CAT props */ -static void l3_cat_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l3_cat_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_L3_MASK(cos), val); } @@ -447,8 +447,8 @@ static const struct feat_props l3_cat_props = { }; /* L3 CDP props */ -static bool l3_cdp_get_feat_info(const struct feat_node *feat, - uint32_t data[], uint32_t array_len) +static bool cf_check l3_cdp_get_feat_info( + const struct feat_node *feat, uint32_t data[], uint32_t array_len) { if ( !cat_get_feat_info(feat, data, array_len) ) return false; @@ -458,8 +458,8 @@ static bool l3_cdp_get_feat_info(const struct feat_node *feat, return true; } -static void l3_cdp_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l3_cdp_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(((type == PSR_TYPE_L3_DATA) ? MSR_IA32_PSR_L3_MASK_DATA(cos) : @@ -478,8 +478,8 @@ static const struct feat_props l3_cdp_props = { }; /* L2 CAT props */ -static void l2_cat_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check l2_cat_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_L2_MASK(cos), val); } @@ -494,8 +494,8 @@ static const struct feat_props l2_cat_props = { }; /* MBA props */ -static bool mba_get_feat_info(const struct feat_node *feat, - uint32_t data[], unsigned int array_len) +static bool cf_check mba_get_feat_info( + const struct feat_node *feat, uint32_t data[], unsigned int array_len) { ASSERT(array_len == PSR_INFO_ARRAY_SIZE); @@ -508,13 +508,14 @@ static bool mba_get_feat_info(const struct feat_node *feat, return true; } -static void mba_write_msr(unsigned int cos, uint32_t val, - enum psr_type type) +static void cf_check mba_write_msr( + unsigned int cos, uint32_t val, enum psr_type type) { wrmsrl(MSR_IA32_PSR_MBA_MASK(cos), val); } -static bool mba_sanitize_thrtl(const struct feat_node *feat, uint32_t *thrtl) +static bool cf_check mba_sanitize_thrtl( + const struct feat_node *feat, uint32_t *thrtl) { /* * Per SDM (chapter "Memory Bandwidth Allocation Configuration"): -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278023.475034 (Exim 4.92) (envelope-from ) id 1nN9rl-0006IP-G5; Thu, 24 Feb 2022 08:52:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278023.475034; Thu, 24 Feb 2022 08:52:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rl-0006IH-D9; Thu, 24 Feb 2022 08:52:49 +0000 Received: by outflank-mailman (input) for mailman id 278023; Thu, 24 Feb 2022 08:52:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rk-0006I8-II for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rk-00019K-Hf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9rk-0005pB-Gr for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V3GjFxehv0XQ26zcX1+TodYz9pgcjQCtFDl+Qld9dSc=; b=eoVh31Sz8jdwhnmUG/Ux+rgV9N TFKmuB4Zyyqwv5n9UNR11J5mZ61m/LwPqE6pm1VVOGNnQhhnvSrGL0sQWbp/jC2gEFfIVuCZK8OLQ SYDrjGKMAo7zcx6B4SsL/kbIoyQ0i8ijnTnx5yjjL3cSGM/IOOn1BTVousP2F27sFRVc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/dpci: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:48 +0000 commit 47fa059e4e661c541fc407169411f214c9ab9d6f Author: Andrew Cooper AuthorDate: Fri Oct 29 15:47:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/dpci: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/drivers/passthrough/vtd/x86/hvm.c | 4 ++-- xen/drivers/passthrough/x86/hvm.c | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4cf313a0ad..cdd1529014 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -474,8 +474,8 @@ void hvm_migrate_pirq(struct hvm_pirq_dpci *pirq_dpci, const struct vcpu *v) } } -static int migrate_pirq(struct domain *d, struct hvm_pirq_dpci *pirq_dpci, - void *arg) +static int cf_check migrate_pirq( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { hvm_migrate_pirq(pirq_dpci, arg); diff --git a/xen/drivers/passthrough/vtd/x86/hvm.c b/xen/drivers/passthrough/vtd/x86/hvm.c index b531fe907a..132d252d1c 100644 --- a/xen/drivers/passthrough/vtd/x86/hvm.c +++ b/xen/drivers/passthrough/vtd/x86/hvm.c @@ -21,8 +21,8 @@ #include #include -static int _hvm_dpci_isairq_eoi(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check _hvm_dpci_isairq_eoi( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { struct hvm_irq *hvm_irq = hvm_domain_irq(d); unsigned int isairq = (long)arg; diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c index 0e3c0f6aee..0f94203af8 100644 --- a/xen/drivers/passthrough/x86/hvm.c +++ b/xen/drivers/passthrough/x86/hvm.c @@ -777,8 +777,8 @@ static void __msi_pirq_eoi(struct hvm_pirq_dpci *pirq_dpci) } } -static int _hvm_dpci_msi_eoi(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check _hvm_dpci_msi_eoi( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { int vector = (long)arg; @@ -947,8 +947,8 @@ unlock: spin_unlock(&d->event_lock); } -static int pci_clean_dpci_irq(struct domain *d, - struct hvm_pirq_dpci *pirq_dpci, void *arg) +static int cf_check pci_clean_dpci_irq( + struct domain *d, struct hvm_pirq_dpci *pirq_dpci, void *arg) { struct dev_intx_gsi_link *digl, *tmp; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:52:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:52:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278024.475038 (Exim 4.92) (envelope-from ) id 1nN9rv-0006LB-HZ; Thu, 24 Feb 2022 08:52:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278024.475038; Thu, 24 Feb 2022 08:52:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9rv-0006L3-Ef; Thu, 24 Feb 2022 08:52:59 +0000 Received: by outflank-mailman (input) for mailman id 278024; Thu, 24 Feb 2022 08:52:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ru-0006Kw-Lg for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ru-00019U-Kz for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ru-0005py-KM for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:52:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aBNm9lPMA1eiXjFK+i88WhGUiTm6dtTWYWFgUQ4uH38=; b=Hytki/ba4BEDNHJvW6yel30Rfm AnOj+ry9nhTREy/RSQLepaIuo2LwSOjVe9hzjqPxxqarjuudii7gcEhJCY0bTh09bAnY2d7HesDkJ XN0NnIhoLAI+Gfd4SVxy/CU6kaLXA2PPbiXCb25Bg+zNKl+Nhe2KtUQmy1YYz8zXP9uM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pt: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:52:58 +0000 commit e236fb0798f46d1c15bacdc1d52dc906c74e0ff8 Author: Andrew Cooper AuthorDate: Fri Oct 29 19:47:47 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/pt: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/emul-i8254.c | 2 +- xen/arch/x86/hvm/hpet.c | 2 +- xen/arch/x86/hvm/rtc.c | 2 +- xen/arch/x86/hvm/vlapic.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/emul-i8254.c b/xen/arch/x86/emul-i8254.c index d170f464d9..18894b6348 100644 --- a/xen/arch/x86/emul-i8254.c +++ b/xen/arch/x86/emul-i8254.c @@ -156,7 +156,7 @@ static int pit_get_gate(PITState *pit, int channel) return pit->hw.channels[channel].gate; } -static void pit_time_fired(struct vcpu *v, void *priv) +static void cf_check pit_time_fired(struct vcpu *v, void *priv) { uint64_t *count_load_time = priv; TRACE_0D(TRC_HVM_EMUL_PIT_TIMER_CB); diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index ed512fa65b..45c7b9b406 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -219,7 +219,7 @@ static void hpet_stop_timer(HPETState *h, unsigned int tn, hpet_get_comparator(h, tn, guest_time); } -static void hpet_timer_fired(struct vcpu *v, void *data) +static void cf_check hpet_timer_fired(struct vcpu *v, void *data) { unsigned int tn = (unsigned long)data; HPETState *h = vcpu_vhpet(v); diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index ed397276fa..d21925db08 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -81,7 +81,7 @@ static void rtc_update_irq(RTCState *s) /* Called by the VPT code after it's injected a PF interrupt for us. * Fix up the register state to reflect what happened. */ -static void rtc_pf_callback(struct vcpu *v, void *opaque) +static void cf_check rtc_pf_callback(struct vcpu *v, void *opaque) { RTCState *s = opaque; diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index d4e29ef1ff..49be9c8ea4 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -691,13 +691,13 @@ int guest_rdmsr_x2apic(const struct vcpu *v, uint32_t msr, uint64_t *val) return X86EMUL_OKAY; } -static void vlapic_pt_cb(struct vcpu *v, void *data) +static void cf_check vlapic_pt_cb(struct vcpu *v, void *data) { TRACE_0D(TRC_HVM_EMUL_LAPIC_TIMER_CB); *(s_time_t *)data = hvm_get_guest_time(v); } -static void vlapic_tdt_pt_cb(struct vcpu *v, void *data) +static void cf_check vlapic_tdt_pt_cb(struct vcpu *v, void *data) { *(s_time_t *)data = hvm_get_guest_time(v); vcpu_vlapic(v)->hw.tdt_msr = 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:53:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:53:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278026.475055 (Exim 4.92) (envelope-from ) id 1nN9s5-0006h1-Tp; Thu, 24 Feb 2022 08:53:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278026.475055; Thu, 24 Feb 2022 08:53:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9s5-0006gj-Oc; Thu, 24 Feb 2022 08:53:09 +0000 Received: by outflank-mailman (input) for mailman id 278026; Thu, 24 Feb 2022 08:53:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9s4-0006gD-P9 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9s4-0001AA-OM for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9s4-0005qq-NQ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Or5Pecgva+MRo/EIM+o15fdYz6zRPGQ4ckHz38u/pDE=; b=MdGZU1x5wfWS3asmBdBIeIuvZR wCWZyL2Qe2lD81slI/UqdAqVFrL7vYgvYqb51GP8OPNTI+efgR0AtLVetDhepMrEan4wHqgNf1K6+ hNGVxREYfYe87HdH7J6H5t3smBvlNZEo0xRVB5Kx6xDEa+YVq4RItDF1rgZBhA3wT6Js=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/time: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:53:08 +0000 commit 031ea741c27e3534dd8b7eb6283234d0af6a7d3f Author: Andrew Cooper AuthorDate: Fri Oct 29 17:40:17 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/time: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hpet.c | 8 ++++---- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 33 +++++++++++++++++---------------- 3 files changed, 23 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 19cab52587..bc164dd82c 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -193,7 +193,7 @@ static void evt_do_broadcast(cpumask_t *mask) cpumask_raise_softirq(mask, TIMER_SOFTIRQ); } -static void handle_hpet_broadcast(struct hpet_event_channel *ch) +static void cf_check handle_hpet_broadcast(struct hpet_event_channel *ch) { cpumask_t mask; s_time_t now, next_event; @@ -550,7 +550,7 @@ static void hpet_detach_channel(unsigned int cpu, void (*__read_mostly pv_rtc_handler)(uint8_t index, uint8_t value); -static void handle_rtc_once(uint8_t index, uint8_t value) +static void cf_check handle_rtc_once(uint8_t index, uint8_t value) { if ( index != RTC_REG_B ) return; @@ -563,7 +563,7 @@ static void handle_rtc_once(uint8_t index, uint8_t value) } } -void __init hpet_broadcast_init(void) +void __init cf_check hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void hpet_broadcast_resume(void) +void cf_check hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index f343fe4740..9919f74730 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void hpet_broadcast_init(void); -void hpet_broadcast_resume(void); +void cf_check hpet_broadcast_init(void); +void cf_check hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index d5ec58a360..c005388e32 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -309,7 +309,7 @@ static uint64_t adjust_elapsed(uint64_t elapsed, uint32_t actual, * PLATFORM TIMER 1: PROGRAMMABLE INTERVAL TIMER (LEGACY PIT) */ -static u64 read_pit_count(void) +static u64 cf_check read_pit_count(void) { u16 count16; u32 count32; @@ -328,7 +328,7 @@ static u64 read_pit_count(void) return count32; } -static s64 __init init_pit(struct platform_timesource *pts) +static s64 __init cf_check init_pit(struct platform_timesource *pts) { u8 portb = inb(0x61); u64 start, end; @@ -366,7 +366,7 @@ static s64 __init init_pit(struct platform_timesource *pts) return (end - start) * CALIBRATE_FRAC; } -static void resume_pit(struct platform_timesource *pts) +static void cf_check resume_pit(struct platform_timesource *pts) { /* Set CTC channel 2 to mode 0 again; initial value does not matter. */ outb(0xb0, PIT_MODE); /* binary, mode 0, LSB/MSB, Ch 2 */ @@ -389,12 +389,12 @@ static struct platform_timesource __initdata plt_pit = * PLATFORM TIMER 2: HIGH PRECISION EVENT TIMER (HPET) */ -static u64 read_hpet_count(void) +static u64 cf_check read_hpet_count(void) { return hpet_read32(HPET_COUNTER); } -static int64_t __init init_hpet(struct platform_timesource *pts) +static int64_t __init cf_check init_hpet(struct platform_timesource *pts) { uint64_t hpet_rate, start; uint32_t count, target, elapsed; @@ -477,7 +477,7 @@ static int64_t __init init_hpet(struct platform_timesource *pts) return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); } -static void resume_hpet(struct platform_timesource *pts) +static void cf_check resume_hpet(struct platform_timesource *pts) { hpet_resume(NULL); } @@ -502,12 +502,12 @@ unsigned int __initdata pmtmr_width; /* ACPI PM timer ticks at 3.579545 MHz. */ #define ACPI_PM_FREQUENCY 3579545 -static u64 read_pmtimer_count(void) +static u64 cf_check read_pmtimer_count(void) { return inl(pmtmr_ioport); } -static s64 __init init_pmtimer(struct platform_timesource *pts) +static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) { uint64_t start; uint32_t count, target, mask, elapsed; @@ -562,7 +562,7 @@ static unsigned int __initdata tsc_flags; * Called in verify_tsc_reliability() under reliable TSC conditions * thus reusing all the checks already performed there. */ -static s64 __init init_tsc(struct platform_timesource *pts) +static s64 __init cf_check init_tsc(struct platform_timesource *pts) { u64 ret = pts->frequency; @@ -584,7 +584,7 @@ static s64 __init init_tsc(struct platform_timesource *pts) return ret; } -static u64 read_tsc(void) +static u64 cf_check read_tsc(void) { return rdtsc_ordered(); } @@ -625,7 +625,7 @@ static uint64_t xen_timer_cpu_frequency(void) return freq; } -static int64_t __init init_xen_timer(struct platform_timesource *pts) +static int64_t __init cf_check init_xen_timer(struct platform_timesource *pts) { if ( !xen_guest ) return 0; @@ -646,7 +646,7 @@ static always_inline uint64_t read_cycle(const struct vcpu_time_info *info, return info->system_time + offset; } -static uint64_t read_xen_timer(void) +static uint64_t cf_check read_xen_timer(void) { struct vcpu_time_info *info = &this_cpu(vcpu_info)->time; uint32_t version; @@ -675,7 +675,7 @@ static uint64_t read_xen_timer(void) return ret; } -static void resume_xen_timer(struct platform_timesource *pts) +static void cf_check resume_xen_timer(struct platform_timesource *pts) { write_atomic(&xen_timer_last, 0); } @@ -701,7 +701,8 @@ static struct platform_timesource __initdata plt_xen_timer = static struct ms_hyperv_tsc_page *hyperv_tsc; static struct page_info *hyperv_tsc_page; -static int64_t __init init_hyperv_timer(struct platform_timesource *pts) +static int64_t __init cf_check init_hyperv_timer( + struct platform_timesource *pts) { paddr_t maddr; uint64_t tsc_msr, freq; @@ -744,7 +745,7 @@ static int64_t __init init_hyperv_timer(struct platform_timesource *pts) return freq; } -static uint64_t read_hyperv_timer(void) +static uint64_t cf_check read_hyperv_timer(void) { uint64_t scale, ret, tsc; int64_t offset; @@ -1720,7 +1721,7 @@ time_calibration_rendezvous_tail(const struct calibration_rendezvous *r, * Keep TSCs in sync when they run at the same rate, but may stop in * deep-sleep C states. */ -static void time_calibration_tsc_rendezvous(void *_r) +static void cf_check time_calibration_tsc_rendezvous(void *_r) { int i; struct calibration_rendezvous *r = _r; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:53:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:53:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278029.475056 (Exim 4.92) (envelope-from ) id 1nN9sF-0006sr-Ug; Thu, 24 Feb 2022 08:53:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278029.475056; Thu, 24 Feb 2022 08:53:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sF-0006sj-Rs; Thu, 24 Feb 2022 08:53:19 +0000 Received: by outflank-mailman (input) for mailman id 278029; Thu, 24 Feb 2022 08:53:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sE-0006sS-SQ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sE-0001AK-Rf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9sE-0005rR-Qy for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oWiN8c11MISabOarV+ZQjTTHZvqewuTs+MsYOjTNGXM=; b=jRPQXp8Iay+ZHVe+BgCcFXNvAg fWG5azsdgnJJl5QouDRCDK9nPpOCL4PkBGqP4iwRumtAndZPVPrR6QKC0/TF5Z1+TXMcAJQrHiR+g X/dAdcmzUuXsjiQXGzHLvYgRbvyRx9hlxE62ym9m5/Ob3B7bwDLJVKHnVWhdxKpEn5ug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/misc: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:53:18 +0000 commit 07d6c4fa3e329a91767d0230f21da53a4ec84a95 Author: Andrew Cooper AuthorDate: Thu Oct 28 12:31:20 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/misc: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/extable.c | 4 ++-- xen/common/efi/boot.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 51ef863d78..4d1875585f 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -23,7 +23,7 @@ static inline unsigned long ex_cont(const struct exception_table_entry *x) return EX_FIELD(x, cont); } -static int init_or_livepatch cmp_ex(const void *a, const void *b) +static int init_or_livepatch cf_check cmp_ex(const void *a, const void *b) { const struct exception_table_entry *l = a, *r = b; unsigned long lip = ex_addr(l); @@ -37,7 +37,7 @@ static int init_or_livepatch cmp_ex(const void *a, const void *b) return 0; } -static void init_or_livepatch swap_ex(void *a, void *b, size_t size) +static void init_or_livepatch cf_check swap_ex(void *a, void *b, size_t size) { struct exception_table_entry *l = a, *r = b, tmp; long delta = b - a; diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index f31f68fd4c..4dd5ea6a06 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1497,7 +1497,7 @@ static __init void copy_mapping(unsigned long mfn, unsigned long end, unmap_domain_page(l3dst); } -static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check ram_range_valid(unsigned long smfn, unsigned long emfn) { unsigned long sz = pfn_to_pdx(emfn - 1) / PDX_GROUP_COUNT + 1; @@ -1506,7 +1506,7 @@ static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) pfn_to_pdx(smfn) / PDX_GROUP_COUNT) < sz; } -static bool __init rt_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check rt_range_valid(unsigned long smfn, unsigned long emfn) { return true; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:53:31 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:53:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278032.475063 (Exim 4.92) (envelope-from ) id 1nN9sR-0006zJ-1J; Thu, 24 Feb 2022 08:53:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278032.475063; Thu, 24 Feb 2022 08:53:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sQ-0006zA-TT; Thu, 24 Feb 2022 08:53:30 +0000 Received: by outflank-mailman (input) for mailman id 278032; Thu, 24 Feb 2022 08:53:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sO-0006yr-Vy for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sO-0001AW-VD for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9sO-0005sD-UZ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nfMOxp8bs5rE/XyU0yh37763MScaVeEbVotnjjsYKBo=; b=Vp5IYWunVcH40UThgfzso1DA9F O1FJ8jGto4R2BFBxG41ZOR2hSX9d1eVWpi2Uq780Xn9rTf0b0kKArLcyOecFajzEzpuDdce7lza/O J76vDqnpcVgb1h1oe5Ro+fkxLMS2+R6Yz9FNfDaG9dAddp7llYFaqY9zrUnsjlNXmRk8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/stack: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:53:28 +0000 commit 954bb07fdb5fadf7e341f84c90e950ae9dbbabbf Author: Andrew Cooper AuthorDate: Fri Oct 29 18:04:02 2021 +0100 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/stack: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. The function typecheck in switch_stack_and_jump() is incompatible with control flow typechecking. It's ok for reset_stack_and_jump_ind(), but for reset_stack_and_jump(), it would force us to endbr64 the targets which are branched to directly. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/domain.c | 6 +++--- xen/arch/x86/hvm/svm/svm.c | 6 +++--- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 8 ++++---- xen/arch/x86/include/asm/current.h | 6 ++++-- xen/arch/x86/include/asm/hvm/vmx/vmx.h | 2 +- xen/arch/x86/include/asm/pv/domain.h | 4 ++-- xen/arch/x86/pv/domain.c | 2 +- xen/arch/x86/x86_64/entry.S | 1 + 9 files changed, 20 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 55df2a23f8..a5048ed654 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -132,7 +132,7 @@ void play_dead(void) dead_idle(); } -static void noreturn idle_loop(void) +static void noreturn cf_check idle_loop(void) { unsigned int cpu = smp_processor_id(); /* @@ -1791,7 +1791,7 @@ static void save_segments(struct vcpu *v) } } -void paravirt_ctxt_switch_from(struct vcpu *v) +void cf_check paravirt_ctxt_switch_from(struct vcpu *v) { save_segments(v); @@ -1805,7 +1805,7 @@ void paravirt_ctxt_switch_from(struct vcpu *v) write_debugreg(7, 0); } -void paravirt_ctxt_switch_to(struct vcpu *v) +void cf_check paravirt_ctxt_switch_to(struct vcpu *v) { root_pgentry_t *root_pgt = this_cpu(root_pgt); diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index dedb2848e6..63535a74b5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -944,7 +944,7 @@ static inline void svm_tsc_ratio_load(struct vcpu *v) wrmsrl(MSR_AMD64_TSC_RATIO, hvm_tsc_scaling_ratio(v->domain)); } -static void svm_ctxt_switch_from(struct vcpu *v) +static void cf_check svm_ctxt_switch_from(struct vcpu *v) { int cpu = smp_processor_id(); @@ -969,7 +969,7 @@ static void svm_ctxt_switch_from(struct vcpu *v) enable_each_ist(idt_tables[cpu]); } -static void svm_ctxt_switch_to(struct vcpu *v) +static void cf_check svm_ctxt_switch_to(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; int cpu = smp_processor_id(); @@ -996,7 +996,7 @@ static void svm_ctxt_switch_to(struct vcpu *v) wrmsr_tsc_aux(v->arch.msrs->tsc_aux); } -static void noreturn svm_do_resume(void) +static void noreturn cf_check svm_do_resume(void) { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 60b506ac3f..e1e1fa14e6 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1865,7 +1865,7 @@ void vmx_vmentry_failure(void) void noreturn vmx_asm_do_vmentry(void); -void vmx_do_resume(void) +void cf_check vmx_do_resume(void) { struct vcpu *v = current; bool_t debug_state; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 2c4804f9b8..41db538a9e 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -63,8 +63,8 @@ static bool_t __initdata opt_force_ept; boolean_param("force-ept", opt_force_ept); -static void vmx_ctxt_switch_from(struct vcpu *v); -static void vmx_ctxt_switch_to(struct vcpu *v); +static void cf_check vmx_ctxt_switch_from(struct vcpu *v); +static void cf_check vmx_ctxt_switch_to(struct vcpu *v); static int alloc_vlapic_mapping(void); static void vmx_install_vlapic_mapping(struct vcpu *v); @@ -907,7 +907,7 @@ static void cf_check vmx_fpu_leave(struct vcpu *v) } } -static void vmx_ctxt_switch_from(struct vcpu *v) +static void cf_check vmx_ctxt_switch_from(struct vcpu *v) { /* * Return early if trying to do a context switch without VMX enabled, @@ -939,7 +939,7 @@ static void vmx_ctxt_switch_from(struct vcpu *v) vmx_pi_switch_from(v); } -static void vmx_ctxt_switch_to(struct vcpu *v) +static void cf_check vmx_ctxt_switch_to(struct vcpu *v) { vmx_restore_guest_msrs(v); vmx_restore_dr(v); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index dc0edd9ed0..da5e152a10 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -173,7 +173,6 @@ unsigned long get_stack_dump_bottom (unsigned long sp); #define switch_stack_and_jump(fn, instr, constr) \ ({ \ unsigned int tmp; \ - (void)((fn) == (void (*)(void))NULL); \ BUILD_BUG_ON(!ssaj_has_attr_noreturn(fn)); \ __asm__ __volatile__ ( \ SHADOW_STACK_WORK \ @@ -198,7 +197,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); /* The constraint may only specify non-call-clobbered registers. */ #define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") + ({ \ + (void)((fn) == (void (*)(void))NULL); \ + switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + }) /* * Which VCPU's state is currently running on each CPU? diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 5284fe931f..c2ebdd6864 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -93,7 +93,7 @@ typedef enum { void vmx_asm_vmexit_handler(struct cpu_user_regs); void vmx_intr_assist(void); -void noreturn vmx_do_resume(void); +void noreturn cf_check vmx_do_resume(void); void vmx_vlapic_msr_changed(struct vcpu *v); struct hvm_emulate_ctxt; void vmx_realmode_emulate_one(struct hvm_emulate_ctxt *hvmemul_ctxt); diff --git a/xen/arch/x86/include/asm/pv/domain.h b/xen/arch/x86/include/asm/pv/domain.h index 6b16da9d18..924508bbb4 100644 --- a/xen/arch/x86/include/asm/pv/domain.h +++ b/xen/arch/x86/include/asm/pv/domain.h @@ -118,8 +118,8 @@ static inline void pv_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) #endif /* CONFIG_PV */ -void paravirt_ctxt_switch_from(struct vcpu *v); -void paravirt_ctxt_switch_to(struct vcpu *v); +void cf_check paravirt_ctxt_switch_from(struct vcpu *v); +void cf_check paravirt_ctxt_switch_to(struct vcpu *v); #endif /* __X86_PV_DOMAIN_H__ */ diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 55146c15c8..f94f28c8e2 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -351,7 +351,7 @@ void pv_domain_destroy(struct domain *d) FREE_XENHEAP_PAGE(d->arch.pv.gdt_ldt_l1tab); } -void noreturn continue_pv_domain(void); +void noreturn cf_check continue_pv_domain(void); int pv_domain_initialise(struct domain *d) { diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 3eaf0e67b2..8494b97a54 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -625,6 +625,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:53:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:53:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278034.475065 (Exim 4.92) (envelope-from ) id 1nN9sb-00072r-1j; Thu, 24 Feb 2022 08:53:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278034.475065; Thu, 24 Feb 2022 08:53:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sa-00072j-V6; Thu, 24 Feb 2022 08:53:40 +0000 Received: by outflank-mailman (input) for mailman id 278034; Thu, 24 Feb 2022 08:53:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sZ-00072P-39 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sZ-0001Aj-2Q for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9sZ-0005sw-1c for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QnXkJg3arxpypW0sV5isZ1JGntAhl+I2wrH6OW9Iug8=; b=3upssnMrThJE1oNc0g/hMLCTaf H+/Ie37i2Rj38ELmhMZSqc6wBFBnCHnlpIzlB1IzKWum9YKIDuouJjfL9wtpE6qhJ8vw7ubvokD0y 2BpOHwA/SseowJctKBhaToHrUtmJf68AM14X2a6HIsUxnLnSz4SryxkQ9L+2p6iIMovA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/bugframe: CFI hardening Message-Id: Date: Thu, 24 Feb 2022 08:53:39 +0000 commit 640ce8af9cd09a13c68fa3472f498de022606df3 Author: Andrew Cooper AuthorDate: Tue Nov 2 20:58:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/bugframe: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. run_in_exception_handler() managed to escape typechecking, as the compiler can't see where function pointer gets called. After adding some ad-hoc typechecking, it turns out that dump_execution_state() alone differs in const-ness from the other users of run_in_exception_handler(). Introduce a new show_execution_state_nonconst() to make the typechecking happy. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/include/asm/bug.h | 10 +++++++++- xen/arch/x86/include/asm/processor.h | 4 +++- xen/arch/x86/traps.c | 5 +++++ xen/common/keyhandler.c | 4 ++-- xen/drivers/char/ehci-dbgp.c | 2 +- xen/drivers/char/ns16550.c | 2 +- xen/include/xen/lib.h | 2 +- 7 files changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/bug.h b/xen/arch/x86/include/asm/bug.h index 9bb4a19420..b7265bdfbe 100644 --- a/xen/arch/x86/include/asm/bug.h +++ b/xen/arch/x86/include/asm/bug.h @@ -65,7 +65,15 @@ struct bug_frame { unreachable(); \ } while (0) -#define run_in_exception_handler(fn) BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL) +/* + * TODO: untangle header dependences, break BUILD_BUG_ON() out of xen/lib.h, + * and use a real static inline here to get proper type checking of fn(). + */ +#define run_in_exception_handler(fn) \ + do { \ + (void)((fn) == (void (*)(struct cpu_user_regs *))NULL); \ + BUG_FRAME(BUGFRAME_run_fn, 0, fn, 0, NULL); \ + } while ( 0 ) #define assert_failed(msg) do { \ BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \ diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/asm/processor.h index 23639d5479..8e2816fae9 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -496,7 +496,9 @@ void show_code(const struct cpu_user_regs *regs); void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs); void show_registers(const struct cpu_user_regs *regs); void show_execution_state(const struct cpu_user_regs *regs); -#define dump_execution_state() run_in_exception_handler(show_execution_state) +void cf_check show_execution_state_nonconst(struct cpu_user_regs *regs); +#define dump_execution_state() \ + run_in_exception_handler(show_execution_state_nonconst) void show_page_walk(unsigned long addr); void noreturn fatal_trap(const struct cpu_user_regs *regs, bool_t show_remote); diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 7b95710193..a2278d9499 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -681,6 +681,11 @@ void show_execution_state(const struct cpu_user_regs *regs) console_unlock_recursive_irqrestore(flags); } +void cf_check show_execution_state_nonconst(struct cpu_user_regs *regs) +{ + show_execution_state(regs); +} + void vcpu_show_execution_state(struct vcpu *v) { unsigned long flags = 0; diff --git a/xen/common/keyhandler.c b/xen/common/keyhandler.c index 5dc650a37c..b6e22d8120 100644 --- a/xen/common/keyhandler.c +++ b/xen/common/keyhandler.c @@ -138,7 +138,7 @@ static void cf_check show_handlers(unsigned char key) static cpumask_t dump_execstate_mask; -void dump_execstate(struct cpu_user_regs *regs) +void cf_check dump_execstate(struct cpu_user_regs *regs) { unsigned int cpu = smp_processor_id(); @@ -490,7 +490,7 @@ static void cf_check run_all_keyhandlers( tasklet_schedule(&run_all_keyhandlers_tasklet); } -static void do_debugger_trap_fatal(struct cpu_user_regs *regs) +static void cf_check do_debugger_trap_fatal(struct cpu_user_regs *regs) { (void)debugger_trap_fatal(0xf001, regs); diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c index e205c0da6a..16c8ff394d 100644 --- a/xen/drivers/char/ehci-dbgp.c +++ b/xen/drivers/char/ehci-dbgp.c @@ -1247,7 +1247,7 @@ static int cf_check ehci_dbgp_getc(struct serial_port *port, char *pc) /* Safe: ehci_dbgp_poll() runs as timer handler, so not reentrant. */ static struct serial_port *poll_port; -static void _ehci_dbgp_poll(struct cpu_user_regs *regs) +static void cf_check _ehci_dbgp_poll(struct cpu_user_regs *regs) { struct serial_port *port = poll_port; struct ehci_dbgp *dbgp = port->uart; diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index 8df1ee4d5c..e5b4a90855 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -206,7 +206,7 @@ static void cf_check ns16550_interrupt( /* Safe: ns16550_poll() runs as softirq so not reentrant on a given CPU. */ static DEFINE_PER_CPU(struct serial_port *, poll_port); -static void __ns16550_poll(struct cpu_user_regs *regs) +static void cf_check __ns16550_poll(struct cpu_user_regs *regs) { struct serial_port *port = this_cpu(poll_port); struct ns16550 *uart = port->uart; diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index aea60d2927..bf6470a2e7 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -199,7 +199,7 @@ extern char *print_tainted(char *str); extern void add_taint(unsigned int taint); struct cpu_user_regs; -void dump_execstate(struct cpu_user_regs *); +void cf_check dump_execstate(struct cpu_user_regs *); void init_constructors(void); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:53:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:53:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278035.475069 (Exim 4.92) (envelope-from ) id 1nN9sl-00077f-3G; Thu, 24 Feb 2022 08:53:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278035.475069; Thu, 24 Feb 2022 08:53:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sl-00077X-0O; Thu, 24 Feb 2022 08:53:51 +0000 Received: by outflank-mailman (input) for mailman id 278035; Thu, 24 Feb 2022 08:53:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sj-00077H-5y for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sj-0001An-5F for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9sj-0005uV-4d for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pY1Fl5udUcOrf7zZwlyIHqR98BFKK7F7XA3kSU+l7B4=; b=dmFXQ+wqYNaBHO7WmbuH316u/G oAwM17/MFzM2fq3vMMbVrCM8pmc8St6YhRih9ZH3BnEjSjKicXA0fh6V7gbYw3rXgt6MaIxhIJ06Z eB4lJuDNeL7LOt+OMyiEgNpPS/h2tBZsVgaaHMZMe4u+k6XbDei/s/Z1RhimR6ZPmoOQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Use control flow typechecking where possible Message-Id: Date: Thu, 24 Feb 2022 08:53:49 +0000 commit 5d59421815d57f437fccea6ac516c2d23a35bbdb Author: Andrew Cooper AuthorDate: Thu Nov 11 13:09:19 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Use control flow typechecking where possible Now all indirect branch targets have been annotated, turn on typechecking to catch issues in the future. This extension isn't in a released version of GCC yet, so provide a container to use with the extension included, and add it to CI. RANDCONFIG is necessary because some stubs for compiled-out subsystems are used as function pointer targets. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- automation/build/debian/buster-gcc-ibt.dockerfile | 66 +++++++++++++++++++++++ automation/gitlab-ci/build.yaml | 6 +++ automation/scripts/containerize | 1 + xen/arch/x86/arch.mk | 1 + 4 files changed, 74 insertions(+) diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile b/automation/build/debian/buster-gcc-ibt.dockerfile new file mode 100644 index 0000000000..441d9a9ab3 --- /dev/null +++ b/automation/build/debian/buster-gcc-ibt.dockerfile @@ -0,0 +1,66 @@ +FROM debian:buster-slim AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + build-essential \ + flex \ + libc6-dev-i386 \ + libgmp-dev \ + libisl-dev \ + libmpc-dev \ + libmpfr-dev \ + patch \ + wget + +RUN mkdir /build +WORKDIR /build + +RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz -O - | tar xJ --strip=1 +RUN wget -q https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch -O - | patch -p1 +RUN ./configure \ + --prefix=/opt/gcc-11-ibt \ + --enable-languages=c \ + --disable-nls \ + --disable-threads \ + --disable-bootstrap \ + --disable-shared \ + --disable-libmudflap \ + --disable-libssp \ + --disable-libgomp \ + --disable-decimal-float \ + --disable-libquadmath \ + --disable-libatomic \ + --disable-libcc1 \ + --disable-libmpx +RUN make -j`nproc` && make -j`nproc` install + + +FROM debian:buster-slim +COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt + +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV PATH="/opt/gcc-11-ibt/bin:${PATH}" + +RUN mkdir /build +WORKDIR /build + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + checkpolicy \ + flex \ + gawk \ + make \ + python3 \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index fdd5c76582..cc36428cf5 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -294,6 +294,12 @@ debian-stretch-32-gcc-debug: variables: CONTAINER: debian:stretch-i386 +debian-buster-gcc-ibt: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:buster-gcc-ibt + RANDCONFIG: y + debian-unstable-clang: extends: .clang-x86-64-build variables: diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 7682ccd347..8992c67278 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -33,6 +33,7 @@ case "_${CONTAINER}" in _focal) CONTAINER="${BASE}/ubuntu:focal" ;; _jessie) CONTAINER="${BASE}/debian:jessie" ;; _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; + _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;; _unstable|_) CONTAINER="${BASE}/debian:unstable" ;; _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;; _xenial) CONTAINER="${BASE}/ubuntu:xenial" ;; diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f780c912a9..92fd198110 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -54,6 +54,7 @@ endif ifdef CONFIG_XEN_IBT CFLAGS += -fcf-protection=branch -mmanual-endbr +$(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278037.475072 (Exim 4.92) (envelope-from ) id 1nN9sv-0007Av-56; Thu, 24 Feb 2022 08:54:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278037.475072; Thu, 24 Feb 2022 08:54:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9sv-0007Aj-1n; Thu, 24 Feb 2022 08:54:01 +0000 Received: by outflank-mailman (input) for mailman id 278037; Thu, 24 Feb 2022 08:53:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9st-0007AP-8k for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9st-0001Ax-7z for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9st-0005w7-7Q for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:53:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iv8vvFKSzrR+eIsh+Q9c44HTmkoyRFqZxkvfWEfaULE=; b=JRWKD28u5iShG6P7z/qYr/k6D8 mR10XhrWinaSjKG2Fe3RFXezM8PSFp3dLKHVybBPb4cc7kiCgVGzdTQYu9eNWxkrn39TI7DrxMiTm sDB9Our8C3xThheHgvyFipUpgVriuFU7xxMT57O3xa7N3QE25tH/ylCuYPAkoZDoWP4w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Build check for embedded endbr64 instructions Message-Id: Date: Thu, 24 Feb 2022 08:53:59 +0000 commit 4d037425dccf6c5109d4939a6cd224d846827907 Author: Marek Marczykowski-Górecki AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Build check for embedded endbr64 instructions An interesting corner case occurs when the byte sequence making up endbr64 ends up on a non-instruction boundary. Such embedded instructions mark legal indirect branch targets as far as the CPU is concerned, which aren't legal as far as the logic is concerned. When CET-IBT is active, check for embedded byte sequences. Example failures look like: check-endbr.sh xen-syms Fail: Found 2 embedded endbr64 instructions 0xffff82d040325677: test_endbr64 at /local/xen.git/xen/arch/x86/x86_64/entry.S:28 0xffff82d040352da6: init_done at /local/xen.git/xen/arch/x86/setup.c:675 Signed-off-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- README | 1 + xen/arch/x86/Makefile | 6 ++++ xen/tools/check-endbr.sh | 86 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/README b/README index 562b808080..5e55047ffd 100644 --- a/README +++ b/README @@ -68,6 +68,7 @@ provided by your OS distributor: In addition to the above there are a number of optional build prerequisites. Omitting these will cause the related features to be disabled at compile time: + * Binary-search capable grep (if building Xen with CET support) * Development install of Ocaml (e.g. ocaml-nox and ocaml-findlib). Required to build ocaml components which includes the alternative ocaml xenstored. diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index db97ae8c07..b90146b756 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -142,6 +142,9 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* +ifeq ($(CONFIG_XEN_IBT),y) + $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ +endif $(obj)/note.o: $(TARGET)-syms $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin @@ -212,6 +215,9 @@ endif $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* +ifeq ($(CONFIG_XEN_IBT),y) + $(SHELL) $(BASEDIR)/tools/check-endbr.sh $@ +endif else $(TARGET).efi: FORCE rm -f $@ diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh new file mode 100755 index 0000000000..7fbb181b3c --- /dev/null +++ b/xen/tools/check-endbr.sh @@ -0,0 +1,86 @@ +#!/bin/sh +# +# Usage ./$0 xen-syms +# +set -e + +# Pretty-print parameters a little for message +MSG_PFX="${0##*/} ${1##*/}" + +OBJCOPY="${OBJCOPY:-objcopy}" +OBJDUMP="${OBJDUMP:-objdump}" +ADDR2LINE="${ADDR2LINE:-addr2line}" + +D=$(mktemp -d) +trap "rm -rf $D" EXIT + +TEXT_BIN=$D/xen-syms.text +VALID=$D/valid-addrs +ALL=$D/all-addrs +BAD=$D/bad-addrs + +# Check that grep can do binary searches. Some, e.g. busybox, can't. Leave a +# warning but don't fail the build. +echo "X" | grep -aob "X" -q 2>/dev/null || + { echo "$MSG_PFX Warning: grep can't do binary searches" >&2; exit 0; } + +# +# First, look for all the valid endbr64 instructions. +# A worst-case disassembly, viewed through cat -A, may look like: +# +# ffff82d040337bd4 :$ +# ffff82d040337bd4:^If3 0f 1e fa ^Iendbr64 $ +# ffff82d040337bd8:^Ieb fe ^Ijmp ffff82d040337bd8 $ +# ffff82d040337bda:^Ib8 f3 0f 1e fa ^Imov $0xfa1e0ff3,%eax$ +# +# Want to grab the address of endbr64 instructions only, ignoring function +# names/jump labels/etc, so look for 'endbr64' preceded by a tab and with any +# number of trailing spaces before the end of the line. +# +${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & + +# +# Second, look for any endbr64 byte sequence +# This has a couple of complications: +# +# 1) Grep binary search isn't VMA aware. Copy .text out as binary, causing +# the grep offset to be from the start of .text. +# +# 2) dash's printf doesn't understand hex escapes, hence the use of octal. +# +# 3) AWK can't add 64bit integers, because internally all numbers are doubles. +# When the upper bits are set, the exponents worth of precision is lost in +# the lower bits, rounding integers to the nearest 4k. +# +# Instead, use the fact that Xen's .text is within a 1G aligned region, and +# split the VMA in half so AWK's numeric addition is only working on 32 bit +# numbers, which don't lose precision. +# +eval $(${OBJDUMP} -j .text $1 -h | + awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') + +${OBJCOPY} -j .text $1 -O binary $TEXT_BIN +grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN | + awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL + +# Wait for $VALID to become complete +wait + +# Sanity check $VALID and $ALL, in case the string parsing bitrots +val_sz=$(stat -c '%s' $VALID) +all_sz=$(stat -c '%s' $ALL) +[ "$val_sz" -eq 0 ] && { echo "$MSG_PFX Error: Empty valid-addrs" >&2; exit 1; } +[ "$all_sz" -eq 0 ] && { echo "$MSG_PFX Error: Empty all-addrs" >&2; exit 1; } +[ "$all_sz" -lt "$val_sz" ] && { echo "$MSG_PFX Error: More valid-addrs than all-addrs" >&2; exit 1; } + +# $BAD = $ALL - $VALID +sort $VALID $ALL | uniq -u > $BAD +nr_bad=$(wc -l < $BAD) + +# Success +[ "$nr_bad" -eq 0 ] && exit 0 + +# Failure +echo "$MSG_PFX Fail: Found ${nr_bad} embedded endbr64 instructions" >&2 +${ADDR2LINE} -afip -e $1 < $BAD >&2 +exit 1 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278038.475079 (Exim 4.92) (envelope-from ) id 1nN9t5-0007F4-9A; Thu, 24 Feb 2022 08:54:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278038.475079; Thu, 24 Feb 2022 08:54:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9t5-0007Eu-4y; Thu, 24 Feb 2022 08:54:11 +0000 Received: by outflank-mailman (input) for mailman id 278038; Thu, 24 Feb 2022 08:54:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9t3-0007Eh-Ck for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9t3-0001Bh-B8 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9t3-0005wz-AM for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GLV8BTTq72Ryr2XqzicpZkSQA8pjVSAvOIs0BolUcn4=; b=N3dTJrTZumv5BuGPIkm7stZ7Hd 0xi+X263JHujPzQ76Hlm7FVsTMfbamWa6F60yZcGOGfVvXgePPXQkzpmlXszEPhkSyJHERULlqo02 RfPnbM7jtDEoyBBkdBCu25uFDJNqwGzO3GqrjlJJS8Ts7v0ZP13EQ9Dz57IXQcZy/n1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Thu, 24 Feb 2022 08:54:09 +0000 commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a9a371336b..f70b326553 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -888,6 +888,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -934,9 +937,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:21 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278039.475081 (Exim 4.92) (envelope-from ) id 1nN9tF-0007Hv-9e; Thu, 24 Feb 2022 08:54:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278039.475081; Thu, 24 Feb 2022 08:54:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tF-0007Hn-6h; Thu, 24 Feb 2022 08:54:21 +0000 Received: by outflank-mailman (input) for mailman id 278039; Thu, 24 Feb 2022 08:54:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tD-0007Hd-Ew for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tD-0001Bv-EB for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9tD-0005xl-DO for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CjCvJqdgVAqrjIL9v4y2oNQgYtF1fOIeMmyD6p8WYVo=; b=NTG6/hv+ryWlDnk3CTT00OH0WZ NDGcWITL2b9Xew1SmHcqZV+SPeYW2O55AmemqRk1y8X7kXjxU97kYA+huEd3PTfHWrcOxpzNNCUY2 uBFNEImHsdvN9KC/deIsgYYyrK1Z9q6Q3CBCEIdN8yBnX5FvixnV6ecZIxDLsyWvH6cI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Thu, 24 Feb 2022 08:54:19 +0000 commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 436047abe0..ec24692e95 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -333,9 +333,13 @@ static int __init cf_check nmi_apply_alternatives( */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -345,6 +349,9 @@ static int __init cf_check nmi_apply_alternatives( write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:31 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278040.475085 (Exim 4.92) (envelope-from ) id 1nN9tP-0007Kr-B4; Thu, 24 Feb 2022 08:54:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278040.475085; Thu, 24 Feb 2022 08:54:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tP-0007Kj-84; Thu, 24 Feb 2022 08:54:31 +0000 Received: by outflank-mailman (input) for mailman id 278040; Thu, 24 Feb 2022 08:54:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tN-0007KU-Hp for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tN-0001Bz-H7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9tN-0005yR-GP for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3S5darQnR2QtBbX6lHlkKGTPV/Fzd3XnAlMb0aG9P0w=; b=nbvRmVKeh/9GsSGIOftnzXDPo+ NRtUOMq2R0aQhH8tdH/sDgelUJXUSyHZke8+WGuw0x3HXONUjLGx3xArhKwmHFjPJQyKeLLu5iKUr pBaMn4azWK9IFSnQ2Ao2Br1fXRlSPhN364p+mPjiqqoRc0LGphTqW4/6UybYD1QFRK5k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Thu, 24 Feb 2022 08:54:29 +0000 commit 809beac3e7fdfd20000386453c64a1e2a3d93075 Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index d661d7ffca..edc6820b85 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -293,30 +293,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278042.475089 (Exim 4.92) (envelope-from ) id 1nN9tZ-0007Ny-CN; Thu, 24 Feb 2022 08:54:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278042.475089; Thu, 24 Feb 2022 08:54:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tZ-0007Nq-9b; Thu, 24 Feb 2022 08:54:41 +0000 Received: by outflank-mailman (input) for mailman id 278042; Thu, 24 Feb 2022 08:54:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tX-0007Nc-Ky for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tX-0001C3-K7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9tX-0005z9-JT for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i1rU8ugsfuTVlUsl2EpzeuhHeQfXH8bn3MpHklMawJw=; b=NKWQ+C/f1kWhaUBM8+8BLxOFNF lLZCn895vCwiy9svzNv56Ff72HsgAs6MX77NJvmpEjdqmgPXjlQdqd9d/DOjyiibfhrHcnJ5asmpO q/G6LAeb3sUou/BE1mhixVKSCnSobOI3l7DZSmKBjQ2KBzvQztSBTASeZJOn+Qt+vISw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Thu, 24 Feb 2022 08:54:39 +0000 commit 4046ba97446e3974a4411db227263a9f11e0aeb4 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/endbr.h | 55 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/arch/x86/include/asm/endbr.h b/xen/arch/x86/include/asm/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/arch/x86/include/asm/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:54:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:54:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278043.475093 (Exim 4.92) (envelope-from ) id 1nN9ti-0007RE-ED; Thu, 24 Feb 2022 08:54:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278043.475093; Thu, 24 Feb 2022 08:54:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ti-0007R4-B0; Thu, 24 Feb 2022 08:54:50 +0000 Received: by outflank-mailman (input) for mailman id 278043; Thu, 24 Feb 2022 08:54:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9th-0007Qy-Nv for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9th-0001C7-NE for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9th-0005zx-MR for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eFJVMHojDjF5ovrVLv40zT3xFlPMdPqc2B71LAABTMw=; b=KWQvt+ZuxB+i0gmJfO05oGlYTV S8a5jJ2H/BPQDMt2WIfXLSu1JFaOIa4tnSxqrKxbeal9aYTryEkhYTi3SaQnyvziPU2tWTLtOvW2s fa5SPrEQ1uDPnbFX3Cq0vFGV5rMeF9BMUT5cuYUaeHb05b07wuFRhns76ZyXFecSP8Tg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Thu, 24 Feb 2022 08:54:49 +0000 commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 4d1875585f..4913c4a6dd 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -129,20 +129,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init cf_check stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index c46c072f93..22b10dec2a 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -111,6 +112,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 60191a94dc..720740f29b 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278044.475097 (Exim 4.92) (envelope-from ) id 1nN9ts-0007UK-Fl; Thu, 24 Feb 2022 08:55:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278044.475097; Thu, 24 Feb 2022 08:55:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ts-0007UA-CV; Thu, 24 Feb 2022 08:55:00 +0000 Received: by outflank-mailman (input) for mailman id 278044; Thu, 24 Feb 2022 08:54:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tr-0007U1-Qw for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9tr-0001CD-QG for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9tr-00060k-PT for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:54:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jmQVvPAOgUatWO+yDCh80CXOPvdNq8lAr3vOfme7/T4=; b=MnnYRVlgXCNM3EE7sGzb0xz7ej Gb8hFavcmKXd+fptaz0hu6gOrsgOBZ3/QRoC7HEkZuRUcmPpPvp0twXVA9+EV140yoT84Ju3f8hwv GrGB1SmR95W+SWsjrHaOiqacQbQhmMrK9d8q0pymqWz+AjHTpdCDtnQIf7/6h7+rGOxk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Thu, 24 Feb 2022 08:54:59 +0000 commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/entry.S | 18 +++++++++--------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 8494b97a54..9abcf95bd0 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -288,9 +287,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp), %rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 @@ -323,6 +322,7 @@ ENTRY(cstar_enter) jmp switch_to_kernel ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index edc6820b85..fccfb7c172 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -295,6 +296,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -315,10 +322,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278045.475101 (Exim 4.92) (envelope-from ) id 1nN9u2-0007Yy-H0; Thu, 24 Feb 2022 08:55:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278045.475101; Thu, 24 Feb 2022 08:55:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9u2-0007Yq-Dw; Thu, 24 Feb 2022 08:55:10 +0000 Received: by outflank-mailman (input) for mailman id 278045; Thu, 24 Feb 2022 08:55:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9u1-0007Yk-Tt for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9u1-0001Dj-TF for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9u1-00061q-SU for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yyPSh7ptQGovI56taZ9YLISquco3HUU/mD7tTDtYR6w=; b=I/XflEaqjopLWdq2taCEEEDJW9 aBYSjMoZMzSixBPTRLDE2Bu7Ir0cti/xkyEZrDHlVTtD/xMEi6YCXeNOz7P7zQytfswRndQQam59F qezx+dC9LjiIX1eQJ98WVEJ3p/kkAed7kvs98ALq2TNECo4zDPvFlWN1Gu700OFGs0Z0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Thu, 24 Feb 2022 08:55:09 +0000 commit e702e36d1d519f4b66086650c1c47d6bac96d4b9 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 30 ++++++++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c84ff7ea64..5fd6dbbd45 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9abcf95bd0..ea6f0afbc2 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -386,6 +386,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -698,6 +699,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -872,75 +874,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -966,6 +984,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -974,6 +993,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -1102,12 +1122,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1136,7 +1158,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1146,7 +1170,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278046.475105 (Exim 4.92) (envelope-from ) id 1nN9uC-0007cB-Jl; Thu, 24 Feb 2022 08:55:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278046.475105; Thu, 24 Feb 2022 08:55:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uC-0007c3-Gv; Thu, 24 Feb 2022 08:55:20 +0000 Received: by outflank-mailman (input) for mailman id 278046; Thu, 24 Feb 2022 08:55:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uC-0007bx-0n for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uC-0001El-03 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9uB-00062W-Vc for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5OHPJw0dFp6B6EXdsEawtW6EhuNBYYKyH0h7xFWwQmE=; b=syYHZak/MyTeMT7zfcwZM/3ApA x172H6rj1Foz7+zAlyWDPUf4XhhvFDwAvYg9EnHtsjWCx/SqhFLye3tN+7BD8gDOKArAKUb5b1gLb 8/9u4k4So17UuZ+j8S0znsNayefaL7jsKtVR1LETJpAgPkC+8/pHzv8O4VQHElPJGgjA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Thu, 24 Feb 2022 08:55:19 +0000 commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/acpi/wakeup_prot.S | 38 ++++++++++++++++++++++-------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/include/asm/msr-index.h | 1 + xen/arch/x86/setup.c | 17 +++++++++++++++- 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 27f52e7a77..fa41990dde 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index c383f718f5..003222c0f1 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -190,8 +190,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 9df1959fe5..3e038db618 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -117,6 +117,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index f70b326553..bc11be5ba7 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -670,6 +670,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -693,7 +708,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278047.475109 (Exim 4.92) (envelope-from ) id 1nN9uM-0007f6-Lf; Thu, 24 Feb 2022 08:55:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278047.475109; Thu, 24 Feb 2022 08:55:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uM-0007ex-IS; Thu, 24 Feb 2022 08:55:30 +0000 Received: by outflank-mailman (input) for mailman id 278047; Thu, 24 Feb 2022 08:55:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uM-0007ep-3q for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uM-0001Ex-2x for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9uM-00063A-2J for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z+39rVndOelTwOS3SPl2suR8XZbtqo56LOOAYrSUBMI=; b=nsDL/DXerS/QOIM+frzKk8Es76 bWcEbRJDSaMI9SSZtewFhfm0XuGjOj1eGO6GGMP4d76KKcpWwFwUUVffWyv+ouKkiqT1ysvFAmDZ9 MuK7kNBX3XtniEU7zznpML2+vg9xk266LRUK/xjOvHF16ctLCCRivRQ2gqwSQnuDym/w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Thu, 24 Feb 2022 08:55:30 +0000 commit d37a8a067e62e3b6709d224c22f740fdda9d0078 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index e3ce85d118..13b0975866 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(mfn_to_maddr(efi_l4_mfn), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278048.475113 (Exim 4.92) (envelope-from ) id 1nN9uW-0007iB-Mk; Thu, 24 Feb 2022 08:55:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278048.475113; Thu, 24 Feb 2022 08:55:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uW-0007i3-Jw; Thu, 24 Feb 2022 08:55:40 +0000 Received: by outflank-mailman (input) for mailman id 278048; Thu, 24 Feb 2022 08:55:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uW-0007hv-6w for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uW-0001F7-65 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9uW-00063v-5O for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bCJAKuLSn3Inofi+NBn4I8x8XR8WOVzBagugu612mbc=; b=vmiO4YE3mAUxjjtWEqXTnwuez4 LD+98C9ahIxJubKX9Fd9COgHQksGGbtq58k5c7b6Ny34YpBhZ3R0lJUF12w8umLE5/lPDEC6xvwfF 7DcW8CIjJRk4in0kyjSK/mfRJgHIJsrrFHrgiwyAn17jfCn0Osj3Izznom5I9WCJokq0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Thu, 24 Feb 2022 08:55:40 +0000 commit cdbe2b0a1aecae946639ee080f14831429b184b6 Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 321a9abfc1..efda335652 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 2429818e60..bfedc99b92 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -348,6 +348,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index bc11be5ba7..22a9885dee 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -102,6 +102,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init cf_check parse_cet(const char *s) { const char *ss; @@ -118,6 +124,14 @@ static int __init cf_check parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1118,11 +1132,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1847,10 +1883,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:55:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:55:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278049.475117 (Exim 4.92) (envelope-from ) id 1nN9uh-0007l5-OZ; Thu, 24 Feb 2022 08:55:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278049.475117; Thu, 24 Feb 2022 08:55:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uh-0007kx-LV; Thu, 24 Feb 2022 08:55:51 +0000 Received: by outflank-mailman (input) for mailman id 278049; Thu, 24 Feb 2022 08:55:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ug-0007km-9k for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ug-0001FH-96 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ug-00064e-8M for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:55:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QJ7fe7c6jng8eqjSelwMV6Rm5Lba+Kltq4gqSK7yvdA=; b=wGNn2XsMKt/o83a5u6efVkCg6N ZAJ3HRImxtORj9b+UtFE4SY19xBKVby0+SQ3nBlK6S/BKiVkqt31tgRpuA1H5v2Z7h7GcWa1px/mO tPZUAd5OZyfjJtu+4Vef93SVjosA8yKD+XjOSYiT/AOXq7yXGKbJqxneSnJa5claAlg4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/altcall: Use __ro_after_init now that it exists Message-Id: Date: Thu, 24 Feb 2022 08:55:50 +0000 commit a0d8a94360a6337efcb5048293d527274fea1c96 Author: Andrew Cooper AuthorDate: Fri Feb 11 16:38:47 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen/altcall: Use __ro_after_init now that it exists For the !CONFIG_ALTERNATIVE_CALL case, the use of __read_mostly was only a stopgap while nothing better existed. __ro_after_init now does, so it use. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/include/xen/alternative-call.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index c2d3b70e31..5c6b9a562b 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -57,7 +57,7 @@ #define alternative_call(func, args...) (func)(args) #define alternative_vcall(func, args...) (func)(args) -#define __alt_call_maybe_initdata __read_mostly +#define __alt_call_maybe_initdata __ro_after_init #endif /* !CONFIG_ALTERNATIVE_CALL */ #endif /* XEN_ALTERNATIVE_CALL */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278050.475121 (Exim 4.92) (envelope-from ) id 1nN9ur-0007nm-QB; Thu, 24 Feb 2022 08:56:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278050.475121; Thu, 24 Feb 2022 08:56:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ur-0007nd-N9; Thu, 24 Feb 2022 08:56:01 +0000 Received: by outflank-mailman (input) for mailman id 278050; Thu, 24 Feb 2022 08:56:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uq-0007nS-Cp for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9uq-0001Fi-C4 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9uq-00065y-BI for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W6vS8aroXLK1IlyE5BoIqDceCgp/cXPCRkdg7a1EQz8=; b=bEuNvFur3wNxVr0DVxvaERj/Sm 3Y+iwRj0o0NMx6pNoIO+XIbui5D2SNqP6wLEYNn1N6ElEnZEGwm0anmNTaD71TdPXcA1ZfCvfqA+B AfU3JFaSkkxI8A+CvcI7rnaWrFiZDuuBSv4TaFH+vLaiGXn2nPf0hdCZZ8rFuMfwjbKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/altcall: Check and optimise altcall targets Message-Id: Date: Thu, 24 Feb 2022 08:56:00 +0000 commit 12e3410e071e284398e49d125e7d9cec076d00e5 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:42:48 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/altcall: Check and optimise altcall targets When converting indirect to direct calls, there is no need to execute endbr64 instructions. Detect and optimise this case, leaving a warning in the case that no endbr64 was found, as it likely indicates a build error. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index ec24692e95..ae7e646074 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -279,6 +280,28 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, if ( dest ) { + /* + * When building for CET-IBT, all function pointer targets + * should have an endbr64 instruction. + * + * If this is not the case, leave a warning because + * something is probably wrong with the build. A CET-IBT + * enabled system might have exploded already. + * + * Otherwise, skip the endbr64 instruction. This is a + * marginal perf improvement which saves on instruction + * decode bandwidth. + */ + if ( IS_ENABLED(CONFIG_HAS_CC_CET_IBT) ) + { + if ( is_endbr64(dest) ) + dest += ENDBR64_LEN; + else + printk(XENLOG_WARNING + "altcall %ps dest %ps has no endbr64\n", + orig, dest); + } + disp = dest - (orig + 5); ASSERT(disp == (int32_t)disp); *(int32_t *)(buf + 1) = disp; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278051.475125 (Exim 4.92) (envelope-from ) id 1nN9v1-0007tn-SE; Thu, 24 Feb 2022 08:56:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278051.475125; Thu, 24 Feb 2022 08:56:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9v1-0007tf-Og; Thu, 24 Feb 2022 08:56:11 +0000 Received: by outflank-mailman (input) for mailman id 278051; Thu, 24 Feb 2022 08:56:10 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9v0-0007tV-G8 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:10 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9v0-0001G5-F2 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:10 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9v0-00067b-EI for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:10 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I1kuDEqd8UA65fdOrA9Sn2GMnCRHFBeOv54eXLLAxkg=; b=4tJhCY1L3dLKnsg7veONZdMINT 3wMajKtBd65b0f3lFXcp5+YvV/xCJx7VgWu5SQd5A/qqfS0ZwjszL2w/JXzaqu+0qH7Vey7/bvO1P y4kFlpWJhPpy70X0n1LF+/GcC88q2cxcscA/FIHMcHpUMDqPS7G8tqndjKAAcZZYycDY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/altcall: Optimise away endbr64 instruction where possible Message-Id: Date: Thu, 24 Feb 2022 08:56:10 +0000 commit 37ed5da851b867ae7133720dba3cf96e83bef2e1 Author: Andrew Cooper AuthorDate: Thu Nov 4 19:36:23 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/altcall: Optimise away endbr64 instruction where possible With altcall, we convert indirect branches into direct ones. With that complete, none of the potential targets need an endbr64 instruction. Furthermore, removing the endbr64 instructions is a security defence-in-depth improvement, because it limits the options available to an attacker who has managed to hijack a function pointer. Introduce new .init.{ro,}data.cf_clobber sections. Have _apply_alternatives() walk over this, looking for any pointers into .text, and clobber an endbr64 instruction if found. This is some minor structure (ab)use but it works alarmingly well. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 38 ++++++++++++++++++++++++++++++++++++++ xen/arch/x86/xen.lds.S | 6 ++++++ xen/include/xen/init.h | 3 +++ 3 files changed, 47 insertions(+) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index ae7e646074..e19dfc6b36 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -173,6 +173,9 @@ text_poke(void *addr, const void *opcode, size_t len) return memcpy(addr, opcode, len); } +extern void *const __initdata_cf_clobber_start[]; +extern void *const __initdata_cf_clobber_end[]; + /* * Replace instructions with better alternatives for this CPU type. * This runs before SMP is initialized to avoid SMP problems with @@ -330,6 +333,41 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, add_nops(buf + a->repl_len, total_len - a->repl_len); text_poke(orig, buf, total_len); } + + /* + * Clobber endbr64 instructions now that altcall has finished optimising + * all indirect branches to direct ones. + */ + if ( force && cpu_has_xen_ibt ) + { + void *const *val; + unsigned int clobbered = 0; + + /* + * This is some minor structure (ab)use. We walk the entire contents + * of .init.{ro,}data.cf_clobber as if it were an array of pointers. + * + * If the pointer points into .text, and at an endbr64 instruction, + * nop out the endbr64. This causes the pointer to no longer be a + * legal indirect branch target under CET-IBT. This is a + * defence-in-depth measure, to reduce the options available to an + * adversary who has managed to hijack a function pointer. + */ + for ( val = __initdata_cf_clobber_start; + val < __initdata_cf_clobber_end; + val++ ) + { + void *ptr = *val; + + if ( !is_kernel_text(ptr) || !is_endbr64(ptr) ) + continue; + + add_nops(ptr, ENDBR64_LEN); + clobbered++; + } + + printk("altcall: Optimised away %u endbr64 instructions\n", clobbered); + } } void init_or_livepatch apply_alternatives(struct alt_instr *start, diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7ffecd4630..7b655df63f 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -223,6 +223,12 @@ SECTIONS *(.initcall1.init) __initcall_end = .; + . = ALIGN(POINTER_ALIGN); + __initdata_cf_clobber_start = .; + *(.init.data.cf_clobber) + *(.init.rodata.cf_clobber) + __initdata_cf_clobber_end = .; + *(.init.data) *(.init.data.rel) *(.init.data.rel.*) diff --git a/xen/include/xen/init.h b/xen/include/xen/init.h index bfe789e93f..0af0e234ec 100644 --- a/xen/include/xen/init.h +++ b/xen/include/xen/init.h @@ -18,6 +18,9 @@ #define __init_call(lvl) __used_section(".initcall" lvl ".init") #define __exit_call __used_section(".exitcall.exit") +#define __initdata_cf_clobber __section(".init.data.cf_clobber") +#define __initconst_cf_clobber __section(".init.rodata.cf_clobber") + /* These macros are used to mark some functions or * initialized data (doesn't apply to uninitialized data) * as `initialization' functions. The kernel can take this -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278052.475129 (Exim 4.92) (envelope-from ) id 1nN9vB-0007x7-VQ; Thu, 24 Feb 2022 08:56:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278052.475129; Thu, 24 Feb 2022 08:56:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vB-0007wz-SS; Thu, 24 Feb 2022 08:56:21 +0000 Received: by outflank-mailman (input) for mailman id 278052; Thu, 24 Feb 2022 08:56:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vA-0007wo-JA for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vA-0001GF-IO for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9vA-00068U-He for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TH8n/zD1RyhDS0NB0P1bRd75WAk+misgMRry78yhn28=; b=VrsuGRutro11gACsh80BmVe4Xy 3cnqrysTspIZ0/fgW93qBJ4YJ/gtqbUL3MguOrAHUwNR38V4VC0HGailfCWW1BiIiMukJ7K6yIqg8 EsleyoXUXLXC5SkYbUfmjjISpOvRvqDX21ZUeVlIaRssHztnbJe+jz0rbqGgfkoePjag=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xsm: Use __initconst_cf_clobber for xsm_ops Message-Id: Date: Thu, 24 Feb 2022 08:56:20 +0000 commit 7a7b2be4132d3b96833690ccdb637e339aea6d2e Author: Andrew Cooper AuthorDate: Thu Nov 4 19:36:23 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm: Use __initconst_cf_clobber for xsm_ops All calls through xsm_ops are fully altcall'd. Harden all function pointer targets. This yields: (XEN) altcall: Optimised away 197 endbr64 instructions of 1655 on an everything-enabled build of Xen, which is ~12%. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith --- xen/xsm/dummy.c | 2 +- xen/xsm/flask/hooks.c | 2 +- xen/xsm/silo.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 4d29a9aa5b..8c044ef615 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -13,7 +13,7 @@ #define XSM_NO_WRAPPERS #include -static const struct xsm_ops __initconstrel dummy_ops = { +static const struct xsm_ops __initconst_cf_clobber dummy_ops = { .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 63484e323c..0bf63ffa84 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1765,7 +1765,7 @@ static int cf_check flask_argo_send( #endif -static const struct xsm_ops __initconstrel flask_ops = { +static const struct xsm_ops __initconst_cf_clobber flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 4d5fc98e7e..b89b364287 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -102,7 +102,7 @@ static int cf_check silo_argo_send( #endif -static const struct xsm_ops __initconstrel silo_xsm_ops = { +static const struct xsm_ops __initconst_cf_clobber silo_xsm_ops = { .evtchn_unbound = silo_evtchn_unbound, .evtchn_interdomain = silo_evtchn_interdomain, .grant_mapref = silo_grant_mapref, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278053.475133 (Exim 4.92) (envelope-from ) id 1nN9vM-0007zt-13; Thu, 24 Feb 2022 08:56:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278053.475133; Thu, 24 Feb 2022 08:56:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vL-0007zl-U0; Thu, 24 Feb 2022 08:56:31 +0000 Received: by outflank-mailman (input) for mailman id 278053; Thu, 24 Feb 2022 08:56:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vK-0007ze-MY for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vK-0001GP-Ll for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9vK-00069I-L7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hWOSUevDfm37qgSuKN0GtSAwOMYuu5uUE3URT63itxk=; b=RmcwQrp95GedIXzvj33z5MXhUW aFsiOcdDP0Id6T/fjcNdFMTboEqIGX0BdYBzs6FxuRrwQb82i7wTRQf96wXBhuEOkEg7hLusI251I xXyI+5mYiwMPlnFAdxIeVxyXlKB+NOYpnSlakgN30wO0+mBo+BsISKp1PWKPt8FRAJqU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: Use __initdata_cf_clobber for hvm_funcs Message-Id: Date: Thu, 24 Feb 2022 08:56:30 +0000 commit 8bf7240842c765b6fa13095572aa77c38ff27acf Author: Andrew Cooper AuthorDate: Mon Feb 14 12:12:13 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/hvm: Use __initdata_cf_clobber for hvm_funcs Now that all calls through hvm_funcs are fully altcall'd, harden all the svm and vmx function pointer targets. This drops 106 endbr64 instructions. Clobbering does come with a theoretical risk. The non-pointer fields of {svm,vmx}_function_table can in theory happen to form a bit pattern matching a pointer into .text at a legal endbr64 instruction, but this is expected to be implausible for anything liable to pass code review. While at it, move hvm_funcs into __ro_after_init now that this exists. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index cdd1529014..709a4191ef 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -88,7 +88,7 @@ unsigned int opt_hvm_debug_level __read_mostly; integer_param("hvm_debug", opt_hvm_debug_level); #endif -struct hvm_function_table hvm_funcs __read_mostly; +struct hvm_function_table __ro_after_init hvm_funcs; /* * The I/O permission bitmap is globally shared by all HVM guests except diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 63535a74b5..b80d4af6cb 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2513,7 +2513,7 @@ static void cf_check svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) } } -static struct hvm_function_table __initdata svm_function_table = { +static struct hvm_function_table __initdata_cf_clobber svm_function_table = { .name = "SVM", .cpu_up_prepare = svm_cpu_up_prepare, .cpu_dead = svm_cpu_dead, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 41db538a9e..758df33218 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2473,7 +2473,7 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_exit(v); } -static struct hvm_function_table __initdata vmx_function_table = { +static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, .cpu_dead = vmx_cpu_dead, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278054.475138 (Exim 4.92) (envelope-from ) id 1nN9vW-00082f-2e; Thu, 24 Feb 2022 08:56:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278054.475138; Thu, 24 Feb 2022 08:56:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vV-00082W-VZ; Thu, 24 Feb 2022 08:56:41 +0000 Received: by outflank-mailman (input) for mailman id 278054; Thu, 24 Feb 2022 08:56:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vU-00082I-PV for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vU-0001Ga-Ol for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9vU-0006AE-O0 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NaggcGPduAxL2djcsH8A+E4hD2E/lEHZDoxsAzOY+KY=; b=vNz8YQnmAvR7oOf2U4puP4wioL 7ajVBasJTLV7qytR1ScFrDG7V/uvdFtRJJh/RZ46W7mYSwkc5Qmk2RJyAfC+waC2utO/zLOz6P1d6 Ag0jiLHcCkTYzyVKMyU5OVypSuIfbQ40GrGDJWHzxv6C729Avjk153M3+MfwS//yVYfw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ucode: Use altcall, and __initconst_cf_clobber Message-Id: Date: Thu, 24 Feb 2022 08:56:40 +0000 commit 8f473f92e531d1189b03a2e4acdf87ff0f029f30 Author: Andrew Cooper AuthorDate: Sun Nov 7 11:35:50 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/ucode: Use altcall, and __initconst_cf_clobber Microcode loading is not a fastpath, but there are control flow integrity hardening benefits from using altcall, because it allows us to clobber the endbr64 instructions on all function pointer targets. Convert the existing microcode_ops pointer into an __ro_after_init structure, and move {amd,intel}_ucode_ops into __initconst_cf_clobber. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 38 ++++++++++++++++++++------------------ xen/arch/x86/cpu/microcode/intel.c | 2 +- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index 0afa2192bf..8195707ee1 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -422,7 +422,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops amd_ucode_ops = { +const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index f84dafa826..452a7ca773 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -21,6 +21,7 @@ * 2 of the License, or (at your option) any later version. */ +#include #include #include #include @@ -214,7 +215,7 @@ scan: microcode_scan_module(module_map, mbi); } -static const struct microcode_ops __read_mostly *microcode_ops; +static struct microcode_ops __ro_after_init ucode_ops; static DEFINE_SPINLOCK(microcode_mutex); @@ -241,9 +242,9 @@ static const struct microcode_patch *nmi_patch = ZERO_BLOCK_PTR; */ static struct microcode_patch *parse_blob(const char *buf, size_t len) { - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); - return microcode_ops->cpu_request_microcode(buf, len); + return alternative_call(ucode_ops.cpu_request_microcode, buf, len); } static void microcode_free_patch(struct microcode_patch *patch) @@ -258,8 +259,8 @@ static bool microcode_update_cache(struct microcode_patch *patch) if ( !microcode_cache ) microcode_cache = patch; - else if ( microcode_ops->compare_patch(patch, - microcode_cache) == NEW_UCODE ) + else if ( alternative_call(ucode_ops.compare_patch, + patch, microcode_cache) == NEW_UCODE ) { microcode_free_patch(microcode_cache); microcode_cache = patch; @@ -311,14 +312,14 @@ static int microcode_update_cpu(const struct microcode_patch *patch) { int err; - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); spin_lock(µcode_mutex); if ( patch ) - err = microcode_ops->apply_microcode(patch); + err = alternative_call(ucode_ops.apply_microcode, patch); else if ( microcode_cache ) { - err = microcode_ops->apply_microcode(microcode_cache); + err = alternative_call(ucode_ops.apply_microcode, microcode_cache); if ( err == -EIO ) { microcode_free_patch(microcode_cache); @@ -368,7 +369,7 @@ static int primary_thread_work(const struct microcode_patch *patch) if ( !wait_for_state(LOADING_ENTER) ) return -EBUSY; - ret = microcode_ops->apply_microcode(patch); + ret = alternative_call(ucode_ops.apply_microcode, patch); if ( !ret ) atomic_inc(&cpu_updated); atomic_inc(&cpu_out); @@ -481,7 +482,7 @@ static int control_thread_fn(const struct microcode_patch *patch) } /* Control thread loads ucode first while others are in NMI handler. */ - ret = microcode_ops->apply_microcode(patch); + ret = alternative_call(ucode_ops.apply_microcode, patch); if ( !ret ) atomic_inc(&cpu_updated); atomic_inc(&cpu_out); @@ -610,7 +611,8 @@ static long cf_check microcode_update_helper(void *data) */ spin_lock(µcode_mutex); if ( microcode_cache && - microcode_ops->compare_patch(patch, microcode_cache) != NEW_UCODE ) + alternative_call(ucode_ops.compare_patch, + patch, microcode_cache) != NEW_UCODE ) { spin_unlock(µcode_mutex); printk(XENLOG_WARNING "microcode: couldn't find any newer revision " @@ -678,7 +680,7 @@ int microcode_update(XEN_GUEST_HANDLE(const_void) buf, unsigned long len) if ( len != (uint32_t)len ) return -E2BIG; - if ( microcode_ops == NULL ) + if ( !ucode_ops.apply_microcode ) return -EINVAL; buffer = xmalloc_flex_struct(struct ucode_buf, buffer, len); @@ -722,10 +724,10 @@ __initcall(microcode_init); /* Load a cached update to current cpu */ int microcode_update_one(void) { - if ( !microcode_ops ) + if ( !ucode_ops.apply_microcode ) return -EOPNOTSUPP; - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); return microcode_update_cpu(NULL); } @@ -780,22 +782,22 @@ int __init early_microcode_init(void) { case X86_VENDOR_AMD: if ( c->x86 >= 0x10 ) - microcode_ops = &amd_ucode_ops; + ucode_ops = amd_ucode_ops; break; case X86_VENDOR_INTEL: if ( c->x86 >= 6 ) - microcode_ops = &intel_ucode_ops; + ucode_ops = intel_ucode_ops; break; } - if ( !microcode_ops ) + if ( !ucode_ops.apply_microcode ) { printk(XENLOG_WARNING "Microcode loading not available\n"); return -ENODEV; } - microcode_ops->collect_cpu_info(); + alternative_vcall(ucode_ops.collect_cpu_info); if ( ucode_mod.mod_end || ucode_blob.size ) rc = early_microcode_update_cpu(); diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index d3864b5ab0..f5ba6d76d7 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -376,7 +376,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops intel_ucode_ops = { +const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:56:52 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:56:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278055.475141 (Exim 4.92) (envelope-from ) id 1nN9vg-00085h-3f; Thu, 24 Feb 2022 08:56:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278055.475141; Thu, 24 Feb 2022 08:56:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vg-00085Z-0j; Thu, 24 Feb 2022 08:56:52 +0000 Received: by outflank-mailman (input) for mailman id 278055; Thu, 24 Feb 2022 08:56:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ve-00085R-SS for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9ve-0001Gq-Rl for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9ve-0006Az-R2 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:56:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZJbdGkoGFEkOdg6HrJzEumYvXb4jbqQVE1rHk9Euxs0=; b=SugzTkBvDxoWn/xhr1SycQi15e oh0YfHDThQtDNLM7AykkcUyphUY8yupDcRtLpd15ete0wAdveZRemEi2he535eEIKXJeIjAmLatfN o2EzctSyCLlsLukJoSCqZdIZZMqbFJOeIZUz02XH6ttF5zyIBoGVOyrqOeOBOuwO6i0U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vpmu: Harden indirect branches Message-Id: Date: Thu, 24 Feb 2022 08:56:50 +0000 commit e826cf735171ad032901abdc4a1c46ecca401562 Author: Andrew Cooper AuthorDate: Tue Nov 30 21:31:55 2021 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/vpmu: Harden indirect branches As all function pointer calls are resolved to direct calls on boot, clobber the endbr64 instructions too to make life harder for an attacker which has managed to hijack a function pointer. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/vpmu_amd.c | 2 +- xen/arch/x86/cpu/vpmu_intel.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c index 5963ce9015..9bacc02ec1 100644 --- a/xen/arch/x86/cpu/vpmu_amd.c +++ b/xen/arch/x86/cpu/vpmu_amd.c @@ -518,7 +518,7 @@ static int cf_check svm_vpmu_initialise(struct vcpu *v) return 0; } -static const struct arch_vpmu_ops __initconstrel amd_vpmu_ops = { +static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = { .initialise = svm_vpmu_initialise, .do_wrmsr = amd_vpmu_do_wrmsr, .do_rdmsr = amd_vpmu_do_rdmsr, diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c index 48b81ab6f0..8612f46973 100644 --- a/xen/arch/x86/cpu/vpmu_intel.c +++ b/xen/arch/x86/cpu/vpmu_intel.c @@ -880,7 +880,7 @@ static int cf_check vmx_vpmu_initialise(struct vcpu *v) return 0; } -static const struct arch_vpmu_ops __initconstrel core2_vpmu_ops = { +static const struct arch_vpmu_ops __initconst_cf_clobber core2_vpmu_ops = { .initialise = vmx_vpmu_initialise, .do_wrmsr = core2_vpmu_do_wrmsr, .do_rdmsr = core2_vpmu_do_rdmsr, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 08:57:02 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 08:57:02 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278056.475145 (Exim 4.92) (envelope-from ) id 1nN9vq-00088X-50; Thu, 24 Feb 2022 08:57:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278056.475145; Thu, 24 Feb 2022 08:57:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vq-00088P-28; Thu, 24 Feb 2022 08:57:02 +0000 Received: by outflank-mailman (input) for mailman id 278056; Thu, 24 Feb 2022 08:57:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vo-00088D-VX for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:57:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nN9vo-0001HJ-Ul for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:57:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nN9vo-0006Be-U9 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 08:57:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xKnnB5ZYBO+ln42/vigMFFApWWCnhS88sYtz4quD/20=; b=fq7fqt4+r7i0lsQBJegvPmNS48 3Mt8MvJdn/YmlyLNNloGZ62u3ALXMVdoB3eeG2GOEjpyn3ZlB9XKVrkCsecBkt6r8I60/EfpvIbOL FNE68DI5qBFB6iiG97JK0sy0ebP6mVXukw4oVbgkDO7P+F4xaXuSNNMz1EeK1EQKnBQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/IOMMU: Use altcall, and __initconst_cf_clobber Message-Id: Date: Thu, 24 Feb 2022 08:57:00 +0000 commit f04231775c179b3424fca45d64f29e226a41a610 Author: Andrew Cooper AuthorDate: Mon Feb 21 17:09:15 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/IOMMU: Use altcall, and __initconst_cf_clobber Most IOMMU hooks are already altcall for performance reasons. Convert the rest of them so we can harden all the hooks in Control Flow Integrity configurations. This necessitates the use of iommu_{v,}call() in debug builds too. Switch to using an ASSERT() as all forms should resolve to &iommu_ops. Move the root iommu_ops from __read_mostly to __ro_after_init now that the latter exists. Since c/s 3330013e6739 ("VT-d / x86: re-arrange cache syncing"), vtd_ops is not modified and doesn't need a forward declaration, so we can use __initconst_cf_clobber for both VT-d and AMD. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/iommu.h | 10 ++++------ xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 +- xen/drivers/passthrough/iommu.c | 7 ++++--- xen/drivers/passthrough/vtd/iommu.c | 3 +-- xen/drivers/passthrough/x86/iommu.c | 4 ++-- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index 8a96ba1f09..d38c334087 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -72,18 +72,16 @@ struct arch_iommu extern struct iommu_ops iommu_ops; -#ifdef NDEBUG # include # define iommu_call(ops, fn, args...) ({ \ - (void)(ops); \ + ASSERT((ops) == &iommu_ops); \ alternative_call(iommu_ops.fn, ## args); \ }) # define iommu_vcall(ops, fn, args...) ({ \ - (void)(ops); \ + ASSERT((ops) == &iommu_ops); \ alternative_vcall(iommu_ops.fn, ## args); \ }) -#endif static inline const struct iommu_ops *iommu_get_ops(void) { @@ -106,7 +104,7 @@ int iommu_setup_hpet_msi(struct msi_desc *); static inline int iommu_adjust_irq_affinities(void) { return iommu_ops.adjust_irq_affinities - ? iommu_ops.adjust_irq_affinities() + ? iommu_call(&iommu_ops, adjust_irq_affinities) : 0; } @@ -122,7 +120,7 @@ int iommu_enable_x2apic(void); static inline void iommu_disable_x2apic(void) { if ( x2apic_enabled && iommu_ops.disable_x2apic ) - iommu_ops.disable_x2apic(); + iommu_vcall(&iommu_ops, disable_x2apic); } int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma, diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index e57f555d00..4b59a4efe9 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -628,7 +628,7 @@ static void cf_check amd_dump_page_tables(struct domain *d) hd->arch.amd.paging_mode, 0, 0); } -static const struct iommu_ops __initconstrel _iommu_ops = { +static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { .init = amd_iommu_domain_init, .hwdom_init = amd_iommu_hwdom_init, .quarantine_init = amd_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index e220fea72c..c6b2c384d1 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -540,7 +540,7 @@ int __init iommu_setup(void) int iommu_suspend() { if ( iommu_enabled ) - return iommu_get_ops()->suspend(); + return iommu_call(iommu_get_ops(), suspend); return 0; } @@ -548,7 +548,7 @@ int iommu_suspend() void iommu_resume() { if ( iommu_enabled ) - iommu_get_ops()->resume(); + iommu_vcall(iommu_get_ops(), resume); } int iommu_do_domctl( @@ -578,7 +578,8 @@ void iommu_crash_shutdown(void) return; if ( iommu_enabled ) - iommu_get_ops()->crash_shutdown(); + iommu_vcall(iommu_get_ops(), crash_shutdown); + iommu_enabled = false; #ifndef iommu_intremap iommu_intremap = iommu_intremap_off; diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 56968a06a1..6a65ba1d82 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -56,7 +56,6 @@ bool __read_mostly iommu_snoop = true; static unsigned int __read_mostly nr_iommus; -static struct iommu_ops vtd_ops; static struct tasklet vtd_fault_tasklet; static int cf_check setup_hwdom_device(u8 devfn, struct pci_dev *); @@ -2794,7 +2793,7 @@ static int __init cf_check intel_iommu_quarantine_init(struct domain *d) return rc; } -static struct iommu_ops __initdata vtd_ops = { +static const struct iommu_ops __initconst_cf_clobber vtd_ops = { .init = intel_iommu_domain_init, .hwdom_init = intel_iommu_hwdom_init, .quarantine_init = intel_iommu_quarantine_init, diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index ad5f44e13d..58a422fb5f 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -27,7 +27,7 @@ #include const struct iommu_init_ops *__initdata iommu_init_ops; -struct iommu_ops __read_mostly iommu_ops; +struct iommu_ops __ro_after_init iommu_ops; bool __read_mostly iommu_non_coherent; enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full; @@ -129,7 +129,7 @@ int iommu_enable_x2apic(void) if ( !iommu_ops.enable_x2apic ) return -EOPNOTSUPP; - return iommu_ops.enable_x2apic(); + return iommu_call(&iommu_ops, enable_x2apic); } void iommu_update_ire_from_apic( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278123.475237 (Exim 4.92) (envelope-from ) id 1nNBQn-0005G4-SA; Thu, 24 Feb 2022 10:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278123.475237; Thu, 24 Feb 2022 10:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQn-0005Fw-PH; Thu, 24 Feb 2022 10:33:05 +0000 Received: by outflank-mailman (input) for mailman id 278123; Thu, 24 Feb 2022 10:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQm-0005Fq-9t for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQm-00033Z-7L for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBQm-0005fm-6M for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c4H2V3Jzw3I3jYUSRzFYOUrHgTDO3Ou3YiqMC3SBjOU=; b=AhkVatO/rkoimfQ6WwmKTqnK8c oow1PSxnOFrDMLP08oNub7Qybl9fLejau524IH1/Zz/9Xs+rJspWhEu+AzklbOtaNlO0HZFlf8M3M mOTXUZjEXhANobiu4ayPqhbsI0/1gpO1/zoS6RBh9nHJc+YH03gMasyyzsvS/RPSXAEs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] SVM: sync VM-exit perf counters with known VM-exit reasons Message-Id: Date: Thu, 24 Feb 2022 10:33:04 +0000 commit fdeaceee7149d173327003156ac1c05863f37fc5 Author: Jan Beulich AuthorDate: Thu Feb 24 11:17:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:17:26 2022 +0100 SVM: sync VM-exit perf counters with known VM-exit reasons This has gone out of sync over time, resulting in NPF and XSETBV exits incrementing the same counter. Introduce a simplistic mechanism to hopefully keep things in better sync going forward. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/hvm/svm/vmcb.h | 2 ++ xen/arch/x86/include/asm/perfc_defn.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/svm/vmcb.h b/xen/arch/x86/include/asm/hvm/svm/vmcb.h index ed7cebea71..e87728fa81 100644 --- a/xen/arch/x86/include/asm/hvm/svm/vmcb.h +++ b/xen/arch/x86/include/asm/hvm/svm/vmcb.h @@ -302,7 +302,9 @@ enum VMEXIT_EXITCODE VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */ VMEXIT_XSETBV = 141, /* 0x8d */ VMEXIT_RDPRU = 142, /* 0x8e */ + /* Remember to also update VMEXIT_NPF_PERFC! */ VMEXIT_NPF = 1024, /* 0x400, nested paging fault */ + /* Remember to also update SVM_PERF_EXIT_REASON_SIZE! */ VMEXIT_INVALID = -1 }; diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index 896c5397f5..8a31329537 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -11,8 +11,8 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) PERFCOUNTER_ARRAY(vmexits, "vmexits", VMX_PERF_EXIT_REASON_SIZE) PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) -#define VMEXIT_NPF_PERFC 141 -#define SVM_PERF_EXIT_REASON_SIZE (1+141) +#define VMEXIT_NPF_PERFC 143 +#define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) PERFCOUNTER_ARRAY(svmexits, "SVMexits", SVM_PERF_EXIT_REASON_SIZE) #endif /* CONFIG_HVM */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278124.475241 (Exim 4.92) (envelope-from ) id 1nNBQx-0005IE-Tn; Thu, 24 Feb 2022 10:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278124.475241; Thu, 24 Feb 2022 10:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQx-0005I6-Qf; Thu, 24 Feb 2022 10:33:15 +0000 Received: by outflank-mailman (input) for mailman id 278124; Thu, 24 Feb 2022 10:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQw-0005Ht-BK for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBQw-00033h-Ac for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBQw-0005gr-9f for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D9AlchJ5RF6f1Jpdg64YFcykaCO5Fmr1suP0ETbhgkg=; b=g5JGPMvOVCE5DvWRn9UEoDbfZj RxevOXoFPjIu6Roco+tsa8/eWmlwOZP2cpodkfOXm8vTpsjmtRB1Pj54+32TcNZ25HkzFye/wiyH7 SExm4KwQOPa4tN7IuAX7uOaW0nm2ZD/gvEP1+WLYqjDI72mFcRt1Bt/gf3laZAw/9XAU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/perfc: fold HVM's VM-exit counter arrays Message-Id: Date: Thu, 24 Feb 2022 10:33:14 +0000 commit 81c416dca231d2292f52690adc64921e233bacd9 Author: Jan Beulich AuthorDate: Thu Feb 24 11:19:06 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:19:06 2022 +0100 x86/perfc: fold HVM's VM-exit counter arrays Only one of them can be in use at a time, so make the whole set union- like. While doing the rename in SVM code, combine the two perf_incra(), generalizing the range upwards of VMEXIT_NPF. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/svm/svm.c | 6 ++++-- xen/arch/x86/include/asm/perfc_defn.h | 10 +++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 8869a5de62..64a45045da 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2691,7 +2691,10 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) goto out; } - perfc_incra(svmexits, exit_reason); + perfc_incra(vmexits, + exit_reason < VMEXIT_NPF + ? exit_reason + : exit_reason - VMEXIT_NPF + VMEXIT_NPF_PERFC); hvm_maybe_deassert_evtchn_irq(); @@ -3020,7 +3023,6 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) break; case VMEXIT_NPF: - perfc_incra(svmexits, VMEXIT_NPF_PERFC); if ( cpu_has_svm_decode ) v->arch.hvm.svm.cached_insn_len = vmcb->guest_ins_len & 0xf; rc = vmcb->exitinfo1 & PFEC_page_present diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index 8a31329537..b07063b7d8 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -7,13 +7,13 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) #ifdef CONFIG_HVM #define VMX_PERF_EXIT_REASON_SIZE 65 -#define VMX_PERF_VECTOR_SIZE 0x20 -PERFCOUNTER_ARRAY(vmexits, "vmexits", VMX_PERF_EXIT_REASON_SIZE) -PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) - #define VMEXIT_NPF_PERFC 143 #define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) -PERFCOUNTER_ARRAY(svmexits, "SVMexits", SVM_PERF_EXIT_REASON_SIZE) +PERFCOUNTER_ARRAY(vmexits, "vmexits", + MAX(VMX_PERF_EXIT_REASON_SIZE, SVM_PERF_EXIT_REASON_SIZE)) + +#define VMX_PERF_VECTOR_SIZE 0x20 +PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) #endif /* CONFIG_HVM */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278125.475245 (Exim 4.92) (envelope-from ) id 1nNBR7-0005L8-VV; Thu, 24 Feb 2022 10:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278125.475245; Thu, 24 Feb 2022 10:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBR7-0005L0-SL; Thu, 24 Feb 2022 10:33:25 +0000 Received: by outflank-mailman (input) for mailman id 278125; Thu, 24 Feb 2022 10:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBR6-0005Ka-Ef for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBR6-00033w-Ds for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBR6-0005hg-Cz for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qoDDTYCNanpYauKrPIhNL5LqlpuybuhNCVjcMND5G60=; b=bxV3cJyt9HNhRiG6pD0OECFk7V NYYMTfrbARXc8O6Oy8+fASidd8El1aLZnNdU8VBh8CYiyBBmiEYPn7gCbZsJzhymAf1URIcXF0PTB FRUjEQD4eR1JlpNHEufSEhCpqCDHp4lVYT9dlbNW86RBU3RFlMrbakx0r6BzPvO6xss8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mwait-idle: re-order state entry/exit code a little Message-Id: Date: Thu, 24 Feb 2022 10:33:24 +0000 commit e67ab91fc4324418d11c941d883361a243aaa2d7 Author: Jan Beulich AuthorDate: Thu Feb 24 11:20:34 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:20:34 2022 +0100 x86/mwait-idle: re-order state entry/exit code a little The initial observation is that unlike the original ACPI idle driver we have a 2nd cpu_is_haltable() in here. By making the actual state entry conditional, the emitted trace records as well as the subsequent stats update are at least misleading in case the state wasn't actually entered. Hence they would want moving inside the conditional. At which point the cpuidle_get_tick() invocations could (and hence should) move as well. cstate_restore_tsc() also isn't needed if we didn't actually enter the state. This leaves only the errata_c6_workaround() and lapic_timer_off() invocations outside the conditional. As a result it looks easier to drop the conditional (and come back in sync with the other driver again) than to move almost everything into the conditional. While there also move the TRACE_6D() out of the IRQ-disabled region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index f76c64e04b..9efa569da3 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -847,26 +847,25 @@ static void cf_check mwait_idle(void) update_last_cx_stat(power, cx, before); - if (cpu_is_haltable(cpu)) { - if (cx->irq_enable_early) - local_irq_enable(); + if (cx->irq_enable_early) + local_irq_enable(); - mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); + mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); - local_irq_disable(); - } + local_irq_disable(); after = alternative_call(cpuidle_get_tick); cstate_restore_tsc(); trace_exit_reason(irq_traced); - TRACE_6D(TRC_PM_IDLE_EXIT, cx->type, after, - irq_traced[0], irq_traced[1], irq_traced[2], irq_traced[3]); /* Now back in C0. */ update_idle_stats(power, cx, before, after); local_irq_enable(); + TRACE_6D(TRC_PM_IDLE_EXIT, cx->type, after, + irq_traced[0], irq_traced[1], irq_traced[2], irq_traced[3]); + if (!(lapic_timer_reliable_states & (1 << cx->type))) lapic_timer_on(); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278126.475248 (Exim 4.92) (envelope-from ) id 1nNBRI-0005OI-0p; Thu, 24 Feb 2022 10:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278126.475248; Thu, 24 Feb 2022 10:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRH-0005OA-Tq; Thu, 24 Feb 2022 10:33:35 +0000 Received: by outflank-mailman (input) for mailman id 278126; Thu, 24 Feb 2022 10:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRG-0005Ns-Hf for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRG-000347-Gx for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBRG-0005ia-G7 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kYBQa+tDVWt9OhqT9Ltjyo0KzmdMVxHLOAeBzI8pVo8=; b=GgOEJovZI9apVREmTM2cXEs0lQ BwVshq+DdOpYrZEwOw5gqzhBnpB3g/ftKEUuYk/OSH80AWPME+vpfD9ENOQtiOw1YZ1OlAETvifVn Kacx+cthb0G91uex0ymd32pU8Vcsjgw4sNzFeDkDrrTJSlCAPgHE8BgtIsr4+DeDtGss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: drop NOP_DS_PREFIX Message-Id: Date: Thu, 24 Feb 2022 10:33:34 +0000 commit 73ba368e76b3d50c61933c242a90540ca1890d92 Author: Jan Beulich AuthorDate: Thu Feb 24 11:21:08 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:21:08 2022 +0100 x86: drop NOP_DS_PREFIX This wasn't really necessary to introduce: The binutils change permitting use of standalone "ds" (and "cs") in 64-bit code predates the minimum binutils version we support. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/flushtlb.c | 7 +++---- xen/arch/x86/include/asm/nops.h | 2 -- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c index 735ce00316..0c5a1de443 100644 --- a/xen/arch/x86/flushtlb.c +++ b/xen/arch/x86/flushtlb.c @@ -247,8 +247,7 @@ unsigned int flush_area_local(const void *va, unsigned int flags) { alternative("", "sfence", X86_FEATURE_CLFLUSHOPT); for ( i = 0; i < sz; i += c->x86_clflush_size ) - alternative_input(".byte " __stringify(NOP_DS_PREFIX) ";" - " clflush %0", + alternative_input("ds; clflush %0", "data16 clflush %0", /* clflushopt */ X86_FEATURE_CLFLUSHOPT, "m" (((const char *)va)[i])); @@ -298,11 +297,11 @@ void cache_writeback(const void *addr, unsigned int size) # define INPUT(addr) "a" (addr), BASE_INPUT(addr) #endif /* - * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush + * Note regarding the "ds" prefix use: it's faster to do a clflush * + prefix than a clflush + nop, and hence the prefix is added instead * of letting the alternative framework fill the gap by appending nops. */ - alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", + alternative_io_2("ds; clflush %[p]", "data16 clflush %[p]", /* clflushopt */ X86_FEATURE_CLFLUSHOPT, CLWB_ENCODING, diff --git a/xen/arch/x86/include/asm/nops.h b/xen/arch/x86/include/asm/nops.h index 1a46b97aff..2724a9862e 100644 --- a/xen/arch/x86/include/asm/nops.h +++ b/xen/arch/x86/include/asm/nops.h @@ -5,8 +5,6 @@ * Define nops for use with alternative(). */ -#define NOP_DS_PREFIX 0x3e - /* * Opteron 64bit nops * 1: nop -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278128.475253 (Exim 4.92) (envelope-from ) id 1nNBRS-0005RI-29; Thu, 24 Feb 2022 10:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278128.475253; Thu, 24 Feb 2022 10:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRR-0005RA-VL; Thu, 24 Feb 2022 10:33:45 +0000 Received: by outflank-mailman (input) for mailman id 278128; Thu, 24 Feb 2022 10:33:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRQ-0005R1-Kr for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRQ-00034K-K1 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBRQ-0005jF-J9 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UQqtXinXxRa/xgWryOaA6aQFFjmv907uHOaLmM10RQc=; b=OiCreC82Ieq1hrUPVS/Bk9JUGg HqYMd5NBufmYUlYcxMSk0dtTMNCHt7s5XQhLRLcv8lCLmen+wCyRXF2+uTWPogtdwqscp5jhTv8sP wX/uBz7/pl7h2xMc9WvDB/JrQJpviA22dv6LOjBmk2EtPDmXk+AmeTwM+8a/KJ+9T2YU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: replace more cpufeat_word() uses Message-Id: Date: Thu, 24 Feb 2022 10:33:44 +0000 commit 45f6ff12558fb96e8f2912f577b2088470bcf60e Author: Jan Beulich AuthorDate: Thu Feb 24 11:22:08 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:22:08 2022 +0100 x86/cpuid: replace more cpufeat_word() uses Complete what e3662437eb43 ("x86/cpuid: Disentangle logic for new feature leaves") has begun: "Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read." Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/cpu/common.c | 17 ++++++++--------- xen/arch/x86/efi/efi-boot.h | 4 ++-- xen/arch/x86/mpparse.c | 2 +- xen/arch/x86/tsx.c | 2 +- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index bfedc99b92..bd2207163a 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,24 +332,23 @@ void __init early_cpu_init(void) cpuid(0x00000001, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); - edx &= ~cleared_caps[cpufeat_word(X86_FEATURE_FPU)]; - ecx &= ~cleared_caps[cpufeat_word(X86_FEATURE_SSE3)]; + edx &= ~cleared_caps[FEATURESET_1d]; + ecx &= ~cleared_caps[FEATURESET_1c]; if (edx & cpufeat_mask(X86_FEATURE_CLFLUSH)) c->x86_cache_alignment = ((ebx >> 8) & 0xff) * 8; /* Leaf 0x1 capabilities filled in early for Xen. */ - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + c->x86_capability[FEATURESET_1d] = edx; + c->x86_capability[FEATURESET_1c] = ecx; printk(XENLOG_INFO "CPU Vendor: %s, Family %u (%#x), Model %u (%#x), Stepping %u (raw %08x)\n", x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86, c->x86_model, c->x86_model, c->x86_mask, eax); - if (c->cpuid_level >= 7) { - cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; - c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; - } + if (c->cpuid_level >= 7) + cpuid_count(7, 0, &eax, &ebx, + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); eax = cpuid_eax(0x80000000); if ((eax >> 16) == 0x8000 && eax >= 0x80000008) { diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index f69509a210..d91eb5a537 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -685,11 +685,11 @@ static void __init efi_arch_cpu(void) boot_tsc_stamp = rdtsc(); - caps[cpufeat_word(X86_FEATURE_HYPERVISOR)] = cpuid_ecx(1); + caps[FEATURESET_1c] = cpuid_ecx(1); if ( (eax >> 16) == 0x8000 && eax > 0x80000000 ) { - caps[cpufeat_word(X86_FEATURE_SYSCALL)] = cpuid_edx(0x80000001); + caps[FEATURESET_e1d] = cpuid_edx(0x80000001); if ( cpu_has_nx ) trampoline_efer |= EFER_NXE; diff --git a/xen/arch/x86/mpparse.c b/xen/arch/x86/mpparse.c index 8faac289ea..d8ccab2449 100644 --- a/xen/arch/x86/mpparse.c +++ b/xen/arch/x86/mpparse.c @@ -516,7 +516,7 @@ static inline void __init construct_default_ISA_mptable(int mpc_default_type) (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_mask; processor.mpc_featureflag = - boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_FPU)]; + boot_cpu_data.x86_capability[FEATURESET_1d]; processor.mpc_reserved[0] = 0; processor.mpc_reserved[1] = 0; for (i = 0; i < 2; i++) { diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index b156844cde..41b6092cfe 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -48,7 +48,7 @@ void tsx_init(void) bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) - boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] + boot_cpu_data.x86_capability[FEATURESET_7d0] = cpuid_count_edx(7, 0); if ( cpu_has_arch_caps ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 10:33:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 10:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278129.475259 (Exim 4.92) (envelope-from ) id 1nNBRc-0005UH-5g; Thu, 24 Feb 2022 10:33:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278129.475259; Thu, 24 Feb 2022 10:33:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRc-0005U5-0Y; Thu, 24 Feb 2022 10:33:56 +0000 Received: by outflank-mailman (input) for mailman id 278129; Thu, 24 Feb 2022 10:33:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRa-0005Tj-OJ for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNBRa-00034U-Na for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNBRa-0005le-Ml for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 10:33:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=B/Q4APua5EnaXkBkfiTJ8+6CUGowq7AWYV+/T5hnh7M=; b=goldrjY94Eo3CFq3m4FZah1SYX 3bn3AZ009WCX5K2AhX3FM7IDeWkAbrVF2RMQkgO53O1RhmT5DTErd619bGUliQWqsOVPATUfiWXhL T9Hag9bg6gQprhwUgvUHqv/5Vb2iPLC7+b1dtwVywLcSB5CPctd//pjJKHKAwLHbwa6c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/configure.ac: Create ZLIB_LIBS and ZLIB_CFLAGS Message-Id: Date: Thu, 24 Feb 2022 10:33:54 +0000 commit 93189e8c8b93e2c4658156e785a9b78b61e71a64 Author: Anthony PERARD AuthorDate: Thu Feb 24 11:24:49 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:24:49 2022 +0100 tools/configure.ac: Create ZLIB_LIBS and ZLIB_CFLAGS Use both ZLIB_CFLAGS and ZLIB_LIBS instead of cherry-picking flags from a single "ZLIB" variable. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross --- config/Tools.mk.in | 3 ++- tools/configure | 22 ++++++++++++++-------- tools/configure.ac | 19 ++++++++++++++----- tools/libs/guest/Makefile | 12 +++++------- 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index 934d899967..6c1a0a676f 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -66,7 +66,8 @@ CONFIG_9PFS := @ninepfs@ LINUX_BACKEND_MODULES := @LINUX_BACKEND_MODULES@ #System options -ZLIB := @zlib@ +ZLIB_CFLAGS := @ZLIB_CFLAGS@ +ZLIB_LIBS := @ZLIB_LIBS@ CONFIG_LIBICONV := @libiconv@ EXTFS_LIBS := @EXTFS_LIBS@ CURSES_LIBS := @CURSES_LIBS@ diff --git a/tools/configure b/tools/configure index 829753b5dd..a052c186a5 100755 --- a/tools/configure +++ b/tools/configure @@ -641,7 +641,8 @@ PTHREAD_LIBS PTHREAD_LDFLAGS PTHREAD_CFLAGS EXTFS_LIBS -zlib +ZLIB_LIBS +ZLIB_CFLAGS libzstd_LIBS libzstd_CFLAGS FETCHER @@ -8605,7 +8606,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "bzlib.h" "ac_cv_header_bzlib_h" "$ac_includes_default" if test "x$ac_cv_header_bzlib_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzDecompressInit in -lbz2" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzDecompressInit in -lbz2" >&5 $as_echo_n "checking for BZ2_bzDecompressInit in -lbz2... " >&6; } if ${ac_cv_lib_bz2_BZ2_bzDecompressInit+:} false; then : $as_echo_n "(cached) " >&6 @@ -8642,7 +8643,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bz2_BZ2_bzDecompressInit" >&5 $as_echo "$ac_cv_lib_bz2_BZ2_bzDecompressInit" >&6; } if test "x$ac_cv_lib_bz2_BZ2_bzDecompressInit" = xyes; then : - zlib="$zlib -DHAVE_BZLIB -lbz2" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_BZLIB" + ZLIB_LIBS="$ZLIB_LIBS -lbz2" fi @@ -8652,7 +8654,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "lzma.h" "ac_cv_header_lzma_h" "$ac_includes_default" if test "x$ac_cv_header_lzma_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzma_stream_decoder in -llzma" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzma_stream_decoder in -llzma" >&5 $as_echo_n "checking for lzma_stream_decoder in -llzma... " >&6; } if ${ac_cv_lib_lzma_lzma_stream_decoder+:} false; then : $as_echo_n "(cached) " >&6 @@ -8689,7 +8691,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzma_lzma_stream_decoder" >&5 $as_echo "$ac_cv_lib_lzma_lzma_stream_decoder" >&6; } if test "x$ac_cv_lib_lzma_lzma_stream_decoder" = xyes; then : - zlib="$zlib -DHAVE_LZMA -llzma" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZMA" + ZLIB_LIBS="$ZLIB_LIBS -llzma" fi @@ -8699,7 +8702,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "lzo/lzo1x.h" "ac_cv_header_lzo_lzo1x_h" "$ac_includes_default" if test "x$ac_cv_header_lzo_lzo1x_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_decompress in -llzo2" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_decompress in -llzo2" >&5 $as_echo_n "checking for lzo1x_decompress in -llzo2... " >&6; } if ${ac_cv_lib_lzo2_lzo1x_decompress+:} false; then : $as_echo_n "(cached) " >&6 @@ -8736,7 +8739,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo2_lzo1x_decompress" >&5 $as_echo "$ac_cv_lib_lzo2_lzo1x_decompress" >&6; } if test "x$ac_cv_lib_lzo2_lzo1x_decompress" = xyes; then : - zlib="$zlib -DHAVE_LZO1X -llzo2" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZO1X" + ZLIB_LIBS="$ZLIB_LIBS -llzo2" fi @@ -8812,10 +8816,12 @@ else libzstd_LIBS=$pkg_cv_libzstd_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - zlib="$zlib -DHAVE_ZSTD $libzstd_CFLAGS $libzstd_LIBS" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_ZSTD $libzstd_CFLAGS" + ZLIB_LIBS="$ZLIB_LIBS $libzstd_LIBS" fi + ac_fn_c_check_header_mongrel "$LINENO" "ext2fs/ext2fs.h" "ac_cv_header_ext2fs_ext2fs_h" "$ac_includes_default" if test "x$ac_cv_header_ext2fs_ext2fs_h" = xyes; then : diff --git a/tools/configure.ac b/tools/configure.ac index f29c319b42..1094d896fc 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -391,17 +391,26 @@ AX_CHECK_FETCHER # Checks for libraries. AC_CHECK_HEADER([bzlib.h], [ -AC_CHECK_LIB([bz2], [BZ2_bzDecompressInit], [zlib="$zlib -DHAVE_BZLIB -lbz2"]) + AC_CHECK_LIB([bz2], [BZ2_bzDecompressInit], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_BZLIB" + ZLIB_LIBS="$ZLIB_LIBS -lbz2"]) ]) AC_CHECK_HEADER([lzma.h], [ -AC_CHECK_LIB([lzma], [lzma_stream_decoder], [zlib="$zlib -DHAVE_LZMA -llzma"]) + AC_CHECK_LIB([lzma], [lzma_stream_decoder], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZMA" + ZLIB_LIBS="$ZLIB_LIBS -llzma"]) ]) AC_CHECK_HEADER([lzo/lzo1x.h], [ -AC_CHECK_LIB([lzo2], [lzo1x_decompress], [zlib="$zlib -DHAVE_LZO1X -llzo2"]) + AC_CHECK_LIB([lzo2], [lzo1x_decompress], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZO1X" + ZLIB_LIBS="$ZLIB_LIBS -llzo2"]) ]) PKG_CHECK_MODULES([libzstd], [libzstd], - [zlib="$zlib -DHAVE_ZSTD $libzstd_CFLAGS $libzstd_LIBS"], [true]) -AC_SUBST(zlib) + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_ZSTD $libzstd_CFLAGS" + ZLIB_LIBS="$ZLIB_LIBS $libzstd_LIBS"], + [true]) +AC_SUBST([ZLIB_CFLAGS]) +AC_SUBST([ZLIB_LIBS]) AX_CHECK_EXTFS AX_CHECK_PTHREAD AX_CHECK_PTYFUNCS diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 7f74ac0e7d..ab580e1b64 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -89,13 +89,12 @@ CFLAGS += $(CFLAGS_libxendevicemodel) CFLAGS += $(CFLAGS_libxencall) $(CFLAGS_libxenforeignmemory) ifeq ($(CONFIG_MiniOS),y) -zlib-options = -else -zlib-options = $(ZLIB) +ZLIB_CFLAGS := +ZLIB_LIBS := endif -xg_dom_bzimageloader.o: CFLAGS += $(filter -D%,$(zlib-options)) -xg_dom_bzimageloader.opic: CFLAGS += $(filter -D%,$(zlib-options)) +xg_dom_bzimageloader.o: CFLAGS += $(ZLIB_CFLAGS) +xg_dom_bzimageloader.opic: CFLAGS += $(ZLIB_CFLAGS) LIBHEADER := xenguest.h @@ -103,8 +102,7 @@ NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk -libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(filter -l%,$(zlib-options)) -libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(COMPRESSION_LIBS) -lz +libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(ZLIB_LIBS) -lz .PHONY: cleanlocal cleanlocal: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 15:00:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 15:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278368.475580 (Exim 4.92) (envelope-from ) id 1nNFbC-0005Vp-BJ; Thu, 24 Feb 2022 15:00:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278368.475580; Thu, 24 Feb 2022 15:00:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFbC-0005Vj-7N; Thu, 24 Feb 2022 15:00:06 +0000 Received: by outflank-mailman (input) for mailman id 278368; Thu, 24 Feb 2022 15:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFbA-0005Jn-9G for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFbA-0007yY-7w for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNFbA-0000Ra-6x for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GS2G3J3kFBtP8qPfwRDJ9XgdpMpEm44/3/Il9UPBQtU=; b=afDZrKibyAItCqaeRfGjAI6u6E Er549y4QQNrJqMbo9oTIdGJSy3Dfv4lyDRo0ohBkUBRuEe85duj4pM2RgSSppuH4rQ720HIemoM8d WwdyAJIqEbT5TjSfhDkTDp75qKgiAVlbCZjtumC/1PtxzOT59GVVlo6j+XHiffeACOyw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/mm: Remove always true ASSERT() in free_heap_pages() Message-Id: Date: Thu, 24 Feb 2022 15:00:04 +0000 commit f1097988b9baeb4cae38a1a71e027794291213ff Author: Julien Grall AuthorDate: Wed Feb 23 18:38:31 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 24 14:57:55 2022 +0000 xen/mm: Remove always true ASSERT() in free_heap_pages() free_heap_pages() has an ASSERT() checking that node is >= 0. However node is defined as an unsigned int. So it cannot be negative. Therefore remove the check as it will always be true. Coverity-ID: 1055631 Signed-off-by: Julien Grall Acked-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/page_alloc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 4635718237..e971bf91e0 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1441,7 +1441,6 @@ static void free_heap_pages( unsigned int zone = page_to_zone(pg); ASSERT(order <= MAX_ORDER); - ASSERT(node >= 0); spin_lock(&heap_lock); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 15:22:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 15:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278395.475628 (Exim 4.92) (envelope-from ) id 1nNFwU-00019T-0a; Thu, 24 Feb 2022 15:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278395.475628; Thu, 24 Feb 2022 15:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFwT-00019K-TY; Thu, 24 Feb 2022 15:22:05 +0000 Received: by outflank-mailman (input) for mailman id 278395; Thu, 24 Feb 2022 15:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFwS-00018Q-DY for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNFwS-0008N8-Ci for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNFwS-00020r-Bb for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vqjaiit5lru47EPw6BXkgXMI09Vml86M+ofns63XSEQ=; b=Uyehr+nuUEIO4YIjxGprmcEogh 79FYpRHx0od3bjReSC6/ZT7sGHZTFT9Cs478mc6Vixhn45+yHkgt2lUTtJBpaHJ44KbiVF0BJNd1j JSkOTV70Qpeia9G2AaVxIZxspchCW92VsOKBq6hJxEgNz31hPG0z1KqW6P6mYsm1a8Bw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: add some clarification to xenstore-migration.md Message-Id: Date: Thu, 24 Feb 2022 15:22:04 +0000 commit 20c9e4581ae3d35b776838defab424c5601310da Author: Juergen Gross AuthorDate: Thu Feb 17 12:47:26 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:18:04 2022 +0000 docs: add some clarification to xenstore-migration.md The Xenstore migration document is missing the specification that a node record must be preceded by the record of its parent node in case of live update. Add that missing part. Signed-off-by: Juergen Gross Acked-by: Julien Grall --- docs/designs/xenstore-migration.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/designs/xenstore-migration.md b/docs/designs/xenstore-migration.md index 5f1155273e..b94af7fd7c 100644 --- a/docs/designs/xenstore-migration.md +++ b/docs/designs/xenstore-migration.md @@ -316,6 +316,11 @@ a _committed_ node (globally visible in xenstored) or a _pending_ node (created or modified by a transaction for which there is also a `TRANSACTION_DATA` record previously present). +Each _committed_ node in the stream is required to have an already known parent +node. A parent node is known if it was either in the node data base before the +stream was started to be processed, or if a `NODE_DATA` record for that parent +node has already been processed in the stream. + ``` 0 1 2 3 octet -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 15:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 15:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278419.475654 (Exim 4.92) (envelope-from ) id 1nNG78-0003Xu-A3; Thu, 24 Feb 2022 15:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278419.475654; Thu, 24 Feb 2022 15:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG78-0003Xm-7B; Thu, 24 Feb 2022 15:33:06 +0000 Received: by outflank-mailman (input) for mailman id 278419; Thu, 24 Feb 2022 15:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG77-0003Xg-2b for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG77-00007U-0t for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNG76-0002ne-WC for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OaDwKX2ACeJ7r1ZAnwdpWBC+JdAHAR4ixvc8KWo1YvE=; b=wHjJCp+o6/aIwhC7oHqFQGh0sX CKDPgHfuKzmb/qxIzDcTFjTArD8DiaFT5Odn121T1XRIqYUHPFzhrHZxxR4pPeGQ7qqpoeCTjSLNT g/YZusIfHkAImyBdiERoocCVR8yn9BOdAOJ0Od+yGM50MKgf3NUpXco9nhe5cDrAFzhE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Rename psr_mode_is_32bit to regs_mode_is_32bit Message-Id: Date: Thu, 24 Feb 2022 15:33:04 +0000 commit 526731c559f7f53543a3dbcc65b1d16b2bc48678 Author: Michal Orzel AuthorDate: Tue Feb 22 11:56:12 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:21:17 2022 +0000 xen/arm: Rename psr_mode_is_32bit to regs_mode_is_32bit Commit aa2f5aefa8de ("xen/arm: Rework psr_mode_is_32bit()") modified the function to take a struct cpu_user_regs instead of psr. Perform renaming of psr_mode_is_32bit to regs_mode_is_32bit to reflect that change. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/include/asm/regs.h | 2 +- xen/arch/arm/traps.c | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/include/asm/regs.h b/xen/arch/arm/include/asm/regs.h index ec091a28a2..04e821138a 100644 --- a/xen/arch/arm/include/asm/regs.h +++ b/xen/arch/arm/include/asm/regs.h @@ -13,7 +13,7 @@ #define psr_mode(psr,m) (((psr) & PSR_MODE_MASK) == m) -static inline bool psr_mode_is_32bit(const struct cpu_user_regs *regs) +static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) { #ifdef CONFIG_ARM_32 return true; diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 9339d12f58..0db8e42d65 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -896,7 +896,7 @@ static void _show_registers(const struct cpu_user_regs *regs, if ( guest_mode ) { - if ( psr_mode_is_32bit(regs) ) + if ( regs_mode_is_32bit(regs) ) show_registers_32(regs, ctxt, guest_mode, v); #ifdef CONFIG_ARM_64 else @@ -1631,7 +1631,7 @@ int check_conditional_instr(struct cpu_user_regs *regs, const union hsr hsr) { unsigned long it; - BUG_ON( !psr_mode_is_32bit(regs) || !(cpsr & PSR_THUMB) ); + BUG_ON( !regs_mode_is_32bit(regs) || !(cpsr & PSR_THUMB) ); it = ( (cpsr >> (10-2)) & 0xfc) | ((cpsr >> 25) & 0x3 ); @@ -1656,7 +1656,7 @@ int check_conditional_instr(struct cpu_user_regs *regs, const union hsr hsr) void advance_pc(struct cpu_user_regs *regs, const union hsr hsr) { register_t itbits, cond, cpsr = regs->cpsr; - bool is_thumb = psr_mode_is_32bit(regs) && (cpsr & PSR_THUMB); + bool is_thumb = regs_mode_is_32bit(regs) && (cpsr & PSR_THUMB); if ( is_thumb && (cpsr & PSR_IT_MASK) ) { @@ -2098,37 +2098,37 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) advance_pc(regs, hsr); break; case HSR_EC_CP15_32: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp15_32); do_cp15_32(regs, hsr); break; case HSR_EC_CP15_64: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp15_64); do_cp15_64(regs, hsr); break; case HSR_EC_CP14_32: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_32); do_cp14_32(regs, hsr); break; case HSR_EC_CP14_64: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_64); do_cp14_64(regs, hsr); break; case HSR_EC_CP14_DBG: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_dbg); do_cp14_dbg(regs, hsr); break; case HSR_EC_CP10: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp10); do_cp10(regs, hsr); break; case HSR_EC_CP: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp); do_cp(regs, hsr); break; @@ -2139,7 +2139,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) * ARMv7 (DDI 0406C.b): B1.14.8 * ARMv8 (DDI 0487A.d): D1-1501 Table D1-44 */ - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_smc32); do_trap_smc(regs, hsr); break; @@ -2147,7 +2147,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) { register_t nr; - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_hvc32); #ifndef NDEBUG if ( (hsr.iss & 0xff00) == 0xff00 ) @@ -2162,7 +2162,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) } #ifdef CONFIG_ARM_64 case HSR_EC_HVC64: - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_hvc64); #ifndef NDEBUG if ( (hsr.iss & 0xff00) == 0xff00 ) @@ -2178,12 +2178,12 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) * * ARMv8 (DDI 0487A.d): D1-1501 Table D1-44 */ - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_smc64); do_trap_smc(regs, hsr); break; case HSR_EC_SYSREG: - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_sysreg); do_sysreg(regs, hsr); break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 15:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 15:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278420.475658 (Exim 4.92) (envelope-from ) id 1nNG7I-0003aC-CT; Thu, 24 Feb 2022 15:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278420.475658; Thu, 24 Feb 2022 15:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG7I-0003a4-8b; Thu, 24 Feb 2022 15:33:16 +0000 Received: by outflank-mailman (input) for mailman id 278420; Thu, 24 Feb 2022 15:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG7H-0003Zs-54 for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNG7H-00007k-4B for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNG7H-0002op-3H for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 15:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kRVQ61HPIsAc7wGBmyL/lRj0JrKuOBT9+0o5KZpWyQs=; b=08fqIju7WSorluAwF8QlTk/TbP t80IWTy64IhDvDDjESa4QGFQ4rJJZm/UL08QBKzCorverJjXUam+go5EYHFxIQwcvCV39d9Qjjq4z 8JMklSnHVTtPnr3u+swuUGeHj3bVUH7fcxsSdPG69QaIf3ein18QHIeLGZsSM0bdmrkQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Rename psr_mode_is_user to regs_mode_is_user Message-Id: Date: Thu, 24 Feb 2022 15:33:15 +0000 commit 66b467a0e86daff8caa2b571871b1cb96633df45 Author: Michal Orzel AuthorDate: Tue Feb 22 11:56:13 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:21:17 2022 +0000 xen/arm: Rename psr_mode_is_user to regs_mode_is_user Perform renaming of psr_mode_is_user to regs_mode_is_user in order to reflect that it takes struct cpu_user_regs as a parameter and not psr. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 4 ++-- xen/arch/arm/include/asm/regs.h | 4 ++-- xen/arch/arm/traps.c | 12 ++++++------ xen/arch/arm/vcpreg.c | 4 ++-- xen/arch/arm/vtimer.c | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index cf55544081..758750983c 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -91,7 +91,7 @@ void do_sysreg(struct cpu_user_regs *regs, * ARMv8 (DDI 0487A.d): D7.2.1 */ case HSR_SYSREG_ACTLR_EL1: - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( hsr.sysreg.read ) set_user_reg(regs, regidx, v->arch.actlr); @@ -206,7 +206,7 @@ void do_sysreg(struct cpu_user_regs *regs, return handle_raz_wi(regs, regidx, hsr.sysreg.read, hsr, 1); case HSR_SYSREG_PMUSERENR_EL0: /* RO at EL0. RAZ/WI at EL1 */ - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return handle_ro_raz(regs, regidx, hsr.sysreg.read, hsr, 0); else return handle_raz_wi(regs, regidx, hsr.sysreg.read, hsr, 1); diff --git a/xen/arch/arm/include/asm/regs.h b/xen/arch/arm/include/asm/regs.h index 04e821138a..794721a103 100644 --- a/xen/arch/arm/include/asm/regs.h +++ b/xen/arch/arm/include/asm/regs.h @@ -33,7 +33,7 @@ static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) #ifdef CONFIG_ARM_32 #define hyp_mode(r) psr_mode((r)->cpsr,PSR_MODE_HYP) -#define psr_mode_is_user(r) usr_mode(r) +#define regs_mode_is_user(r) usr_mode(r) #else #define hyp_mode(r) (psr_mode((r)->cpsr,PSR_MODE_EL2h) || \ psr_mode((r)->cpsr,PSR_MODE_EL2t)) @@ -42,7 +42,7 @@ static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) * Trap may have been taken from EL0, which might be in AArch32 usr * mode, or in AArch64 mode (PSR_MODE_EL0t). */ -#define psr_mode_is_user(r) \ +#define regs_mode_is_user(r) \ (psr_mode((r)->cpsr,PSR_MODE_EL0t) || usr_mode(r)) #endif diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 0db8e42d65..7a1b679b8c 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -561,7 +561,7 @@ static void inject_abt64_exception(struct cpu_user_regs *regs, .len = instr_len, }; - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) esr.ec = prefetch ? HSR_EC_INSTR_ABORT_LOWER_EL : HSR_EC_DATA_ABORT_LOWER_EL; else @@ -1193,7 +1193,7 @@ void vcpu_show_execution_state(struct vcpu *v) vcpu_pause(v); /* acceptably dangerous */ vcpu_show_registers(v); - if ( !psr_mode_is_user(&v->arch.cpu_info->guest_cpu_user_regs) ) + if ( !regs_mode_is_user(&v->arch.cpu_info->guest_cpu_user_regs) ) show_guest_stack(v, &v->arch.cpu_info->guest_cpu_user_regs); vcpu_unpause(v); @@ -1560,7 +1560,7 @@ enum mc_disposition arch_do_multicall_call(struct mc_state *state) multi->args[2], multi->args[3], multi->args[4]); - return likely(!psr_mode_is_user(guest_cpu_user_regs())) + return likely(!regs_mode_is_user(guest_cpu_user_regs())) ? mc_continue : mc_preempt; } @@ -1699,7 +1699,7 @@ void handle_raz_wi(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( read ) @@ -1718,7 +1718,7 @@ void handle_wo_wi(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( read ) @@ -1738,7 +1738,7 @@ void handle_ro_read_val(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( !read ) diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index dfc18d12ff..b5fbbe1cb8 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -224,7 +224,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) * ARMv8 (DDI 0487A.d): G6.2.1 */ case HSR_CPREG32(ACTLR): - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( cp32.read ) set_user_reg(regs, regidx, v->arch.actlr); @@ -296,7 +296,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) */ case HSR_CPREG32(PMUSERENR): /* RO at EL0. RAZ/WI at EL1 */ - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return handle_ro_raz(regs, regidx, cp32.read, hsr, 0); else return handle_raz_wi(regs, regidx, cp32.read, hsr, 1); diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 0196951af4..5bb5970f58 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -36,7 +36,7 @@ * CNTKCTL_EL1_ bit name which gates user access */ #define ACCESS_ALLOWED(regs, user_gate) \ - ( !psr_mode_is_user(regs) || \ + ( !regs_mode_is_user(regs) || \ (READ_SYSREG(CNTKCTL_EL1) & CNTKCTL_EL1_##user_gate) ) static void phys_timer_expired(void *data) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 17:44:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 17:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278566.475871 (Exim 4.92) (envelope-from ) id 1nNI9t-00026b-W5; Thu, 24 Feb 2022 17:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278566.475871; Thu, 24 Feb 2022 17:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNI9t-00026T-TF; Thu, 24 Feb 2022 17:44:05 +0000 Received: by outflank-mailman (input) for mailman id 278566; Thu, 24 Feb 2022 17:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNI9s-00026N-Iu for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 17:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNI9s-00035T-HF for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 17:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNI9s-00017H-GG for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 17:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sNmRMTlsArQ94VUaANsnm8zWdJDs9uCvO3Cf9GK9Q+I=; b=o9rquqaJTq3gBXobYi5yztKtjk YavO/ykGrBmjAECmlLb0e5jJGHVdGWDcC8jlqUu3mObtEJvB0BNMYqMY4fdXwqPrp20wxVr05VgtX FA3eUjLamNj8XGWiFJqiinolb65kAZSGcUa4yTAcPFExxKl3wue4WEOVFMRRLiL4UMHc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/mm: pg_offlined can be defined as bool in free_heap_pages() Message-Id: Date: Thu, 24 Feb 2022 17:44:04 +0000 commit 9ba4c529985a1773852069889a5b53f2ed26c408 Author: Julien Grall AuthorDate: Wed Feb 23 19:08:33 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 24 17:32:43 2022 +0000 xen/mm: pg_offlined can be defined as bool in free_heap_pages() The local variable pg_offlined in free_heap_pages() can only take two values. So switch it to a bool. Fixes: 289610483fc43 ("mm: fix broken tainted value in mark_page_free") Signed-off-by: Julien Grall Acked-by: Andrew Cooper --- xen/common/page_alloc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e971bf91e0..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1437,8 +1437,9 @@ static void free_heap_pages( { unsigned long mask; mfn_t mfn = page_to_mfn(pg); - unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), pg_offlined = 0; + unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)); unsigned int zone = page_to_zone(pg); + bool pg_offlined = false; ASSERT(order <= MAX_ORDER); @@ -1447,7 +1448,7 @@ static void free_heap_pages( for ( i = 0; i < (1 << order); i++ ) { if ( mark_page_free(&pg[i], mfn_add(mfn, i)) ) - pg_offlined = 1; + pg_offlined = true; if ( need_scrub ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Feb 24 18:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Feb 2022 18:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278586.475896 (Exim 4.92) (envelope-from ) id 1nNJGZ-0001Oc-Ff; Thu, 24 Feb 2022 18:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278586.475896; Thu, 24 Feb 2022 18:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNJGZ-0001OU-Ci; Thu, 24 Feb 2022 18:55:03 +0000 Received: by outflank-mailman (input) for mailman id 278586; Thu, 24 Feb 2022 18:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNJGY-0001NV-7Y for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 18:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNJGY-0004M7-6g for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 18:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNJGY-0006WX-5b for xen-changelog@lists.xenproject.org; Thu, 24 Feb 2022 18:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d8xr/Na7TLg5ZOvWKN5PwbrdOROnvgW0PuR7jKY+MmU=; b=YMLAFRwL5k3A/v4hx3PsJYJxpu 1f2+gkMmqq45VuySjMcOTrbxDG+xrI5J4Kw/weFG9ipim0nFF5H93k2Z01Mzmv9lD0evAsPgc2MOt b2yltl/IK0d42xn75MTNgA3sFrZzbR3/KfC5+7sOSrBhr3GdntC3NPiKdcfSYBX8ceSY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: Drop get_shadow_gs_base() hook and use hvm_get_reg() Message-Id: Date: Thu, 24 Feb 2022 18:55:02 +0000 commit fe60fab0424b93c6688d285bd7995226a96937d4 Author: Andrew Cooper AuthorDate: Fri Jan 21 03:47:05 2022 +0000 Commit: Andrew Cooper CommitDate: Wed Feb 23 17:54:30 2022 +0000 x86/hvm: Drop get_shadow_gs_base() hook and use hvm_get_reg() This is a trivial accessor for an MSR, so use hvm_get_reg() rather than a dedicated hook. In arch_get_info_guest(), rework the logic to read GS_SHADOW only once. get_hvm_registers() is called on current, meaning that diagnostics print a stale GS_SHADOW from the previous vcpu context switch. Adjust both implementations to obtain the correct value. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/domctl.c | 8 ++++++-- xen/arch/x86/hvm/svm/svm.c | 12 ++++++------ xen/arch/x86/hvm/vmx/vmx.c | 13 +++++++------ xen/arch/x86/include/asm/hvm/hvm.h | 7 ------- xen/arch/x86/x86_64/traps.c | 2 +- 5 files changed, 20 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 7d102e0647..e49f9e91b9 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1447,6 +1447,7 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c) if ( is_hvm_domain(d) ) { struct segment_register sreg; + unsigned long gs_shadow; c.nat->ctrlreg[0] = v->arch.hvm.guest_cr[0]; c.nat->ctrlreg[2] = v->arch.hvm.guest_cr[2]; @@ -1465,15 +1466,18 @@ void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c) c.nat->fs_base = sreg.base; hvm_get_segment_register(v, x86_seg_gs, &sreg); c.nat->user_regs.gs = sreg.sel; + + gs_shadow = hvm_get_reg(v, MSR_SHADOW_GS_BASE); + if ( ring_0(&c.nat->user_regs) ) { c.nat->gs_base_kernel = sreg.base; - c.nat->gs_base_user = hvm_get_shadow_gs_base(v); + c.nat->gs_base_user = gs_shadow; } else { c.nat->gs_base_user = sreg.base; - c.nat->gs_base_kernel = hvm_get_shadow_gs_base(v); + c.nat->gs_base_kernel = gs_shadow; } } else diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index b80d4af6cb..8869a5de62 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -756,11 +756,6 @@ static void cf_check svm_set_segment_register( } } -static unsigned long cf_check svm_get_shadow_gs_base(struct vcpu *v) -{ - return v->arch.hvm.svm.vmcb->kerngsbase; -} - static int cf_check svm_set_guest_pat(struct vcpu *v, u64 gpat) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -2479,6 +2474,7 @@ static bool cf_check svm_get_pending_event( static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) { + struct vcpu *curr = current; const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; @@ -2487,6 +2483,11 @@ static uint64_t cf_check svm_get_reg(struct vcpu *v, unsigned int reg) case MSR_SPEC_CTRL: return vmcb->spec_ctrl; + case MSR_SHADOW_GS_BASE: + if ( v == curr ) + svm_sync_vmcb(v, vmcb_in_sync); + return vmcb->kerngsbase; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2530,7 +2531,6 @@ static struct hvm_function_table __initdata_cf_clobber svm_function_table = { .get_cpl = svm_get_cpl, .get_segment_register = svm_get_segment_register, .set_segment_register = svm_set_segment_register, - .get_shadow_gs_base = svm_get_shadow_gs_base, .update_guest_cr = svm_update_guest_cr, .update_guest_efer = svm_update_guest_efer, .cpuid_policy_changed = svm_cpuid_policy_changed, diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 758df33218..c075370f64 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1176,11 +1176,6 @@ static void cf_check vmx_set_segment_register( vmx_vmcs_exit(v); } -static unsigned long cf_check vmx_get_shadow_gs_base(struct vcpu *v) -{ - return v->arch.hvm.vmx.shadow_gs; -} - static int cf_check vmx_set_guest_pat(struct vcpu *v, u64 gpat) { if ( !paging_mode_hap(v->domain) || @@ -2401,6 +2396,7 @@ static int cf_check vmtrace_reset(struct vcpu *v) static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) { + const struct vcpu *curr = current; struct domain *d = v->domain; uint64_t val = 0; int rc; @@ -2417,6 +2413,12 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + + case MSR_SHADOW_GS_BASE: + if ( v != curr ) + return v->arch.hvm.vmx.shadow_gs; + rdmsrl(MSR_SHADOW_GS_BASE, val); + return val; } /* Logic which maybe requires remote VMCS acquisition. */ @@ -2489,7 +2491,6 @@ static struct hvm_function_table __initdata_cf_clobber vmx_function_table = { .get_cpl = _vmx_get_cpl, .get_segment_register = vmx_get_segment_register, .set_segment_register = vmx_set_segment_register, - .get_shadow_gs_base = vmx_get_shadow_gs_base, .update_host_cr3 = vmx_update_host_cr3, .update_guest_cr = vmx_update_guest_cr, .update_guest_efer = vmx_update_guest_efer, diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index b44bbdeb21..5b7ec0cf69 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -128,7 +128,6 @@ struct hvm_function_table { struct segment_register *reg); void (*set_segment_register)(struct vcpu *v, enum x86_segment seg, struct segment_register *reg); - unsigned long (*get_shadow_gs_base)(struct vcpu *v); /* * Re-set the value of CR3 that Xen runs on when handling VM exits. @@ -469,11 +468,6 @@ hvm_get_cpl(struct vcpu *v) return alternative_call(hvm_funcs.get_cpl, v); } -static inline unsigned long hvm_get_shadow_gs_base(struct vcpu *v) -{ - return alternative_call(hvm_funcs.get_shadow_gs_base, v); -} - #define has_hvm_params(d) \ ((d)->arch.hvm.params != NULL) @@ -759,7 +753,6 @@ void hvm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val); * needed because DCE will kick in. */ int hvm_guest_x86_mode(struct vcpu *v); -unsigned long hvm_get_shadow_gs_base(struct vcpu *v); void hvm_cpuid_policy_changed(struct vcpu *v); void hvm_set_tsc_offset(struct vcpu *v, uint64_t offset, uint64_t at_tsc); diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index fccfb7c172..9d7f1f818b 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -80,7 +80,7 @@ static void get_hvm_registers(struct vcpu *v, struct cpu_user_regs *regs, hvm_get_segment_register(v, x86_seg_ss, &sreg); regs->ss = sreg.sel; - crs[7] = hvm_get_shadow_gs_base(v); + crs[7] = hvm_get_reg(v, MSR_SHADOW_GS_BASE); } static void _show_registers( -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278726.476080 (Exim 4.92) (envelope-from ) id 1nNRlz-0004ei-5l; Fri, 25 Feb 2022 04:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278726.476080; Fri, 25 Feb 2022 04:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRlz-0004eN-1p; Fri, 25 Feb 2022 04:00:03 +0000 Received: by outflank-mailman (input) for mailman id 278726; Fri, 25 Feb 2022 04:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRlx-0004RK-Nq for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRlx-0007ty-Ln for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRlx-00043H-Ka for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cZ9aeBkvf+lPPa59iv2TeYgV/pvg4nifUuUT14y+LbA=; b=A90zUALkE2nn/ZsxQu/G5YV1/V 9ty7TLOnwJdBrMNA1822uCkQXPgcIDtkPOaYq9kwylbIQM3W5lci/jqExycLibACJo3wLbJB44Nxg wvBKxVHD/3KbyB2VArhdcTz3YH+TKBUqTSBuq1VV3baenDcYa2gaInedwvEsNEX58Z74=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] SVM: sync VM-exit perf counters with known VM-exit reasons Message-Id: Date: Fri, 25 Feb 2022 04:00:01 +0000 commit fdeaceee7149d173327003156ac1c05863f37fc5 Author: Jan Beulich AuthorDate: Thu Feb 24 11:17:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:17:26 2022 +0100 SVM: sync VM-exit perf counters with known VM-exit reasons This has gone out of sync over time, resulting in NPF and XSETBV exits incrementing the same counter. Introduce a simplistic mechanism to hopefully keep things in better sync going forward. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/include/asm/hvm/svm/vmcb.h | 2 ++ xen/arch/x86/include/asm/perfc_defn.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/svm/vmcb.h b/xen/arch/x86/include/asm/hvm/svm/vmcb.h index ed7cebea71..e87728fa81 100644 --- a/xen/arch/x86/include/asm/hvm/svm/vmcb.h +++ b/xen/arch/x86/include/asm/hvm/svm/vmcb.h @@ -302,7 +302,9 @@ enum VMEXIT_EXITCODE VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */ VMEXIT_XSETBV = 141, /* 0x8d */ VMEXIT_RDPRU = 142, /* 0x8e */ + /* Remember to also update VMEXIT_NPF_PERFC! */ VMEXIT_NPF = 1024, /* 0x400, nested paging fault */ + /* Remember to also update SVM_PERF_EXIT_REASON_SIZE! */ VMEXIT_INVALID = -1 }; diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index 896c5397f5..8a31329537 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -11,8 +11,8 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) PERFCOUNTER_ARRAY(vmexits, "vmexits", VMX_PERF_EXIT_REASON_SIZE) PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) -#define VMEXIT_NPF_PERFC 141 -#define SVM_PERF_EXIT_REASON_SIZE (1+141) +#define VMEXIT_NPF_PERFC 143 +#define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) PERFCOUNTER_ARRAY(svmexits, "SVMexits", SVM_PERF_EXIT_REASON_SIZE) #endif /* CONFIG_HVM */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278727.476084 (Exim 4.92) (envelope-from ) id 1nNRm9-0005AW-6T; Fri, 25 Feb 2022 04:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278727.476084; Fri, 25 Feb 2022 04:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRm9-0005AO-3N; Fri, 25 Feb 2022 04:00:13 +0000 Received: by outflank-mailman (input) for mailman id 278727; Fri, 25 Feb 2022 04:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRm7-0005AB-Q6 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRm7-00082F-PD for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRm7-00045X-OH for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d5zHCHS3GSRZYZO1ol5d6F2VHpiuZHa4DIt7wiam4t4=; b=WnLa9b+CzrKK+43c75FLNsYz3B AdtfOuImDbVOEoJKvUC2VHtkzjpz3KHclaRpzhKS93i9rzEeIuQo9fTUdxYqyY75b9XTCwg3M6Ott +TTb2t29nxx0unOIos7TC2Yro6W0suLGC7ylzIHoigbhkejxI5Ee7Bi6DT3lixqS+1iE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/perfc: fold HVM's VM-exit counter arrays Message-Id: Date: Fri, 25 Feb 2022 04:00:11 +0000 commit 81c416dca231d2292f52690adc64921e233bacd9 Author: Jan Beulich AuthorDate: Thu Feb 24 11:19:06 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:19:06 2022 +0100 x86/perfc: fold HVM's VM-exit counter arrays Only one of them can be in use at a time, so make the whole set union- like. While doing the rename in SVM code, combine the two perf_incra(), generalizing the range upwards of VMEXIT_NPF. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/svm/svm.c | 6 ++++-- xen/arch/x86/include/asm/perfc_defn.h | 10 +++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 8869a5de62..64a45045da 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2691,7 +2691,10 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) goto out; } - perfc_incra(svmexits, exit_reason); + perfc_incra(vmexits, + exit_reason < VMEXIT_NPF + ? exit_reason + : exit_reason - VMEXIT_NPF + VMEXIT_NPF_PERFC); hvm_maybe_deassert_evtchn_irq(); @@ -3020,7 +3023,6 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) break; case VMEXIT_NPF: - perfc_incra(svmexits, VMEXIT_NPF_PERFC); if ( cpu_has_svm_decode ) v->arch.hvm.svm.cached_insn_len = vmcb->guest_ins_len & 0xf; rc = vmcb->exitinfo1 & PFEC_page_present diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h index 8a31329537..b07063b7d8 100644 --- a/xen/arch/x86/include/asm/perfc_defn.h +++ b/xen/arch/x86/include/asm/perfc_defn.h @@ -7,13 +7,13 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) #ifdef CONFIG_HVM #define VMX_PERF_EXIT_REASON_SIZE 65 -#define VMX_PERF_VECTOR_SIZE 0x20 -PERFCOUNTER_ARRAY(vmexits, "vmexits", VMX_PERF_EXIT_REASON_SIZE) -PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) - #define VMEXIT_NPF_PERFC 143 #define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) -PERFCOUNTER_ARRAY(svmexits, "SVMexits", SVM_PERF_EXIT_REASON_SIZE) +PERFCOUNTER_ARRAY(vmexits, "vmexits", + MAX(VMX_PERF_EXIT_REASON_SIZE, SVM_PERF_EXIT_REASON_SIZE)) + +#define VMX_PERF_VECTOR_SIZE 0x20 +PERFCOUNTER_ARRAY(cause_vector, "cause vector", VMX_PERF_VECTOR_SIZE) #endif /* CONFIG_HVM */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278728.476088 (Exim 4.92) (envelope-from ) id 1nNRmJ-0005Cf-87; Fri, 25 Feb 2022 04:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278728.476088; Fri, 25 Feb 2022 04:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmJ-0005CX-4u; Fri, 25 Feb 2022 04:00:23 +0000 Received: by outflank-mailman (input) for mailman id 278728; Fri, 25 Feb 2022 04:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmH-0005CJ-TT for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmH-00082q-Sh for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRmH-000473-Rc for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XGa6hxPUVVn94qsUYdc576x8WO/uQTsTC6dcMItDZoI=; b=JdHkjQhz2PX6ZIYO87j1y9cmWW Dx8q1Uzwz/F7hag8mvJ3Si6flVi6krpOy/W+V6gO+zo/qOO19wer7PhV5XTWM2kD1TdBgbU0inKaN HwmNCeJbrsDaN64TBF69P8bWuRPa5jDCTJxIB3Hw8FcFe2BVIPlG3N2ZJ4JPMnm3UCiQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mwait-idle: re-order state entry/exit code a little Message-Id: Date: Fri, 25 Feb 2022 04:00:21 +0000 commit e67ab91fc4324418d11c941d883361a243aaa2d7 Author: Jan Beulich AuthorDate: Thu Feb 24 11:20:34 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:20:34 2022 +0100 x86/mwait-idle: re-order state entry/exit code a little The initial observation is that unlike the original ACPI idle driver we have a 2nd cpu_is_haltable() in here. By making the actual state entry conditional, the emitted trace records as well as the subsequent stats update are at least misleading in case the state wasn't actually entered. Hence they would want moving inside the conditional. At which point the cpuidle_get_tick() invocations could (and hence should) move as well. cstate_restore_tsc() also isn't needed if we didn't actually enter the state. This leaves only the errata_c6_workaround() and lapic_timer_off() invocations outside the conditional. As a result it looks easier to drop the conditional (and come back in sync with the other driver again) than to move almost everything into the conditional. While there also move the TRACE_6D() out of the IRQ-disabled region. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/cpu/mwait-idle.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index f76c64e04b..9efa569da3 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -847,26 +847,25 @@ static void cf_check mwait_idle(void) update_last_cx_stat(power, cx, before); - if (cpu_is_haltable(cpu)) { - if (cx->irq_enable_early) - local_irq_enable(); + if (cx->irq_enable_early) + local_irq_enable(); - mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); + mwait_idle_with_hints(cx->address, MWAIT_ECX_INTERRUPT_BREAK); - local_irq_disable(); - } + local_irq_disable(); after = alternative_call(cpuidle_get_tick); cstate_restore_tsc(); trace_exit_reason(irq_traced); - TRACE_6D(TRC_PM_IDLE_EXIT, cx->type, after, - irq_traced[0], irq_traced[1], irq_traced[2], irq_traced[3]); /* Now back in C0. */ update_idle_stats(power, cx, before, after); local_irq_enable(); + TRACE_6D(TRC_PM_IDLE_EXIT, cx->type, after, + irq_traced[0], irq_traced[1], irq_traced[2], irq_traced[3]); + if (!(lapic_timer_reliable_states & (1 << cx->type))) lapic_timer_on(); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278729.476092 (Exim 4.92) (envelope-from ) id 1nNRmT-0005FN-9B; Fri, 25 Feb 2022 04:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278729.476092; Fri, 25 Feb 2022 04:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmT-0005FF-6H; Fri, 25 Feb 2022 04:00:33 +0000 Received: by outflank-mailman (input) for mailman id 278729; Fri, 25 Feb 2022 04:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmS-0005F5-0F for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmR-000832-Vo for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRmR-00048W-Ut for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=94cD0wzdkwL0BjEBa130NyuUTSZ4Sa7UDbKESWvnwnI=; b=fjMY0vfapDHCg4QxeuF/v9mjqm tvgqSO67pGYJ1GJvWtTTf3SECoFLXQ581zQnlcWKZ4q+FRndK/5eCfBynDQPmQp7hyVY2Z2pOFGNY qXRsA+mCzbaqAk8EffvqJVYa81+RbvHWjdqYSZy/IPokS+BbQuS782OUK2VIIDIxHbQ4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: drop NOP_DS_PREFIX Message-Id: Date: Fri, 25 Feb 2022 04:00:31 +0000 commit 73ba368e76b3d50c61933c242a90540ca1890d92 Author: Jan Beulich AuthorDate: Thu Feb 24 11:21:08 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:21:08 2022 +0100 x86: drop NOP_DS_PREFIX This wasn't really necessary to introduce: The binutils change permitting use of standalone "ds" (and "cs") in 64-bit code predates the minimum binutils version we support. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/flushtlb.c | 7 +++---- xen/arch/x86/include/asm/nops.h | 2 -- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c index 735ce00316..0c5a1de443 100644 --- a/xen/arch/x86/flushtlb.c +++ b/xen/arch/x86/flushtlb.c @@ -247,8 +247,7 @@ unsigned int flush_area_local(const void *va, unsigned int flags) { alternative("", "sfence", X86_FEATURE_CLFLUSHOPT); for ( i = 0; i < sz; i += c->x86_clflush_size ) - alternative_input(".byte " __stringify(NOP_DS_PREFIX) ";" - " clflush %0", + alternative_input("ds; clflush %0", "data16 clflush %0", /* clflushopt */ X86_FEATURE_CLFLUSHOPT, "m" (((const char *)va)[i])); @@ -298,11 +297,11 @@ void cache_writeback(const void *addr, unsigned int size) # define INPUT(addr) "a" (addr), BASE_INPUT(addr) #endif /* - * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush + * Note regarding the "ds" prefix use: it's faster to do a clflush * + prefix than a clflush + nop, and hence the prefix is added instead * of letting the alternative framework fill the gap by appending nops. */ - alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", + alternative_io_2("ds; clflush %[p]", "data16 clflush %[p]", /* clflushopt */ X86_FEATURE_CLFLUSHOPT, CLWB_ENCODING, diff --git a/xen/arch/x86/include/asm/nops.h b/xen/arch/x86/include/asm/nops.h index 1a46b97aff..2724a9862e 100644 --- a/xen/arch/x86/include/asm/nops.h +++ b/xen/arch/x86/include/asm/nops.h @@ -5,8 +5,6 @@ * Define nops for use with alternative(). */ -#define NOP_DS_PREFIX 0x3e - /* * Opteron 64bit nops * 1: nop -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278730.476096 (Exim 4.92) (envelope-from ) id 1nNRmd-0005J8-B6; Fri, 25 Feb 2022 04:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278730.476096; Fri, 25 Feb 2022 04:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmd-0005J0-7k; Fri, 25 Feb 2022 04:00:43 +0000 Received: by outflank-mailman (input) for mailman id 278730; Fri, 25 Feb 2022 04:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmc-0005Ig-3k for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmc-00083F-2u for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRmc-00049m-1p for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8p+zYSjEmI4MG9Xann+zqcp9MGncyXP+3lmY2PueyyE=; b=23bWDHI3amuixpi1BKBrxETewl eF886ssNgnjRbNVomuEizBHE3hLXgID1MpleQ2cATwjUjImb5W5zWbDquec87ENpx125QAyrOOpPS Vk7YMqvPFqqWc2Zn/yfKY4IwnEFVyZqdsHFQp4XYR4nrggsez3cFqfEaXcgBfovX1tos=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: replace more cpufeat_word() uses Message-Id: Date: Fri, 25 Feb 2022 04:00:42 +0000 commit 45f6ff12558fb96e8f2912f577b2088470bcf60e Author: Jan Beulich AuthorDate: Thu Feb 24 11:22:08 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:22:08 2022 +0100 x86/cpuid: replace more cpufeat_word() uses Complete what e3662437eb43 ("x86/cpuid: Disentangle logic for new feature leaves") has begun: "Switch to using FEATURESET_* just like the policy/featureset helpers. This breaks the cognitive complexity of needing to know which leaf a specifically named feature should reside in, and is shorter to write. It is also far easier to identify as correct at a glance, given the correlation with the CPUID leaf being read." Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/cpu/common.c | 17 ++++++++--------- xen/arch/x86/efi/efi-boot.h | 4 ++-- xen/arch/x86/mpparse.c | 2 +- xen/arch/x86/tsx.c | 2 +- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index bfedc99b92..bd2207163a 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,24 +332,23 @@ void __init early_cpu_init(void) cpuid(0x00000001, &eax, &ebx, &ecx, &edx); c->x86 = get_cpu_family(eax, &c->x86_model, &c->x86_mask); - edx &= ~cleared_caps[cpufeat_word(X86_FEATURE_FPU)]; - ecx &= ~cleared_caps[cpufeat_word(X86_FEATURE_SSE3)]; + edx &= ~cleared_caps[FEATURESET_1d]; + ecx &= ~cleared_caps[FEATURESET_1c]; if (edx & cpufeat_mask(X86_FEATURE_CLFLUSH)) c->x86_cache_alignment = ((ebx >> 8) & 0xff) * 8; /* Leaf 0x1 capabilities filled in early for Xen. */ - c->x86_capability[cpufeat_word(X86_FEATURE_FPU)] = edx; - c->x86_capability[cpufeat_word(X86_FEATURE_SSE3)] = ecx; + c->x86_capability[FEATURESET_1d] = edx; + c->x86_capability[FEATURESET_1c] = ecx; printk(XENLOG_INFO "CPU Vendor: %s, Family %u (%#x), Model %u (%#x), Stepping %u (raw %08x)\n", x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86, c->x86_model, c->x86_model, c->x86_mask, eax); - if (c->cpuid_level >= 7) { - cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; - c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; - } + if (c->cpuid_level >= 7) + cpuid_count(7, 0, &eax, &ebx, + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); eax = cpuid_eax(0x80000000); if ((eax >> 16) == 0x8000 && eax >= 0x80000008) { diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index f69509a210..d91eb5a537 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -685,11 +685,11 @@ static void __init efi_arch_cpu(void) boot_tsc_stamp = rdtsc(); - caps[cpufeat_word(X86_FEATURE_HYPERVISOR)] = cpuid_ecx(1); + caps[FEATURESET_1c] = cpuid_ecx(1); if ( (eax >> 16) == 0x8000 && eax > 0x80000000 ) { - caps[cpufeat_word(X86_FEATURE_SYSCALL)] = cpuid_edx(0x80000001); + caps[FEATURESET_e1d] = cpuid_edx(0x80000001); if ( cpu_has_nx ) trampoline_efer |= EFER_NXE; diff --git a/xen/arch/x86/mpparse.c b/xen/arch/x86/mpparse.c index 8faac289ea..d8ccab2449 100644 --- a/xen/arch/x86/mpparse.c +++ b/xen/arch/x86/mpparse.c @@ -516,7 +516,7 @@ static inline void __init construct_default_ISA_mptable(int mpc_default_type) (boot_cpu_data.x86_model << 4) | boot_cpu_data.x86_mask; processor.mpc_featureflag = - boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_FPU)]; + boot_cpu_data.x86_capability[FEATURESET_1d]; processor.mpc_reserved[0] = 0; processor.mpc_reserved[1] = 0; for (i = 0; i < 2; i++) { diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index b156844cde..41b6092cfe 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -48,7 +48,7 @@ void tsx_init(void) bool has_rtm_always_abort; if ( boot_cpu_data.cpuid_level >= 7 ) - boot_cpu_data.x86_capability[cpufeat_word(X86_FEATURE_ARCH_CAPS)] + boot_cpu_data.x86_capability[FEATURESET_7d0] = cpuid_count_edx(7, 0); if ( cpu_has_arch_caps ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 04:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 04:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278731.476100 (Exim 4.92) (envelope-from ) id 1nNRmn-0005M8-CQ; Fri, 25 Feb 2022 04:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278731.476100; Fri, 25 Feb 2022 04:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmn-0005M0-9Y; Fri, 25 Feb 2022 04:00:53 +0000 Received: by outflank-mailman (input) for mailman id 278731; Fri, 25 Feb 2022 04:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmm-0005Lp-7B for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNRmm-00083Q-6J for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNRmm-0004BC-5W for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 04:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+kLySxRNblhELJr+XatAinlkKbcp++ESbjurhd5Cslo=; b=SFRBrKGlAj3oVC8FGl/lmVF19S zcnpf1TjC26c4G1zSbs3/pJ6QVXEAdq0emvS5zYIPVgAqt0f3pRpHxlo4vrSM7P5jBkG/+JZjuAKP z0RIH3HuUOfDSyQBdYr0gnxv6npHyN6t18Y31LCwu14N5MLo5gy8+Amwkx+PanMqkKfY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/configure.ac: Create ZLIB_LIBS and ZLIB_CFLAGS Message-Id: Date: Fri, 25 Feb 2022 04:00:52 +0000 commit 93189e8c8b93e2c4658156e785a9b78b61e71a64 Author: Anthony PERARD AuthorDate: Thu Feb 24 11:24:49 2022 +0100 Commit: Jan Beulich CommitDate: Thu Feb 24 11:24:49 2022 +0100 tools/configure.ac: Create ZLIB_LIBS and ZLIB_CFLAGS Use both ZLIB_CFLAGS and ZLIB_LIBS instead of cherry-picking flags from a single "ZLIB" variable. Signed-off-by: Anthony PERARD Reviewed-by: Juergen Gross --- config/Tools.mk.in | 3 ++- tools/configure | 22 ++++++++++++++-------- tools/configure.ac | 19 ++++++++++++++----- tools/libs/guest/Makefile | 12 +++++------- 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index 934d899967..6c1a0a676f 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -66,7 +66,8 @@ CONFIG_9PFS := @ninepfs@ LINUX_BACKEND_MODULES := @LINUX_BACKEND_MODULES@ #System options -ZLIB := @zlib@ +ZLIB_CFLAGS := @ZLIB_CFLAGS@ +ZLIB_LIBS := @ZLIB_LIBS@ CONFIG_LIBICONV := @libiconv@ EXTFS_LIBS := @EXTFS_LIBS@ CURSES_LIBS := @CURSES_LIBS@ diff --git a/tools/configure b/tools/configure index 829753b5dd..a052c186a5 100755 --- a/tools/configure +++ b/tools/configure @@ -641,7 +641,8 @@ PTHREAD_LIBS PTHREAD_LDFLAGS PTHREAD_CFLAGS EXTFS_LIBS -zlib +ZLIB_LIBS +ZLIB_CFLAGS libzstd_LIBS libzstd_CFLAGS FETCHER @@ -8605,7 +8606,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "bzlib.h" "ac_cv_header_bzlib_h" "$ac_includes_default" if test "x$ac_cv_header_bzlib_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzDecompressInit in -lbz2" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzDecompressInit in -lbz2" >&5 $as_echo_n "checking for BZ2_bzDecompressInit in -lbz2... " >&6; } if ${ac_cv_lib_bz2_BZ2_bzDecompressInit+:} false; then : $as_echo_n "(cached) " >&6 @@ -8642,7 +8643,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bz2_BZ2_bzDecompressInit" >&5 $as_echo "$ac_cv_lib_bz2_BZ2_bzDecompressInit" >&6; } if test "x$ac_cv_lib_bz2_BZ2_bzDecompressInit" = xyes; then : - zlib="$zlib -DHAVE_BZLIB -lbz2" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_BZLIB" + ZLIB_LIBS="$ZLIB_LIBS -lbz2" fi @@ -8652,7 +8654,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "lzma.h" "ac_cv_header_lzma_h" "$ac_includes_default" if test "x$ac_cv_header_lzma_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzma_stream_decoder in -llzma" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzma_stream_decoder in -llzma" >&5 $as_echo_n "checking for lzma_stream_decoder in -llzma... " >&6; } if ${ac_cv_lib_lzma_lzma_stream_decoder+:} false; then : $as_echo_n "(cached) " >&6 @@ -8689,7 +8691,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzma_lzma_stream_decoder" >&5 $as_echo "$ac_cv_lib_lzma_lzma_stream_decoder" >&6; } if test "x$ac_cv_lib_lzma_lzma_stream_decoder" = xyes; then : - zlib="$zlib -DHAVE_LZMA -llzma" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZMA" + ZLIB_LIBS="$ZLIB_LIBS -llzma" fi @@ -8699,7 +8702,7 @@ fi ac_fn_c_check_header_mongrel "$LINENO" "lzo/lzo1x.h" "ac_cv_header_lzo_lzo1x_h" "$ac_includes_default" if test "x$ac_cv_header_lzo_lzo1x_h" = xyes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_decompress in -llzo2" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_decompress in -llzo2" >&5 $as_echo_n "checking for lzo1x_decompress in -llzo2... " >&6; } if ${ac_cv_lib_lzo2_lzo1x_decompress+:} false; then : $as_echo_n "(cached) " >&6 @@ -8736,7 +8739,8 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo2_lzo1x_decompress" >&5 $as_echo "$ac_cv_lib_lzo2_lzo1x_decompress" >&6; } if test "x$ac_cv_lib_lzo2_lzo1x_decompress" = xyes; then : - zlib="$zlib -DHAVE_LZO1X -llzo2" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZO1X" + ZLIB_LIBS="$ZLIB_LIBS -llzo2" fi @@ -8812,10 +8816,12 @@ else libzstd_LIBS=$pkg_cv_libzstd_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - zlib="$zlib -DHAVE_ZSTD $libzstd_CFLAGS $libzstd_LIBS" + ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_ZSTD $libzstd_CFLAGS" + ZLIB_LIBS="$ZLIB_LIBS $libzstd_LIBS" fi + ac_fn_c_check_header_mongrel "$LINENO" "ext2fs/ext2fs.h" "ac_cv_header_ext2fs_ext2fs_h" "$ac_includes_default" if test "x$ac_cv_header_ext2fs_ext2fs_h" = xyes; then : diff --git a/tools/configure.ac b/tools/configure.ac index f29c319b42..1094d896fc 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -391,17 +391,26 @@ AX_CHECK_FETCHER # Checks for libraries. AC_CHECK_HEADER([bzlib.h], [ -AC_CHECK_LIB([bz2], [BZ2_bzDecompressInit], [zlib="$zlib -DHAVE_BZLIB -lbz2"]) + AC_CHECK_LIB([bz2], [BZ2_bzDecompressInit], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_BZLIB" + ZLIB_LIBS="$ZLIB_LIBS -lbz2"]) ]) AC_CHECK_HEADER([lzma.h], [ -AC_CHECK_LIB([lzma], [lzma_stream_decoder], [zlib="$zlib -DHAVE_LZMA -llzma"]) + AC_CHECK_LIB([lzma], [lzma_stream_decoder], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZMA" + ZLIB_LIBS="$ZLIB_LIBS -llzma"]) ]) AC_CHECK_HEADER([lzo/lzo1x.h], [ -AC_CHECK_LIB([lzo2], [lzo1x_decompress], [zlib="$zlib -DHAVE_LZO1X -llzo2"]) + AC_CHECK_LIB([lzo2], [lzo1x_decompress], + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_LZO1X" + ZLIB_LIBS="$ZLIB_LIBS -llzo2"]) ]) PKG_CHECK_MODULES([libzstd], [libzstd], - [zlib="$zlib -DHAVE_ZSTD $libzstd_CFLAGS $libzstd_LIBS"], [true]) -AC_SUBST(zlib) + [ZLIB_CFLAGS="$ZLIB_CFLAGS -DHAVE_ZSTD $libzstd_CFLAGS" + ZLIB_LIBS="$ZLIB_LIBS $libzstd_LIBS"], + [true]) +AC_SUBST([ZLIB_CFLAGS]) +AC_SUBST([ZLIB_LIBS]) AX_CHECK_EXTFS AX_CHECK_PTHREAD AX_CHECK_PTYFUNCS diff --git a/tools/libs/guest/Makefile b/tools/libs/guest/Makefile index 7f74ac0e7d..ab580e1b64 100644 --- a/tools/libs/guest/Makefile +++ b/tools/libs/guest/Makefile @@ -89,13 +89,12 @@ CFLAGS += $(CFLAGS_libxendevicemodel) CFLAGS += $(CFLAGS_libxencall) $(CFLAGS_libxenforeignmemory) ifeq ($(CONFIG_MiniOS),y) -zlib-options = -else -zlib-options = $(ZLIB) +ZLIB_CFLAGS := +ZLIB_LIBS := endif -xg_dom_bzimageloader.o: CFLAGS += $(filter -D%,$(zlib-options)) -xg_dom_bzimageloader.opic: CFLAGS += $(filter -D%,$(zlib-options)) +xg_dom_bzimageloader.o: CFLAGS += $(ZLIB_CFLAGS) +xg_dom_bzimageloader.opic: CFLAGS += $(ZLIB_CFLAGS) LIBHEADER := xenguest.h @@ -103,8 +102,7 @@ NO_HEADERS_CHK := y include $(XEN_ROOT)/tools/libs/libs.mk -libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(filter -l%,$(zlib-options)) -libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(COMPRESSION_LIBS) -lz +libxenguest.so.$(MAJOR).$(MINOR): APPEND_LDFLAGS += $(ZLIB_LIBS) -lz .PHONY: cleanlocal cleanlocal: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278945.476375 (Exim 4.92) (envelope-from ) id 1nNXZ4-0004ns-Uy; Fri, 25 Feb 2022 10:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278945.476375; Fri, 25 Feb 2022 10:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZ4-0004nk-Rb; Fri, 25 Feb 2022 10:11:06 +0000 Received: by outflank-mailman (input) for mailman id 278945; Fri, 25 Feb 2022 10:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZ2-0004nd-U4 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZ2-00074O-Op for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZ2-0001G9-Mf for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WpLlvmQhFbAo72yYNugPKTHYSsPQzuqLVmT4giWlJ+w=; b=oHseeMWB3oHcB80Z9fcU20Tunk 7Ox8J3MQrXwdiTq47BDxc0N33kQVIccevPR23uSOif0fM4HJk67ZlYARPwJofWTRngE76OpJ/9+lA 6/gGTlcB1ejggmNufalrrskdC0QDrj12iaf1Hpau8MHtMUCaw4Q9jAbIs3QydP6IJuz4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/time: switch platform timer hooks to altcall Message-Id: Date: Fri, 25 Feb 2022 10:11:04 +0000 commit bed9ae54df44b9f6914eae4c6d231be41d859ecd Author: Jan Beulich AuthorDate: Fri Feb 25 10:48:20 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:48:20 2022 +0100 x86/time: switch platform timer hooks to altcall Except in the "clocksource=tsc" case we can replace the indirect calls involved in accessing the platform timers by direct ones, as they get established once and never changed. To also cover the "tsc" case, invoke what read_tsc() resolves to directly. In turn read_tsc() then becomes unreachable and hence can move to .init.*. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/time.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c005388e32..c05d3ca98b 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -66,6 +66,7 @@ struct platform_timesource { char *id; char *name; u64 frequency; + /* Post-init this hook may only be invoked via the read_counter() wrapper! */ u64 (*read_counter)(void); s64 (*init)(struct platform_timesource *); void (*resume)(struct platform_timesource *); @@ -584,7 +585,7 @@ static s64 __init cf_check init_tsc(struct platform_timesource *pts) return ret; } -static u64 cf_check read_tsc(void) +static uint64_t __init cf_check read_tsc(void) { return rdtsc_ordered(); } @@ -816,6 +817,18 @@ static s_time_t __read_platform_stime(u64 platform_time) return (stime_platform_stamp + scale_delta(diff, &plt_scale)); } +static uint64_t read_counter(void) +{ + /* + * plt_tsc is put in use only after alternatives patching has occurred, + * hence we can't invoke read_tsc() that way. Special case it here, open- + * coding the function call at the same time. + */ + return plt_src.read_counter != read_tsc + ? alternative_call(plt_src.read_counter) + : rdtsc_ordered(); +} + static void cf_check plt_overflow(void *unused) { int i; @@ -824,7 +837,7 @@ static void cf_check plt_overflow(void *unused) spin_lock_irq(&platform_timer_lock); - count = plt_src.read_counter(); + count = read_counter(); plt_stamp64 += (count - plt_stamp) & plt_mask; plt_stamp = count; @@ -860,7 +873,7 @@ static s_time_t read_platform_stime(u64 *stamp) ASSERT(!local_irq_is_enabled()); spin_lock(&platform_timer_lock); - plt_counter = plt_src.read_counter(); + plt_counter = read_counter(); count = plt_stamp64 + ((plt_counter - plt_stamp) & plt_mask); stime = __read_platform_stime(count); spin_unlock(&platform_timer_lock); @@ -878,7 +891,7 @@ static void platform_time_calibration(void) unsigned long flags; spin_lock_irqsave(&platform_timer_lock, flags); - count = plt_stamp64 + ((plt_src.read_counter() - plt_stamp) & plt_mask); + count = plt_stamp64 + ((read_counter() - plt_stamp) & plt_mask); stamp = __read_platform_stime(count); stime_platform_stamp = stamp; platform_timer_stamp = count; @@ -889,10 +902,10 @@ static void resume_platform_timer(void) { /* Timer source can be reset when backing from S3 to S0 */ if ( plt_src.resume ) - plt_src.resume(&plt_src); + alternative_vcall(plt_src.resume, &plt_src); plt_stamp64 = platform_timer_stamp; - plt_stamp = plt_src.read_counter(); + plt_stamp = read_counter(); } static void __init reset_platform_timer(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278946.476379 (Exim 4.92) (envelope-from ) id 1nNXZD-0004pj-WB; Fri, 25 Feb 2022 10:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278946.476379; Fri, 25 Feb 2022 10:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZD-0004pc-TA; Fri, 25 Feb 2022 10:11:15 +0000 Received: by outflank-mailman (input) for mailman id 278946; Fri, 25 Feb 2022 10:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZC-0004pL-Ss for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZC-00074S-S1 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZC-0001Go-Qz for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+739uB/8K+c39Om6i78E9CSopn5EEQmHu+Xkq9gl1LA=; b=uNvqE421jKoDemL3OvrOm1rg9F j55pJxHVfTbqSPQiklQ0SaMutdXoBWr3K7+uTJEhtfoHKxcD5M6oMQ3MUOegeqLXYvuoHa1PC8+bD WgVWpSSrcWAT4eE3y2igu4qMMG1djgAtqUJ+EAu/jPMruNKFtviipOUJ7JypekJ76eXo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: make embedded endbr64 check compatible with older GNU grep Message-Id: Date: Fri, 25 Feb 2022 10:11:14 +0000 commit 91fa912206d83518661062d70e6082a70eadb6ec Author: Jan Beulich AuthorDate: Fri Feb 25 10:49:17 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:49:17 2022 +0100 x86: make embedded endbr64 check compatible with older GNU grep With version 2.7 I'm observing support for binary searches, but unreliable results: Only a subset of the supposed matches is actually reported; for our pattern I've never observed any match. This same version works fine when handing it a Perl regexp using hex or octal escapes. Probe for support of -P and prefer that over the original approach. Fixes: 4d037425dccf ("x86: Build check for embedded endbr64 instructions") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/tools/check-endbr.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 7fbb181b3c..9799c451a1 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -24,6 +24,11 @@ BAD=$D/bad-addrs echo "X" | grep -aob "X" -q 2>/dev/null || { echo "$MSG_PFX Warning: grep can't do binary searches" >&2; exit 0; } +# Check whether grep supports Perl regexps. Older GNU grep doesn't reliably +# find binary patterns otherwise. +perl_re=true +echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false + # # First, look for all the valid endbr64 instructions. # A worst-case disassembly, viewed through cat -A, may look like: @@ -60,8 +65,12 @@ eval $(${OBJDUMP} -j .text $1 -h | awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN -grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN | - awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +if $perl_re +then + LC_ALL=C grep -aobP '\363\17\36\372' $TEXT_BIN +else + grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN +fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278947.476383 (Exim 4.92) (envelope-from ) id 1nNXZO-0004sn-1j; Fri, 25 Feb 2022 10:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278947.476383; Fri, 25 Feb 2022 10:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZN-0004sg-Uv; Fri, 25 Feb 2022 10:11:25 +0000 Received: by outflank-mailman (input) for mailman id 278947; Fri, 25 Feb 2022 10:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZM-0004sP-Vw for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZM-000754-V8 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZM-0001Ha-U7 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qo+HyPD+vEf2U1Bz9wXKMl6cVl7Bisxx45Xp/cyod9E=; b=D68udVsdgqf8reGIQ7qujisyHU 7GHL4tnEYzxZ0D0w3eh5HDSJOG9sQcZT1u6TEJnwtGOAEU1L4GDRLT8O1jufDUwNmzP0Za54dnlWR /VABK58jfguKQU4S3UuiRatWQ+TnU63HLbn7I7uYjqt9iC5WlCnKE57Pf8+AN4n4G3aA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework test/livepatch/Makefile Message-Id: Date: Fri, 25 Feb 2022 10:11:24 +0000 commit 27060920a79be3a12628e91212d6e21a9b4a2b76 Author: Anthony PERARD AuthorDate: Fri Feb 25 10:55:30 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:55:30 2022 +0100 build: rework test/livepatch/Makefile This rework the livepatch/Makefile to make it less repetitive and make use of the facilities. All the targets to be built are now listed in $(extra-y) which will allow Rules.mk to build them without the need of a local target in a future patch. There are some changes/fixes in this patch: - when "xen-syms" is used for a target, it is added to the dependency list of the target, which allow to rebuild the target when xen-syms changes. But if "xen-syms" is missing, make simply fails. - modinfo.o wasn't removing it's $@.bin file like the other targets, this is now done. - The command to build *.livepatch targets as been fixed to use $(XEN_LDFLAGS) rather than just $(LDFLAGS) which is a fallout from 2740d96efdd3 ("xen/build: have the root Makefile generates the CFLAGS") make will findout the dependencies of the *.livepatch files and thus what to built by "looking" at the objects listed in the *-objs variables. The actual dependencies is generated by the new "multi-depend" macro. "$(targets)" needs to be updated with the objects listed in the different *-objs variables to allow make to load the .*.cmd dependency files. This patch copies the macro "multi_depend" from Linux 5.12, and rename it to "multi-depend". Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/scripts/Kbuild.include | 9 ++ xen/test/livepatch/Makefile | 213 +++++++++++++++++--------------------------- 2 files changed, 91 insertions(+), 131 deletions(-) diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 2d482d1cb9..4875bb28c2 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -153,3 +153,12 @@ why = \ echo-why = $(call escsq, $(strip $(why))) endif + +# Useful for describing the dependency of composite objects +# Usage: +# $(call multi-depend, multi-used-targets, suffix-to-remove, suffix-to-add) +define multi-depend +$(foreach m, $(notdir $1), \ + $(eval $(obj)/$(m): \ + $(addprefix $(obj)/, $(foreach s, $3, $($(m:%$(strip $2)=%$(s))))))) +endef diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index 148dddb904..69fadccd01 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -12,81 +12,29 @@ CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') .PHONY: default - -LIVEPATCH := xen_hello_world.livepatch -LIVEPATCH_BYE := xen_bye_world.livepatch -LIVEPATCH_REPLACE := xen_replace_world.livepatch -LIVEPATCH_NOP := xen_nop.livepatch -LIVEPATCH_NO_XEN_BUILDID := xen_no_xen_buildid.livepatch -LIVEPATCH_PREPOST_HOOKS := xen_prepost_hooks.livepatch -LIVEPATCH_PREPOST_HOOKS_FAIL := xen_prepost_hooks_fail.livepatch -LIVEPATCH_ACTION_HOOKS := xen_action_hooks.livepatch -LIVEPATCH_ACTION_HOOKS_NOFUNC := xen_action_hooks_nofunc.livepatch -LIVEPATCH_ACTION_HOOKS_MARKER:= xen_action_hooks_marker.livepatch -LIVEPATCH_ACTION_HOOKS_NOAPPLY:= xen_action_hooks_noapply.livepatch -LIVEPATCH_ACTION_HOOKS_NOREVERT:= xen_action_hooks_norevert.livepatch -LIVEPATCH_EXPECTATIONS:= xen_expectations.livepatch -LIVEPATCH_EXPECTATIONS_FAIL:= xen_expectations_fail.livepatch - -LIVEPATCHES += $(LIVEPATCH) -LIVEPATCHES += $(LIVEPATCH_BYE) -LIVEPATCHES += $(LIVEPATCH_REPLACE) -LIVEPATCHES += $(LIVEPATCH_NOP) -LIVEPATCHES += $(LIVEPATCH_NO_XEN_BUILDID) -LIVEPATCHES += $(LIVEPATCH_PREPOST_HOOKS) -LIVEPATCHES += $(LIVEPATCH_PREPOST_HOOKS_FAIL) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOFUNC) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_MARKER) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOREVERT) -LIVEPATCHES += $(LIVEPATCH_EXPECTATIONS) -LIVEPATCHES += $(LIVEPATCH_EXPECTATIONS_FAIL) - -LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch - build default: livepatch -install: livepatch - $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) - $(INSTALL_DATA) $(LIVEPATCHES) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) - -uninstall: - cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) - -.PHONY: clean -clean:: - rm -f *.o .*.o.d *.livepatch config.h expect_config.h +extra-y += xen_hello_world.livepatch +xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o +$(obj)/xen_hello_world.o: $(obj)/config.h # # To compute these values we need the binary files: xen-syms # and xen_hello_world_func.o to be already compiled. # -.PHONY: config.h -config.h: OLD_CODE_SZ=$(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version) -config.h: NEW_CODE_SZ=$(call CODE_SZ,$<,xen_hello_world) -config.h: MINOR_VERSION_SZ=$(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version) -config.h: MINOR_VERSION_ADDR=$(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version) -config.h: xen_hello_world_func.o +$(obj)/config.h: $(obj)/xen_hello_world_func.o (set -e; \ - echo "#define NEW_CODE_SZ $(NEW_CODE_SZ)"; \ - echo "#define MINOR_VERSION_SZ $(MINOR_VERSION_SZ)"; \ - echo "#define MINOR_VERSION_ADDR $(MINOR_VERSION_ADDR)"; \ - echo "#define OLD_CODE_SZ $(OLD_CODE_SZ)") > $@ + echo "#define NEW_CODE_SZ $(call CODE_SZ,$<,xen_hello_world)"; \ + echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version)"; \ + echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version)"; \ + echo "#define OLD_CODE_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version)") > $@ -xen_hello_world.o: config.h - -.PHONY: $(LIVEPATCH) -$(LIVEPATCH): xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH) $^ - -.PHONY: modinfo.o -modinfo.o: +$(obj)/modinfo.o: (set -e; \ printf "LIVEPATCH_RULEZ\0") > $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.modinfo,alloc,load,readonly,data,contents -S $@.bin $@ - #rm -f $@.bin + rm -f $@.bin # # This target is only accessible if CONFIG_LIVEPATCH is defined, which @@ -97,9 +45,8 @@ modinfo.o: # not be built (it is for EFI builds), and that we do not have # the note.o.bin to muck with (as it gets deleted) # -.PHONY: note.o -note.o: - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin +$(obj)/note.o: $(BASEDIR)/xen-syms + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin @@ -108,9 +55,8 @@ note.o: # Append .livepatch.xen_depends section # with Xen build-id derived from xen-syms. # -.PHONY: xen_note.o -xen_note.o: - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin +$(obj)/xen_note.o: $(BASEDIR)/xen-syms + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.xen_depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin @@ -119,102 +65,107 @@ xen_note.o: # Extract the build-id of the xen_hello_world.livepatch # (which xen_bye_world will depend on). # -.PHONY: hello_world_note.o -hello_world_note.o: $(LIVEPATCH) - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(LIVEPATCH) $@.bin +$(obj)/hello_world_note.o: $(obj)/xen_hello_world.livepatch + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin -xen_bye_world.o: config.h -.PHONY: $(LIVEPATCH_BYE) -$(LIVEPATCH_BYE): xen_bye_world_func.o xen_bye_world.o hello_world_note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_BYE) $^ +extra-y += xen_bye_world.livepatch +xen_bye_world-objs := xen_bye_world_func.o xen_bye_world.o hello_world_note.o xen_note.o +$(obj)/xen_bye_world.o: $(obj)/config.h -xen_replace_world.o: config.h -.PHONY: $(LIVEPATCH_REPLACE) -$(LIVEPATCH_REPLACE): xen_replace_world_func.o xen_replace_world.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_REPLACE) $^ +extra-y += xen_replace_world.livepatch +xen_replace_world-objs := xen_replace_world_func.o xen_replace_world.o note.o xen_note.o +$(obj)/xen_replace_world.o: $(obj)/config.h -xen_nop.o: config.h -.PHONY: $(LIVEPATCH_NOP) -$(LIVEPATCH_NOP): xen_nop.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_NOP) $^ +extra-y += xen_nop.livepatch +xen_nop-objs := xen_nop.o note.o xen_note.o +$(obj)/xen_nop.o: $(obj)/config.h # This one always fails upon upload, because it deliberately # does not have a .livepatch.xen_depends (xen_note.o) section. -xen_no_xen_buildid.o: config.h - -.PHONY: $(LIVEPATCH_NO_XEN_BUILDID) -$(LIVEPATCH_NO_XEN_BUILDID): xen_nop.o note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_NO_XEN_BUILDID) $^ +extra-y += xen_no_xen_buildid.livepatch +xen_no_xen_buildid-objs := xen_nop.o note.o -xen_prepost_hooks.o: config.h +$(obj)/xen_prepost_hooks.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_PREPOST_HOOKS) -$(LIVEPATCH_PREPOST_HOOKS): xen_prepost_hooks.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_PREPOST_HOOKS) $^ +extra-y += xen_prepost_hooks.livepatch +xen_prepost_hooks-objs := xen_prepost_hooks.o xen_hello_world_func.o note.o xen_note.o -xen_prepost_hooks_fail.o: config.h +$(obj)/xen_prepost_hooks_fail.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_PREPOST_HOOKS_FAIL) -$(LIVEPATCH_PREPOST_HOOKS_FAIL): xen_prepost_hooks_fail.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_PREPOST_HOOKS_FAIL) $^ +extra-y += xen_prepost_hooks_fail.livepatch +xen_prepost_hooks_fail-objs := xen_prepost_hooks_fail.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks.o: config.h +$(obj)/xen_action_hooks.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS) -$(LIVEPATCH_ACTION_HOOKS): xen_action_hooks.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS) $^ +extra-y += xen_action_hooks.livepatch +xen_action_hooks-objs := xen_action_hooks.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_nofunc.o: config.h +$(obj)/xen_action_hooks_nofunc.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOFUNC) -$(LIVEPATCH_ACTION_HOOKS_NOFUNC): xen_action_hooks_nofunc.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOFUNC) $^ +extra-y += xen_action_hooks_nofunc.livepatch +xen_action_hooks_nofunc-objs := xen_action_hooks_nofunc.o note.o xen_note.o -xen_action_hooks_marker.o: config.h +$(obj)/xen_action_hooks_marker.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_MARKER) -$(LIVEPATCH_ACTION_HOOKS_MARKER): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_MARKER) $^ +extra-y += xen_action_hooks_marker.livepatch +xen_action_hooks_marker-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_noapply.o: config.h +$(obj)/xen_action_hooks_noapply.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) -$(LIVEPATCH_ACTION_HOOKS_NOAPPLY): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) $^ +extra-y += xen_action_hooks_noapply.livepatch +xen_action_hooks_noapply-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_norevert.o: config.h +$(obj)/xen_action_hooks_norevert.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOREVERT) -$(LIVEPATCH_ACTION_HOOKS_NOREVERT): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOREVERT) $^ +extra-y += xen_action_hooks_norevert.livepatch +xen_action_hooks_norevert-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o EXPECT_BYTES_COUNT := 8 CODE_GET_EXPECT=$(shell $(OBJDUMP) -d --insn-width=1 $(1) | sed -n -e '/<'$(2)'>:$$/,/^$$/ p' | tail -n +2 | head -n $(EXPECT_BYTES_COUNT) | awk '{$$0=$$2; printf "%s", substr($$0,length-1)}' | sed 's/.\{2\}/0x&,/g' | sed 's/^/{/;s/,$$/}/g') -.PHONY: expect_config.h -expect_config.h: EXPECT_BYTES=$(call CODE_GET_EXPECT,$(BASEDIR)/xen-syms,xen_extra_version) -expect_config.h: +$(obj)/expect_config.h: $(BASEDIR)/xen-syms (set -e; \ - echo "#define EXPECT_BYTES $(EXPECT_BYTES)"; \ + echo "#define EXPECT_BYTES $(call CODE_GET_EXPECT,$<,xen_extra_version)"; \ echo "#define EXPECT_BYTES_COUNT $(EXPECT_BYTES_COUNT)") > $@ -xen_expectations.o: expect_config.h +$(obj)/xen_expectations.o: $(obj)/expect_config.h -.PHONY: $(LIVEPATCH_EXPECTATIONS) -$(LIVEPATCH_EXPECTATIONS): xen_expectations.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_EXPECTATIONS) $^ +extra-y += xen_expectations.livepatch +xen_expectations-objs := xen_expectations.o xen_hello_world_func.o note.o xen_note.o -.PHONY: $(LIVEPATCH_EXPECTATIONS_FAIL) -$(LIVEPATCH_EXPECTATIONS_FAIL): xen_expectations_fail.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_EXPECTATIONS_FAIL) $^ +extra-y += xen_expectations_fail.livepatch +xen_expectations_fail-objs := xen_expectations_fail.o xen_hello_world_func.o note.o xen_note.o + + +quiet_cmd_livepatch = LD $@ +cmd_livepatch = $(LD) $(XEN_LDFLAGS) $(build_id_linker) -r -o $@ $(real-prereqs) + +$(obj)/%.livepatch: FORCE + $(call if_changed,livepatch) + +$(call multi-depend, $(filter %.livepatch,$(extra-y)), .livepatch, -objs) +targets += $(sort $(foreach m,$(basename $(notdir $(filter %.livepatch,$(extra-y)))), \ + $($(m)-objs))) + +LIVEPATCHES := $(filter %.livepatch,$(extra-y)) + +LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch .PHONY: livepatch -livepatch: $(LIVEPATCH) $(LIVEPATCH_BYE) $(LIVEPATCH_REPLACE) $(LIVEPATCH_NOP) $(LIVEPATCH_NO_XEN_BUILDID) \ - $(LIVEPATCH_PREPOST_HOOKS) $(LIVEPATCH_PREPOST_HOOKS_FAIL) $(LIVEPATCH_ACTION_HOOKS) \ - $(LIVEPATCH_ACTION_HOOKS_NOFUNC) $(LIVEPATCH_ACTION_HOOKS_MARKER) $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) \ - $(LIVEPATCH_ACTION_HOOKS_NOREVERT) $(LIVEPATCH_EXPECTATIONS) $(LIVEPATCH_EXPECTATIONS_FAIL) +livepatch: $(LIVEPATCHES) + +install: $(addprefix $(obj)/,$(LIVEPATCHES)) + $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) + $(INSTALL_DATA) $(addprefix $(obj)/,$(LIVEPATCHES)) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) + +uninstall: + cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) + +.PHONY: clean +clean:: + rm -f *.o .*.o.d *.livepatch config.h expect_config.h -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278948.476387 (Exim 4.92) (envelope-from ) id 1nNXZZ-0004wB-3y; Fri, 25 Feb 2022 10:11:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278948.476387; Fri, 25 Feb 2022 10:11:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZZ-0004w3-0U; Fri, 25 Feb 2022 10:11:37 +0000 Received: by outflank-mailman (input) for mailman id 278948; Fri, 25 Feb 2022 10:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZX-0004vd-3A for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZX-00075E-2K for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZX-0001IC-1I for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YV2nT0ukK2X/E42JaoB5ZB7Vl5K1i1GTONtT31v9dEo=; b=KeRgfPXaMWVe8ifOLYzTtwV+EL WHW6UCRJ2Ha9QianrDdJsoODybNt93a+fSiVu6gZdpQlFXcyQtRRvvvxRzJ7lpD5tXIm1GK9a/4jN 9KNpe0vSBSBMFhjgeBkMRUwj4fZJZxmIUeUe2p6UjTgVdEDHQv5RHsAOI4LGnbrOHQm4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: build everything from the root dir, use obj=$subdir Message-Id: Date: Fri, 25 Feb 2022 10:11:35 +0000 commit 7a3bcd2babcc7d9952bcf174f3705ebd9290671a Author: Anthony PERARD AuthorDate: Fri Feb 25 11:01:15 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:01:15 2022 +0100 build: build everything from the root dir, use obj=$subdir A subdirectory is now built by setting "$(obj)" instead of changing directory. "$(obj)" should always be set when using "Rules.mk" and thus a shortcut "$(build)" is introduced and should be used. A new variable "$(need-builtin)" is introduce. It is to be used whenever a "built_in.o" is wanted from a subdirectory. "built_in.o" isn't the main target anymore, and thus only needs to depends on the objects that should be part of "built_in.o". Introduce $(srctree) and $(objtree) to replace $(BASEDIR) in cases a relative path is better, and $(abs_srctree) and $(abs_objtree) which have an absolute path. DEPS is updated as the existing macro to deal with it doesn't know about $(obj). There's some changes in "Rules.mk" which in addition to deal with "$(obj)" also make it's looks more like "Makefile.build" from Linux v5.12. test/Makefile doesn't need special handling in order to build everything under test/, Rules.mk will visit test/livepatch via $(subdir-y), thus "tests" "all" and "build" target are removed. "subtree-force-update" target isn't useful so it is removed as well. test/livepatch/Makefile doesn't need default target anymore, Rules.mk will build everything in $(extra-y) and thus all *.livepatch. Adjust cloc recipe: dependency files generated by CC will now have the full path to the source file, so we don't need to prepend the subdirectory. This fix some issue with source not been parsed by cloc before. Also source from tools/kconfig would be listed with changes in this patch so adjust the find command to stop listing the "tools" directory and thus kconfig. With a default build of Xen on X86, they are a few new files parsed by cloc: arch/x86/x86_64/compat/mm.c arch/x86/x86_64/mm.c common/compat/domain.c common/compat/memory.c common/compat/xlat.c Signed-off-by: Anthony PERARD Acked-by: Bob Eshleman Acked-by: Julien Grall Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM --- xen/Makefile | 36 +++++++----- xen/Rules.mk | 138 +++++++++++++++++++++++++++++--------------- xen/arch/arm/Makefile | 4 +- xen/arch/arm/Rules.mk | 4 -- xen/arch/arm/arch.mk | 4 +- xen/arch/riscv/arch.mk | 4 +- xen/arch/x86/Makefile | 11 ++-- xen/arch/x86/Rules.mk | 4 +- xen/arch/x86/arch.mk | 12 ++-- xen/arch/x86/boot/Makefile | 8 +-- xen/build.mk | 12 +++- xen/include/Makefile | 6 +- xen/scripts/Kbuild.include | 6 ++ xen/test/Makefile | 7 +-- xen/test/livepatch/Makefile | 6 -- xen/xsm/flask/Makefile | 2 +- xen/xsm/flask/ss/Makefile | 2 +- 17 files changed, 162 insertions(+), 104 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 6e4ea200aa..7912e35503 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -22,6 +22,15 @@ export CHECKPOLICY ?= checkpolicy export BASEDIR := $(CURDIR) export XEN_ROOT := $(BASEDIR)/.. +abs_objtree := $(CURDIR) +abs_srctree := $(CURDIR) + +export abs_srctree abs_objtree + +srctree := . +objtree := . +export srctree objtree + # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -47,7 +56,7 @@ export KCONFIG_CONFIG ?= .config export CC CXX LD -export TARGET := $(BASEDIR)/xen +export TARGET := xen .PHONY: default default: build @@ -250,7 +259,7 @@ endif CFLAGS += -nostdinc -fno-builtin -fno-common CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith $(call cc-option-add,CFLAGS,CC,-Wvla) -CFLAGS += -pipe -D__XEN__ -include $(BASEDIR)/include/xen/config.h +CFLAGS += -pipe -D__XEN__ -include $(srctree)/include/xen/config.h CFLAGS-$(CONFIG_DEBUG_INFO) += -g ifneq ($(CONFIG_CC_IS_CLANG),y) @@ -349,10 +358,10 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) .PHONY: tests tests: - $(MAKE) -f $(BASEDIR)/Rules.mk -C test tests + $(Q)$(MAKE) $(build)=test .PHONY: install-tests install-tests: - $(MAKE) -f $(BASEDIR)/Rules.mk -C test install + $(Q)$(MAKE) $(build)=test install .PHONY: _uninstall _uninstall: D=$(DESTDIR) @@ -408,16 +417,16 @@ $(TARGET).gz: $(TARGET) $(TARGET): FORCE $(MAKE) -C tools - $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h + $(Q)$(MAKE) $(build)=. include/xen/compile.h [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ do test -r arch/$(TARGET_ARCH)/efi/$$f || \ ln -nsf ../../../common/efi/$$f arch/$(TARGET_ARCH)/efi/; \ done; \ true - $(MAKE) -f $(BASEDIR)/Rules.mk -C include - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) include - $(MAKE) -f $(BASEDIR)/Rules.mk arch/$(TARGET_ARCH)/include/asm/asm-offsets.h - $(MAKE) -f $(BASEDIR)/Rules.mk MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ + $(Q)$(MAKE) $(build)=include all + $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) include + $(Q)$(MAKE) $(build)=. arch/$(TARGET_ARCH)/include/asm/asm-offsets.h + $(Q)$(MAKE) $(build)=. MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ SUBDIRS = xsm arch/$(TARGET_ARCH) common drivers lib test define all_sources @@ -463,19 +472,18 @@ _MAP: $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map %.o %.i %.s: %.c FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $(*D) $(@F) + $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) %.o %.s: %.S FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $(*D) $(@F) + $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) %/: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in.o built_in_bin.o + $(Q)$(MAKE) $(build)=$* need-builtin=1 .PHONY: cloc cloc: - find . -name '*.o.d' | while read f; do \ + find . -name tools -prune -o -name '*.o.d' -print | while read f; do \ for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ - sf="$$(dirname $$f)/$$sf"; \ test -f "$$sf" && echo "$$sf"; \ done; \ done | cloc --list-file=- diff --git a/xen/Rules.mk b/xen/Rules.mk index 1e7f47a3d8..67112e0077 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -3,19 +3,29 @@ # Makefile and are consumed by Rules.mk # -obj := . +ifndef obj +$(warning kbuild: Rules.mk is included improperly) +endif + src := $(obj) +PHONY := __build +__build: + -include $(BASEDIR)/include/config/auto.conf include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include # Initialise some variables +obj-y := lib-y := targets := +subdir-y := CFLAGS-y := AFLAGS-y := +nocov-y := +noubsan-y := SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach w,1 2 4, \ @@ -50,27 +60,54 @@ cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $< $@ quiet_cmd_binfile = BINFILE $@ cmd_binfile = $(SHELL) $(BASEDIR)/tools/binfile $(BINFILE_FLAGS) $@ $(2) -define gendep - ifneq ($(1),$(subst /,:,$(1))) - DEPS += $(dir $(1)).$(notdir $(1)).d - endif -endef -$(foreach o,$(filter-out %/,$(obj-y) $(obj-bin-y) $(extra-y)),$(eval $(call gendep,$(o)))) +# Figure out what we need to build from the various variables +# =========================================================================== + +# Libraries are always collected in one lib file. +# Filter out objects already built-in +lib-y := $(filter-out $(obj-y), $(sort $(lib-y))) + +# Subdirectories we need to descend into +subdir-y := $(sort $(subdir-y) $(patsubst %/,%,$(filter %/, $(obj-y)))) # Handle objects in subdirs -# --------------------------------------------------------------------------- -# o if we encounter foo/ in $(obj-y), replace it by foo/built_in.o -# and add the directory to the list of dirs to descend into: $(subdir-y) -subdir-y := $(subdir-y) $(filter %/, $(obj-y)) +# - if we encounter foo/ in $(obj-y), replace it by foo/built_in.o +ifdef need-builtin obj-y := $(patsubst %/, %/built_in.o, $(obj-y)) +else +obj-y := $(filter-out %/, $(obj-y)) +endif -# $(subdir-obj-y) is the list of objects in $(obj-y) which uses dir/ to -# tell kbuild to descend -subdir-obj-y := $(filter %/built_in.o, $(obj-y)) +# Add subdir path -# Libraries are always collected in one lib file. -# Filter out objects already built-in -lib-y := $(filter-out $(obj-y), $(sort $(lib-y))) +extra-y := $(addprefix $(obj)/,$(extra-y)) +targets := $(addprefix $(obj)/,$(targets)) +lib-y := $(addprefix $(obj)/,$(lib-y)) +obj-y := $(addprefix $(obj)/,$(obj-y)) +obj-bin-y := $(addprefix $(obj)/,$(obj-bin-y)) +subdir-y := $(addprefix $(obj)/,$(subdir-y)) +nocov-y := $(addprefix $(obj)/,$(nocov-y)) +noubsan-y := $(addprefix $(obj)/,$(noubsan-y)) + +# subdir-builtin may contain duplications. Use $(sort ...) +subdir-builtin := $(sort $(filter %/built_in.o, $(obj-y))) + +targets-for-builtin := $(extra-y) + +ifneq ($(strip $(lib-y)),) + targets-for-builtin += $(obj)/lib.a +endif + +ifdef need-builtin + targets-for-builtin += $(obj)/built_in.o + ifneq ($(strip $(obj-bin-y)),) + ifeq ($(CONFIG_LTO),y) + targets-for-builtin += $(obj)/built_in_bin.o + endif + endif +endif + +targets += $(targets-for-builtin) $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += -DINIT_SECTIONS_ONLY @@ -122,29 +159,28 @@ quiet_cmd_cc_builtin = CC $@ cmd_cc_builtin = \ $(CC) $(XEN_CFLAGS) -c -x c /dev/null -o $@ +# To build objects in subdirs, we need to descend into the directories +$(subdir-builtin): $(obj)/%/built_in.o: $(obj)/% ; + quiet_cmd_ld_builtin = LD $@ ifeq ($(CONFIG_LTO),y) cmd_ld_builtin = \ - $(LD_LTO) -r -o $@ $(filter $(obj-y),$(real-prereqs)) + $(LD_LTO) -r -o $@ $(real-prereqs) else cmd_ld_builtin = \ - $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$(real-prereqs)) + $(LD) $(XEN_LDFLAGS) -r -o $@ $(real-prereqs) endif -built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) FORCE +$(obj)/built_in.o: $(obj-y) FORCE $(call if_changed,$(if $(strip $(obj-y)),ld_builtin,cc_builtin)) -lib.a: $(lib-y) FORCE +$(obj)/lib.a: $(lib-y) FORCE $(call if_changed,ar) -targets += built_in.o -ifneq ($(strip $(lib-y)),) -targets += lib.a -endif -targets += $(filter-out $(subdir-obj-y), $(obj-y) $(lib-y)) $(extra-y) -targets += $(MAKECMDGOALS) +targets += $(filter-out $(subdir-builtin), $(obj-y)) +targets += $(lib-y) $(MAKECMDGOALS) -built_in_bin.o: $(obj-bin-y) $(extra-y) +$(obj)/built_in_bin.o: $(obj-bin-y) ifeq ($(strip $(obj-bin-y)),) $(CC) $(a_flags) -c -x assembler /dev/null -o $@ else @@ -155,23 +191,15 @@ endif PHONY += FORCE FORCE: -%/built_in.o %/lib.a: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in.o - -%/built_in_bin.o: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in_bin.o - -SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) - quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@ - ifeq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) - cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(dot-target).tmp $@ + ifneq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) + cmd_objcopy_fix_sym = \ + $(OBJCOPY) --redefine-sym $( .lds quiet_cmd_cpp_lds_S = LDS $@ cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -D__LINKER__ -MQ $@ -o $@ $< +targets := $(filter-out $(PHONY), $(targets)) + # Add intermediate targets: # When building objects with specific suffix patterns, add intermediate # targets that the final targets are derived from. @@ -239,7 +269,18 @@ intermediate_targets = $(foreach sfx, $(2), \ # %.init.o <- %.o targets += $(call intermediate_targets, .init.o, .o) --include $(DEPS_INCLUDE) +# Build +# --------------------------------------------------------------------------- + +__build: $(targets-for-builtin) $(subdir-y) + @: + +# Descending +# --------------------------------------------------------------------------- + +PHONY += $(subdir-y) +$(subdir-y): + $(Q)$(MAKE) $(build)=$@ need-builtin=$(if $(filter $@/built_in.o, $(subdir-builtin)),1) # Read all saved command lines and dependencies for the $(targets) we # may be building above, using $(if_changed{,_dep}). As an @@ -250,6 +291,9 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) +DEPS := $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).d) +-include $(DEPS_INCLUDE) + # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index c993ce72a3..fd24f0212f 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -95,12 +95,12 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/xen/arch/arm/Rules.mk b/xen/arch/arm/Rules.mk index c6463a433e..e69de29bb2 100644 --- a/xen/arch/arm/Rules.mk +++ b/xen/arch/arm/Rules.mk @@ -1,4 +0,0 @@ -# head.o is built by descending into arch/arm/$(TARGET_SUBARCH), depends on the -# part of $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and -# build head.o -arch/arm/$(TARGET_SUBARCH)/head.o: arch/arm/built_in.o ; diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index ba3f140e2e..4e3f701430 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -1,8 +1,8 @@ ######################################## # arm-specific definitions -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-Wnested-externs) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 39ae6ffea9..694ba053ce 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,5 +11,5 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c # -mcmodel=medlow would force Xen into the lower half. CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index b90146b756..77d90d6eae 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -80,6 +80,9 @@ endif extra-y += asm-macros.i extra-y += xen.lds +# Allows usercopy.c to include itself +$(obj)/usercopy.o: CFLAGS-y += -iquote . + ifneq ($(CONFIG_HVM),y) $(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif @@ -129,13 +132,13 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ @@ -202,14 +205,14 @@ endif $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o + $(MAKE) $(build)=$(@D) .$(@F).0r.o .$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o + $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 7aef93f5f3..ff7c7dd68a 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -2,9 +2,9 @@ # x86-specific definitions ifneq ($(filter -DHAVE_AS_QUOTED_SYM,$(XEN_CFLAGS)),) -object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' +object_label_flags = '-D__OBJECT_LABEL__=$@' else -object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' +object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$@))' endif c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 92fd198110..d6ae4cc2f5 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -3,10 +3,10 @@ export XEN_IMG_OFFSET := 0x200000 -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include -CFLAGS += -I$(BASEDIR)/arch/x86/include/asm/mach-generic -CFLAGS += -I$(BASEDIR)/arch/x86/include/asm/mach-default +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-generic +CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-default CFLAGS += -DXEN_IMG_OFFSET=$(XEN_IMG_OFFSET) # Prevent floating-point variables from creeping into Xen. @@ -99,7 +99,7 @@ efi-nr-fixups := $(shell $(OBJDUMP) -p $(efi-check).efi | grep '^[[:blank:]]*rel ifeq ($(efi-nr-fixups),2) MKRELOC := : else -MKRELOC := efi/mkreloc +MKRELOC := arch/x86/efi/mkreloc # If the linker produced fixups but not precisely two of them, we need to # disable it doing so. But if it didn't produce any fixups, it also wouldn't # recognize the option. @@ -115,6 +115,6 @@ export EFI_LDFLAGS endif # Set up the assembler include path properly for older toolchains. -CFLAGS += -Wa,-I$(BASEDIR)/include +CFLAGS += -Wa,-I$(srctree)/include ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 0aec8a4643..ba732e4a88 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,8 +1,8 @@ obj-bin-y += head.o -DEFS_H_DEPS = $(src)/defs.h $(BASEDIR)/include/xen/stdbool.h +DEFS_H_DEPS = $(abs_srctree)/$(src)/defs.h $(abs_srctree)/include/xen/stdbool.h -CMDLINE_DEPS = $(DEFS_H_DEPS) $(src)/video.h \ +CMDLINE_DEPS = $(DEFS_H_DEPS) $(abs_srctree)/$(src)/video.h \ $(BASEDIR)/include/xen/kconfig.h \ $(BASEDIR)/include/generated/autoconf.h @@ -17,7 +17,7 @@ RELOC_DEPS = $(DEFS_H_DEPS) \ $(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S $(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds - $(MAKE) -f build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" + $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" $(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds - $(MAKE) -f build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" + $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" diff --git a/xen/build.mk b/xen/build.mk index af1b283113..487db14c58 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -60,6 +60,16 @@ arch/$(TARGET_ARCH)/include/asm/asm-offsets.h: asm-offsets.s echo ""; \ echo "#endif") <$< >$@ +build-dirs := $(patsubst %/built_in.o,%,$(filter %/built_in.o,$(ALL_OBJS) $(ALL_LIBS))) + +# The actual objects are generated when descending, +# make sure no implicit rule kicks in +$(sort $(ALL_OBJS) $(ALL_LIBS)): $(build-dirs) ; + +PHONY += $(build-dirs) +$(build-dirs): FORCE + $(Q)$(MAKE) $(build)=$@ need-builtin=1 + ifeq ($(CONFIG_LTO),y) # Gather all LTO objects together prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) @@ -76,4 +86,4 @@ endif targets += prelink.o $(TARGET): prelink.o FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) $@ + $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) $@ diff --git a/xen/include/Makefile b/xen/include/Makefile index d2f5a956a1..cd40d5b4c9 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -61,7 +61,7 @@ $(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/ export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ - done <$(patsubst compat/%,compat/.xlat/%,$(basename $<)).lst >$@.new + done <$(patsubst $(obj)/compat/%,$(obj)/compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ .PRECIOUS: $(obj)/compat/.xlat/%.lst @@ -86,8 +86,8 @@ PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $( PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) -public/io/9pfs.h-prereq := string -public/io/pvcalls.h-prereq := string +$(src)/public/io/9pfs.h-prereq := string +$(src)/public/io/pvcalls.h-prereq := string $(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile for i in $(filter %.h,$^); do \ diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 4875bb28c2..c159136adb 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -61,6 +61,12 @@ cc-ifversion = $(shell [ $(CONFIG_GCC_VERSION)0 $(1) $(2)000 ] && echo $(3) || e clang-ifversion = $(shell [ $(CONFIG_CLANG_VERSION)0 $(1) $(2)000 ] && echo $(3) || echo $(4)) +### +# Shorthand for $(Q)$(MAKE) -f scripts/Makefile.build obj= +# Usage: +# $(Q)$(MAKE) $(build)=dir +build := -f $(srctree)/Rules.mk obj + # Shorthand for $(MAKE) clean # Usage: # $(MAKE) $(clean) dir diff --git a/xen/test/Makefile b/xen/test/Makefile index 41e4d7bdb7..080763c807 100644 --- a/xen/test/Makefile +++ b/xen/test/Makefile @@ -1,13 +1,10 @@ -tests all: build - - ifneq ($(XEN_TARGET_ARCH),x86_32) # Xen 32-bit x86 hypervisor no longer supported, so has no test livepatches subdir-y += livepatch endif -install build subtree-force-update uninstall: %: +install uninstall: %: set -e; for s in $(subdir-y); do \ - $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $*; \ + $(MAKE) $(build)=$$s $*; \ done diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index 69fadccd01..afb8d589ec 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -11,9 +11,6 @@ endif CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') -.PHONY: default -build default: livepatch - extra-y += xen_hello_world.livepatch xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o $(obj)/xen_hello_world.o: $(obj)/config.h @@ -156,9 +153,6 @@ LIVEPATCHES := $(filter %.livepatch,$(extra-y)) LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch -.PHONY: livepatch -livepatch: $(LIVEPATCHES) - install: $(addprefix $(obj)/,$(LIVEPATCHES)) $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) $(INSTALL_DATA) $(addprefix $(obj)/,$(LIVEPATCHES)) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 51fd37f6c4..49cf730cf0 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -40,7 +40,7 @@ $(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S -FLASK_BUILD_DIR := $(CURDIR) +FLASK_BUILD_DIR := $(abs_objtree)/$(obj) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) $(obj)/policy.bin: FORCE diff --git a/xen/xsm/flask/ss/Makefile b/xen/xsm/flask/ss/Makefile index d32b9e0713..aba1339f38 100644 --- a/xen/xsm/flask/ss/Makefile +++ b/xen/xsm/flask/ss/Makefile @@ -8,4 +8,4 @@ obj-y += services.o obj-y += conditional.o obj-y += mls.o -CFLAGS-y += -I../include +CFLAGS-y += -I$(srctree)/xsm/flask/include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278949.476392 (Exim 4.92) (envelope-from ) id 1nNXZj-0004zR-8e; Fri, 25 Feb 2022 10:11:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278949.476392; Fri, 25 Feb 2022 10:11:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZj-0004zH-4n; Fri, 25 Feb 2022 10:11:47 +0000 Received: by outflank-mailman (input) for mailman id 278949; Fri, 25 Feb 2022 10:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZh-0004yx-6F for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZh-00075U-5P for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZh-0001Iq-4f for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=10RY/tXMxwak9xyuwOPvEmHYTunHCKzYpO2hEEdjvQg=; b=M40cDNnH1tHkXr4OKFz49MaZsM MeYgLO3ffpxuNCD7Evo8o2O6bmFYTZ+F9DLWBDuSrSTRkSeBRiHeDcFXQO7YTGGT4jfGPk6CknIrG 3SOjR+b+5cvtqaTnatg7X9K0ptm5KqnZkRa0W5z2O9SmpBDxDc4K03DW1r1LF+/AFLtk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: introduce if_changed_deps Message-Id: Date: Fri, 25 Feb 2022 10:11:45 +0000 commit 06ef696c85a7b170a91527a0f1c94f49cb3a2bd2 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:01:51 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:01:51 2022 +0100 build: introduce if_changed_deps This macro does compare command line like if_changed, but it also rewrite the dependencies generated by $(CC) in order to depend on a CONFIG_* as generated by kconfig instead of depending on autoconf.h. This allow to make a change in kconfig options and only rebuild the object that uses that CONFIG_* option. cmd_and_record isn't needed anymore as it is replace by cmd_and_fixdep. There's only one .*.d dependency file left which is explicitly included as a workound, all the other are been absorb into the .*.cmd dependency files via `fixdep`. So including .*.d can be removed from the makefile. Also adjust "cloc" recipe due to .*.d been replace by .*.cmd files. This imports fixdep.c and if_changed_deps macro from Linux v5.12. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- .gitignore | 1 + xen/Makefile | 15 +- xen/Rules.mk | 17 +- xen/arch/x86/Makefile | 8 +- xen/build.mk | 1 + xen/scripts/Kbuild.include | 17 +- xen/tools/Makefile | 7 +- xen/tools/fixdep.c | 404 +++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 441 insertions(+), 29 deletions(-) diff --git a/.gitignore b/.gitignore index 2403841e49..d425be4bd9 100644 --- a/.gitignore +++ b/.gitignore @@ -328,6 +328,7 @@ xen/include/xen/lib/x86/cpuid-autogen.h xen/test/livepatch/config.h xen/test/livepatch/expect_config.h xen/test/livepatch/*.livepatch +xen/tools/fixdep xen/tools/kconfig/.tmp_gtkcheck xen/tools/kconfig/.tmp_qtcheck xen/tools/symbols diff --git a/xen/Makefile b/xen/Makefile index 7912e35503..e1171f89e5 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -196,6 +196,13 @@ export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xe export root-make-done := y endif # root-make-done +# =========================================================================== +# Rules shared between *config targets and build targets + +PHONY += tools_fixdep +tools_fixdep: + $(MAKE) -C tools fixdep + # Shorthand for kconfig kconfig = -f $(BASEDIR)/tools/kconfig/Makefile.kconfig ARCH=$(ARCH) SRCARCH=$(SRCARCH) HOSTCC="$(HOSTCC)" HOSTCXX="$(HOSTCXX)" @@ -471,18 +478,18 @@ cscope: _MAP: $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map -%.o %.i %.s: %.c FORCE +%.o %.i %.s: %.c tools_fixdep FORCE $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) -%.o %.s: %.S FORCE +%.o %.s: %.S tools_fixdep FORCE $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) -%/: FORCE +%/: tools_fixdep FORCE $(Q)$(MAKE) $(build)=$* need-builtin=1 .PHONY: cloc cloc: - find . -name tools -prune -o -name '*.o.d' -print | while read f; do \ + find . -name tools -prune -o -name '*.o.cmd' -print | while read f; do \ for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ test -f "$$sf" && echo "$$sf"; \ done; \ diff --git a/xen/Rules.mk b/xen/Rules.mk index 67112e0077..567a23a54c 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -147,8 +147,8 @@ cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) # Calculation of flags, first the generic flags, then the arch specific flags, # and last the flags modified for a target or a directory. -c_flags = -MMD -MP -MF $(@D)/.$(@F).d $(XEN_CFLAGS) -a_flags = -MMD -MP -MF $(@D)/.$(@F).d $(XEN_AFLAGS) +c_flags = -MMD -MP -MF $(depfile) $(XEN_CFLAGS) +a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk @@ -205,7 +205,7 @@ else endif define rule_cc_o_c - $(call cmd_and_record,cc_o_c) + $(call cmd_and_fixdep,cc_o_c) $(call cmd,objcopy_fix_sym) endef @@ -216,7 +216,7 @@ quiet_cmd_cc_o_S = CC $@ cmd_cc_o_S = $(CC) $(a_flags) -c $< -o $@ $(obj)/%.o: $(src)/%.S FORCE - $(call if_changed,cc_o_S) + $(call if_changed_dep,cc_o_S) quiet_cmd_obj_init_o = INIT_O $@ @@ -246,13 +246,13 @@ quiet_cmd_cpp_s_S = CPP $@ cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< $(obj)/%.i: $(src)/%.c FORCE - $(call if_changed,cpp_i_c) + $(call if_changed_dep,cpp_i_c) $(obj)/%.s: $(src)/%.c FORCE - $(call if_changed,cc_s_c) + $(call if_changed_dep,cc_s_c) $(obj)/%.s: $(src)/%.S FORCE - $(call if_changed,cpp_s_S) + $(call if_changed_dep,cpp_s_S) # Linker scripts, .lds.S -> .lds quiet_cmd_cpp_lds_S = LDS $@ @@ -291,9 +291,6 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) -DEPS := $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).d) --include $(DEPS_INCLUDE) - # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 77d90d6eae..9107cf2ce2 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -251,7 +251,7 @@ $(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefil $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE - $(call if_changed,cpp_lds_S) + $(call if_changed_dep,cpp_lds_S) $(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< @@ -267,9 +267,3 @@ clean:: rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin rm -f note.o - -# Suppress loading of DEPS files for internal, temporary target files. This -# then also suppresses re-generation of the respective .*.d2 files. -ifeq ($(filter-out .xen%.o,$(notdir $(MAKECMDGOALS))),) -DEPS_INCLUDE:= -endif diff --git a/xen/build.mk b/xen/build.mk index 487db14c58..e718743ef7 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -40,6 +40,7 @@ include/xen/compile.h: include/xen/compile.h.in .banner FORCE targets += include/xen/compile.h +-include $(wildcard .asm-offsets.s.d) asm-offsets.s: arch/$(TARGET_ARCH)/$(TARGET_SUBARCH)/asm-offsets.c $(CC) $(call cpp_flags,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< $(call move-if-changed,$@.new,$@) diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index c159136adb..872adfb456 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -15,8 +15,7 @@ dot-target = $(@D)/.$(@F) ### # dependencies -DEPS = .*.d -DEPS_INCLUDE = $(addsuffix .d2, $(basename $(wildcard $(DEPS)))) +depfile = $(dot-target).d ### # real prerequisites without phony targets @@ -83,6 +82,8 @@ cmd = @set -e; $(echo-cmd) $(cmd_$(1)) ### # if_changed - execute command if any prerequisite is newer than # target, or command line has changed +# if_changed_dep - as if_changed, but uses fixdep to reveal dependencies +# including used config symbols # if_changed_rule - as if_changed but execute rule instead ifneq ($(KBUILD_NOCMDDEP),1) @@ -111,15 +112,19 @@ if_changed = $(if $(any-prereq)$(cmd-check), \ $(cmd); \ printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) +# Execute the command and also postprocess generated .d dependencies file. +if_changed_dep = $(if $(any-prereq)$(cmd-check),$(cmd_and_fixdep),@:) + +cmd_and_fixdep = \ + $(cmd); \ + tools/fixdep $(depfile) $@ '$(make-cmd)' > $(dot-target).cmd; \ + rm -f $(depfile) + # Usage: $(call if_changed_rule,foo) # Will check if $(cmd_foo) or any of the prerequisites changed, # and if so will execute $(rule_foo). if_changed_rule = $(if $(any-prereq)$(cmd-check),$(rule_$(1)),@:) -cmd_and_record = \ - $(cmd); \ - printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd - ### # why - tell why a target got built # enabled by make V=2 diff --git a/xen/tools/Makefile b/xen/tools/Makefile index 4e42163f98..722f366454 100644 --- a/xen/tools/Makefile +++ b/xen/tools/Makefile @@ -2,11 +2,14 @@ include $(XEN_ROOT)/Config.mk .PHONY: default -default: symbols +default: symbols fixdep .PHONY: clean clean: - rm -f *.o symbols + rm -f *.o symbols fixdep symbols: symbols.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< + +fixdep: fixdep.c + $(HOSTCC) $(HOSTCFLAGS) -o $@ $< diff --git a/xen/tools/fixdep.c b/xen/tools/fixdep.c new file mode 100644 index 0000000000..d985405529 --- /dev/null +++ b/xen/tools/fixdep.c @@ -0,0 +1,404 @@ +/* + * "Optimize" a list of dependencies as spit out by gcc -MD + * for the kernel build + * =========================================================================== + * + * Author Kai Germaschewski + * Copyright 2002 by Kai Germaschewski + * + * This software may be used and distributed according to the terms + * of the GNU General Public License, incorporated herein by reference. + * + * + * Introduction: + * + * gcc produces a very nice and correct list of dependencies which + * tells make when to remake a file. + * + * To use this list as-is however has the drawback that virtually + * every file in the kernel includes autoconf.h. + * + * If the user re-runs make *config, autoconf.h will be + * regenerated. make notices that and will rebuild every file which + * includes autoconf.h, i.e. basically all files. This is extremely + * annoying if the user just changed CONFIG_HIS_DRIVER from n to m. + * + * So we play the same trick that "mkdep" played before. We replace + * the dependency on autoconf.h by a dependency on every config + * option which is mentioned in any of the listed prerequisites. + * + * kconfig populates a tree in include/config/ with an empty file + * for each config symbol and when the configuration is updated + * the files representing changed config options are touched + * which then let make pick up the changes and the files that use + * the config symbols are rebuilt. + * + * So if the user changes his CONFIG_HIS_DRIVER option, only the objects + * which depend on "include/config/his/driver.h" will be rebuilt, + * so most likely only his driver ;-) + * + * The idea above dates, by the way, back to Michael E Chastain, AFAIK. + * + * So to get dependencies right, there are two issues: + * o if any of the files the compiler read changed, we need to rebuild + * o if the command line given to the compile the file changed, we + * better rebuild as well. + * + * The former is handled by using the -MD output, the later by saving + * the command line used to compile the old object and comparing it + * to the one we would now use. + * + * Again, also this idea is pretty old and has been discussed on + * kbuild-devel a long time ago. I don't have a sensibly working + * internet connection right now, so I rather don't mention names + * without double checking. + * + * This code here has been based partially based on mkdep.c, which + * says the following about its history: + * + * Copyright abandoned, Michael Chastain, . + * This is a C version of syncdep.pl by Werner Almesberger. + * + * + * It is invoked as + * + * fixdep + * + * and will read the dependency file + * + * The transformed dependency snipped is written to stdout. + * + * It first generates a line + * + * cmd_ = + * + * and then basically copies the ..d file to stdout, in the + * process filtering out the dependency on autoconf.h and adding + * dependencies on include/config/my/option.h for every + * CONFIG_MY_OPTION encountered in any of the prerequisites. + * + * We don't even try to really parse the header files, but + * merely grep, i.e. if CONFIG_FOO is mentioned in a comment, it will + * be picked up as well. It's not a problem with respect to + * correctness, since that can only give too many dependencies, thus + * we cannot miss a rebuild. Since people tend to not mention totally + * unrelated CONFIG_ options all over the place, it's not an + * efficiency problem either. + * + * (Note: it'd be easy to port over the complete mkdep state machine, + * but I don't think the added complexity is worth it) + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(void) +{ + fprintf(stderr, "Usage: fixdep \n"); + exit(1); +} + +/* + * In the intended usage of this program, the stdout is redirected to .*.cmd + * files. The return value of printf() and putchar() must be checked to catch + * any error, e.g. "No space left on device". + */ +static void xprintf(const char *format, ...) +{ + va_list ap; + int ret; + + va_start(ap, format); + ret = vprintf(format, ap); + if (ret < 0) { + perror("fixdep"); + exit(1); + } + va_end(ap); +} + +static void xputchar(int c) +{ + int ret; + + ret = putchar(c); + if (ret == EOF) { + perror("fixdep"); + exit(1); + } +} + +/* + * Print out a dependency path from a symbol name + */ +static void print_dep(const char *m, int slen, const char *dir) +{ + int c, prev_c = '/', i; + + xprintf(" $(wildcard %s/", dir); + for (i = 0; i < slen; i++) { + c = m[i]; + if (c == '_') + c = '/'; + else + c = tolower(c); + if (c != '/' || prev_c != '/') + xputchar(c); + prev_c = c; + } + xprintf(".h) \\\n"); +} + +struct item { + struct item *next; + unsigned int len; + unsigned int hash; + char name[]; +}; + +#define HASHSZ 256 +static struct item *hashtab[HASHSZ]; + +static unsigned int strhash(const char *str, unsigned int sz) +{ + /* fnv32 hash */ + unsigned int i, hash = 2166136261U; + + for (i = 0; i < sz; i++) + hash = (hash ^ str[i]) * 0x01000193; + return hash; +} + +/* + * Lookup a value in the configuration string. + */ +static int is_defined_config(const char *name, int len, unsigned int hash) +{ + struct item *aux; + + for (aux = hashtab[hash % HASHSZ]; aux; aux = aux->next) { + if (aux->hash == hash && aux->len == len && + memcmp(aux->name, name, len) == 0) + return 1; + } + return 0; +} + +/* + * Add a new value to the configuration string. + */ +static void define_config(const char *name, int len, unsigned int hash) +{ + struct item *aux = malloc(sizeof(*aux) + len); + + if (!aux) { + perror("fixdep:malloc"); + exit(1); + } + memcpy(aux->name, name, len); + aux->len = len; + aux->hash = hash; + aux->next = hashtab[hash % HASHSZ]; + hashtab[hash % HASHSZ] = aux; +} + +/* + * Record the use of a CONFIG_* word. + */ +static void use_config(const char *m, int slen) +{ + unsigned int hash = strhash(m, slen); + + if (is_defined_config(m, slen, hash)) + return; + + define_config(m, slen, hash); + print_dep(m, slen, "include/config"); +} + +/* test if s ends in sub */ +static int str_ends_with(const char *s, int slen, const char *sub) +{ + int sublen = strlen(sub); + + if (sublen > slen) + return 0; + + return !memcmp(s + slen - sublen, sub, sublen); +} + +static void parse_config_file(const char *p) +{ + const char *q, *r; + const char *start = p; + + while ((p = strstr(p, "CONFIG_"))) { + if (p > start && (isalnum(p[-1]) || p[-1] == '_')) { + p += 7; + continue; + } + p += 7; + q = p; + while (isalnum(*q) || *q == '_') + q++; + if (str_ends_with(p, q - p, "_MODULE")) + r = q - 7; + else + r = q; + if (r > p) + use_config(p, r - p); + p = q; + } +} + +static void *read_file(const char *filename) +{ + struct stat st; + int fd; + char *buf; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "fixdep: error opening file: "); + perror(filename); + exit(2); + } + if (fstat(fd, &st) < 0) { + fprintf(stderr, "fixdep: error fstat'ing file: "); + perror(filename); + exit(2); + } + buf = malloc(st.st_size + 1); + if (!buf) { + perror("fixdep: malloc"); + exit(2); + } + if (read(fd, buf, st.st_size) != st.st_size) { + perror("fixdep: read"); + exit(2); + } + buf[st.st_size] = '\0'; + close(fd); + + return buf; +} + +/* Ignore certain dependencies */ +static int is_ignored_file(const char *s, int len) +{ + return str_ends_with(s, len, "include/generated/autoconf.h") || + str_ends_with(s, len, "include/generated/autoksyms.h"); +} + +/* + * Important: The below generated source_foo.o and deps_foo.o variable + * assignments are parsed not only by make, but also by the rather simple + * parser in scripts/mod/sumversion.c. + */ +static void parse_dep_file(char *m, const char *target) +{ + char *p; + int is_last, is_target; + int saw_any_target = 0; + int is_first_dep = 0; + void *buf; + + while (1) { + /* Skip any "white space" */ + while (*m == ' ' || *m == '\\' || *m == '\n') + m++; + + if (!*m) + break; + + /* Find next "white space" */ + p = m; + while (*p && *p != ' ' && *p != '\\' && *p != '\n') + p++; + is_last = (*p == '\0'); + /* Is the token we found a target name? */ + is_target = (*(p-1) == ':'); + /* Don't write any target names into the dependency file */ + if (is_target) { + /* The /next/ file is the first dependency */ + is_first_dep = 1; + } else if (!is_ignored_file(m, p - m)) { + *p = '\0'; + + /* + * Do not list the source file as dependency, so that + * kbuild is not confused if a .c file is rewritten + * into .S or vice versa. Storing it in source_* is + * needed for modpost to compute srcversions. + */ + if (is_first_dep) { + /* + * If processing the concatenation of multiple + * dependency files, only process the first + * target name, which will be the original + * source name, and ignore any other target + * names, which will be intermediate temporary + * files. + */ + if (!saw_any_target) { + saw_any_target = 1; + xprintf("source_%s := %s\n\n", + target, m); + xprintf("deps_%s := \\\n", target); + } + is_first_dep = 0; + } else { + xprintf(" %s \\\n", m); + } + + buf = read_file(m); + parse_config_file(buf); + free(buf); + } + + if (is_last) + break; + + /* + * Start searching for next token immediately after the first + * "whitespace" character that follows this token. + */ + m = p + 1; + } + + if (!saw_any_target) { + fprintf(stderr, "fixdep: parse error; no targets found\n"); + exit(1); + } + + xprintf("\n%s: $(deps_%s)\n\n", target, target); + xprintf("$(deps_%s):\n", target); +} + +int main(int argc, char *argv[]) +{ + const char *depfile, *target, *cmdline; + void *buf; + + if (argc != 4) + usage(); + + depfile = argv[1]; + target = argv[2]; + cmdline = argv[3]; + + xprintf("cmd_%s := %s\n\n", target, cmdline); + + buf = read_file(depfile); + parse_dep_file(buf, target); + free(buf); + + return 0; +} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:11:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:11:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278950.476395 (Exim 4.92) (envelope-from ) id 1nNXZt-000527-9Y; Fri, 25 Feb 2022 10:11:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278950.476395; Fri, 25 Feb 2022 10:11:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZt-00051z-6K; Fri, 25 Feb 2022 10:11:57 +0000 Received: by outflank-mailman (input) for mailman id 278950; Fri, 25 Feb 2022 10:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZr-00051e-9G for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXZr-00075m-8I for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXZr-0001JO-7V for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0/NpGb32sDjPfzSTu0nx4PWWDPxsD5WCYlX+2It9OsE=; b=v96yTfh+FEAwN1mdW/Lcyh0IZI RxphR5OhQOXKmxiHLk9zhkHlrgPcUY7Id4K0cCpH62QHu+FDkZoKPfE1T5kL6zX6pdo40bcN2cM5q 47XRZ/2jy8PEW1I1QODw1IontlNp8l3YjYoE8y4lFtusytJ8HUQ2KJFlD5Y1208eNxJc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rename __LINKER__ to LINKER_SCRIPT Message-Id: Date: Fri, 25 Feb 2022 10:11:55 +0000 commit 04787e095a3dbca026c88b3ff786ada59b688f33 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:17 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:17 2022 +0100 build: rename __LINKER__ to LINKER_SCRIPT For two reasons: this macro is used to generate a "linker script" and is not by the linker, and name starting with an underscore '_' are supposed to be reserved, so better avoid them when not needed. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Rules.mk | 2 +- xen/arch/arm/include/asm/config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 567a23a54c..fea3f70cdb 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -256,7 +256,7 @@ $(obj)/%.s: $(src)/%.S FORCE # Linker scripts, .lds.S -> .lds quiet_cmd_cpp_lds_S = LDS $@ -cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -D__LINKER__ -MQ $@ -o $@ $< +cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -DLINKER_SCRIPT -MQ $@ -o $@ $< targets := $(filter-out $(PHONY), $(targets)) diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index c7b7791201..2aced0bc3b 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -191,7 +191,7 @@ extern unsigned long frametable_virt_end; #define watchdog_disable() ((void)0) #define watchdog_enable() ((void)0) -#if defined(__ASSEMBLY__) && !defined(__LINKER__) +#if defined(__ASSEMBLY__) && !defined(LINKER_SCRIPT) #include #include #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278951.476399 (Exim 4.92) (envelope-from ) id 1nNXa3-00055g-BM; Fri, 25 Feb 2022 10:12:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278951.476399; Fri, 25 Feb 2022 10:12:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXa3-00055Y-81; Fri, 25 Feb 2022 10:12:07 +0000 Received: by outflank-mailman (input) for mailman id 278951; Fri, 25 Feb 2022 10:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXa1-00055I-CD for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXa1-000769-BK for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXa1-0001Jy-AW for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6/QFToxLMsnyAtpAp6jX2IxEJW3G7Y82uBr3ETvlLek=; b=Oz3N5fOwfui2R0XR6uHcV2NoUM NN5PH4VGStBXYSxz4rLtjVwi4w07qRVeyrsUeyX7Ymdw1W7h79Fnk/x0pMKO+Za+uedtgn5avGHAb TdrjrUJpgMLr/SWX7K8kUFQD0HuWBtq738llSgtKX/iPKZDm0Lj4ldOZuxJkODToI2ls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: hook kconfig into xen build system Message-Id: Date: Fri, 25 Feb 2022 10:12:05 +0000 commit 317c98cb91e43cb921ca53ed2059aada07728d7e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:35 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:35 2022 +0100 build: hook kconfig into xen build system Now that xen's build system is very close to Linux's ones, we can hook "Makefile.host" into Xen's build system, and we can build Kconfig with that. "tools/kconfig/Makefile" now needs a workaround to not rebuild "$(XEN_ROOT)/.config", as `make` tries the rules "%.config" which fails with: tools/kconfig/Makefile:95: *** No configuration exists for this target on this architecture. Stop. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 34 ++++--- xen/Rules.mk | 13 ++- xen/scripts/Kbuild.include | 31 +++++++ xen/scripts/Makefile.clean | 11 ++- xen/scripts/Makefile.host | 184 +++++++++++++++++++++++++++++++++++++ xen/tools/kconfig/Makefile | 3 + xen/tools/kconfig/Makefile.host | 181 ------------------------------------ xen/tools/kconfig/Makefile.kconfig | 106 --------------------- 8 files changed, 263 insertions(+), 300 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index e1171f89e5..c95655b502 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -40,6 +40,7 @@ ARCH=$(XEN_TARGET_ARCH) SRCARCH=$(shell echo $(ARCH) | \ sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ -e s'/riscv.*/riscv/g') +export ARCH SRCARCH # Don't break if the build process wasn't called from the top level # we need XEN_TARGET_ARCH to generate the proper config @@ -163,6 +164,13 @@ ifneq ($(filter %config,$(MAKECMDGOALS)),) config-build := y endif +export CONFIG_SHELL := $(SHELL) +export YACC = $(if $(BISON),$(BISON),bison) +export LEX = $(if $(FLEX),$(FLEX),flex) + +# Default file for 'make defconfig'. +export KBUILD_DEFCONFIG := $(ARCH)_defconfig + # CLANG_FLAGS needs to be calculated before calling Kconfig ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS := @@ -203,9 +211,6 @@ PHONY += tools_fixdep tools_fixdep: $(MAKE) -C tools fixdep -# Shorthand for kconfig -kconfig = -f $(BASEDIR)/tools/kconfig/Makefile.kconfig ARCH=$(ARCH) SRCARCH=$(SRCARCH) HOSTCC="$(HOSTCC)" HOSTCXX="$(HOSTCXX)" - ifeq ($(config-build),y) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend @@ -221,14 +226,14 @@ filechk_kconfig_allconfig = \ .allconfig.tmp: FORCE set -e; { $(call filechk_kconfig_allconfig); } > $@ -config: FORCE - $(MAKE) $(kconfig) $@ +config: tools_fixdep FORCE + $(Q)$(MAKE) $(build)=tools/kconfig $@ # Config.mk tries to include .config file, don't try to remake it %/.config: ; -%config: .allconfig.tmp FORCE - $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@ +%config: .allconfig.tmp tools_fixdep FORCE + $(Q)$(MAKE) $(build)=tools/kconfig KCONFIG_ALLCONFIG=$< $@ else # !config-build @@ -238,9 +243,15 @@ ifeq ($(need-config),y) # changes are detected. -include include/config/auto.conf.cmd +# This allows make to build fixdep before invoking defconfig. We can't use +# "tools_fixdep" which is a .PHONY target and would force make to call +# "defconfig" again to update $(KCONFIG_CONFIG). +tools/fixdep: + $(MAKE) -C tools fixdep + # Allow people to just run `make` as before and not force them to configure -$(KCONFIG_CONFIG): - $(MAKE) $(kconfig) defconfig +$(KCONFIG_CONFIG): tools/fixdep + $(Q)$(MAKE) $(build)=tools/kconfig defconfig # The actual configuration files used during the build are stored in # include/generated/ and include/config/. Update them if .config is newer than @@ -249,7 +260,7 @@ $(KCONFIG_CONFIG): # This exploits the 'multi-target pattern rule' trick. # The syncconfig should be executed only once to make all the targets. include/config/%.conf include/config/%.conf.cmd: $(KCONFIG_CONFIG) - $(MAKE) $(kconfig) syncconfig + $(Q)$(MAKE) $(build)=tools/kconfig syncconfig ifeq ($(CONFIG_DEBUG),y) CFLAGS += -O1 @@ -406,9 +417,10 @@ _clean: $(MAKE) $(clean) arch/riscv $(MAKE) $(clean) arch/x86 $(MAKE) $(clean) test - $(MAKE) $(kconfig) clean + $(MAKE) $(clean) tools/kconfig find . \( -name "*.o" -o -name ".*.d" -o -name ".*.d2" \ -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ + -o -name '*.lex.c' -o -name '*.tab.[ch]' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h diff --git a/xen/Rules.mk b/xen/Rules.mk index fea3f70cdb..13c1943da9 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -89,6 +89,13 @@ subdir-y := $(addprefix $(obj)/,$(subdir-y)) nocov-y := $(addprefix $(obj)/,$(nocov-y)) noubsan-y := $(addprefix $(obj)/,$(noubsan-y)) +# Do not include hostprogs rules unless needed. +# $(sort ...) is used here to remove duplicated words and excessive spaces. +hostprogs-y := $(sort $(hostprogs-y)) +ifneq ($(hostprogs-y),) +include scripts/Makefile.host +endif + # subdir-builtin may contain duplications. Use $(sort ...) subdir-builtin := $(sort $(filter %/built_in.o, $(obj-y))) @@ -267,7 +274,11 @@ intermediate_targets = $(foreach sfx, $(2), \ $(patsubst %$(strip $(1)),%$(sfx), \ $(filter %$(strip $(1)), $(targets)))) # %.init.o <- %.o -targets += $(call intermediate_targets, .init.o, .o) +# %.lex.o <- %.lex.c <- %.l +# %.tab.o <- %.tab.[ch] <- %.y +targets += $(call intermediate_targets, .init.o, .o) \ + $(call intermediate_targets, .lex.o, .lex.c) \ + $(call intermediate_targets, .tab.o, .tab.c .tab.h) # Build # --------------------------------------------------------------------------- diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 872adfb456..ed48fb39f1 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -25,6 +25,37 @@ real-prereqs = $(filter-out $(PHONY), $^) # Escape single quote for use in echo statements escsq = $(subst $(squote),'\$(squote)',$1) +### +# Easy method for doing a status message + kecho := : + quiet_kecho := echo +silent_kecho := : +kecho := $($(quiet)kecho) + +### +# filechk is used to check if the content of a generated file is updated. +# Sample usage: +# +# filechk_sample = echo $(KERNELRELEASE) +# version.h: FORCE +# $(call filechk,sample) +# +# The rule defined shall write to stdout the content of the new file. +# The existing file will be compared with the new one. +# - If no file exist it is created +# - If the content differ the new file is used +# - If they are equal no change, and no timestamp update +define filechk + $(Q)set -e; \ + mkdir -p $(dir $@); \ + trap "rm -f $(dot-target).tmp" EXIT; \ + { $(filechk_$(1)); } > $(dot-target).tmp; \ + if [ ! -r $@ ] || ! cmp -s $@ $(dot-target).tmp; then \ + $(kecho) ' UPD $@'; \ + mv -f $(dot-target).tmp $@; \ + fi +endef + # as-insn: Check whether assembler supports an instruction. # Usage: cflags-y += $(call as-insn,CC FLAGS,"insn",option-yes,option-no) as-insn = $(if $(shell echo 'void _(void) { asm volatile ( $(2) ); }' \ diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index c3b0681611..156d6307cf 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -17,8 +17,17 @@ include $(src)/Makefile subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) +__clean-files := \ + $(clean-files) $(hostprogs-y) $(hostprogs-) + +__clean-files := $(wildcard $(__clean-files)) + .PHONY: clean -clean:: $(subdir-all) ; +clean:: $(subdir-all) +ifneq ($(strip $(__clean-files)),) + rm -rf $(__clean-files) +endif + @: # Descending # --------------------------------------------------------------------------- diff --git a/xen/scripts/Makefile.host b/xen/scripts/Makefile.host new file mode 100644 index 0000000000..8a85f94316 --- /dev/null +++ b/xen/scripts/Makefile.host @@ -0,0 +1,184 @@ +# SPDX-License-Identifier: GPL-2.0 + +# target with $(obj)/ and its suffix stripped +target-stem = $(basename $(patsubst $(obj)/%,%,$@)) + +# LEX +# --------------------------------------------------------------------------- +quiet_cmd_flex = LEX $@ + cmd_flex = $(LEX) -o$@ -L $< + +$(obj)/%.lex.c: $(src)/%.l FORCE + $(call if_changed,flex) + +# YACC +# --------------------------------------------------------------------------- +quiet_cmd_bison = YACC $(basename $@).[ch] + cmd_bison = $(YACC) -o $(basename $@).c --defines=$(basename $@).h -t -l $< + +$(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE + $(call if_changed,bison) + +# ========================================================================== +# Building binaries on the host system +# Binaries are used during the compilation of the kernel, for example +# to preprocess a data file. +# +# Both C and C++ are supported, but preferred language is C for such utilities. +# +# Sample syntax (see Documentation/kbuild/makefiles.rst for reference) +# hostprogs-y := bin2hex +# Will compile bin2hex.c and create an executable named bin2hex +# +# hostprogs-y := lxdialog +# lxdialog-objs := checklist.o lxdialog.o +# Will compile lxdialog.c and checklist.c, and then link the executable +# lxdialog, based on checklist.o and lxdialog.o +# +# hostprogs-y := qconf +# qconf-cxxobjs := qconf.o +# qconf-objs := menu.o +# Will compile qconf as a C++ program, and menu as a C program. +# They are linked as C++ code to the executable qconf + +__hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +host-cshlib := $(sort $(hostlibs-y) $(hostlibs-m)) +host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) + +# C code +# Executables compiled from a single .c file +host-csingle := $(foreach m,$(__hostprogs), \ + $(if $($(m)-objs)$($(m)-cxxobjs),,$(m))) + +# C executables linked based on several .o files +host-cmulti := $(foreach m,$(__hostprogs),\ + $(if $($(m)-cxxobjs),,$(if $($(m)-objs),$(m)))) + +# Object (.o) files compiled from .c files +host-cobjs := $(sort $(foreach m,$(__hostprogs),$($(m)-objs))) + +# C++ code +# C++ executables compiled from at least one .cc file +# and zero or more .c files +host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) + +# C++ Object (.o) files compiled from .cc files +host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) + +# Object (.o) files used by the shared libaries +host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) +host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) + +host-csingle := $(addprefix $(obj)/,$(host-csingle)) +host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) +host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) +host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) +host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) +host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) +host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) +host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) +host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) + +##### +# Handle options to gcc. Support building with separate output directory + +_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ + $(HOSTCFLAGS_$(target-stem).o) +_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ + $(HOSTCXXFLAGS_$(target-stem).o) + +# $(objtree)/$(obj) for including generated headers from checkin source files +ifeq ($(KBUILD_EXTMOD),) +ifdef building_out_of_srctree +_hostc_flags += -I $(objtree)/$(obj) +_hostcxx_flags += -I $(objtree)/$(obj) +endif +endif + +hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) +hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) + +##### +# Compile programs on the host + +# Create executable from a single .c file +# host-csingle -> Executable +quiet_cmd_host-csingle = HOSTCC $@ + cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-csingle): $(obj)/%: $(src)/%.c FORCE + $(call if_changed_dep,host-csingle) + +# Link an executable based on list of .o files, all plain c +# host-cmulti -> executable +quiet_cmd_host-cmulti = HOSTLD $@ + cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-cmulti): FORCE + $(call if_changed,host-cmulti) +$(call multi-depend, $(host-cmulti), , -objs) + +# Create .o file from a single .c file +# host-cobjs -> .o +quiet_cmd_host-cobjs = HOSTCC $@ + cmd_host-cobjs = $(HOSTCC) $(hostc_flags) -c -o $@ $< +$(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cobjs) + +# Link an executable based on list of .o files, a mixture of .c and .cc +# host-cxxmulti -> executable +quiet_cmd_host-cxxmulti = HOSTLD $@ + cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ + $(foreach o,objs cxxobjs,\ + $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-cxxmulti): FORCE + $(call if_changed,host-cxxmulti) +$(call multi-depend, $(host-cxxmulti), , -objs -cxxobjs) + +# Create .o file from a single .cc (C++) file +quiet_cmd_host-cxxobjs = HOSTCXX $@ + cmd_host-cxxobjs = $(HOSTCXX) $(hostcxx_flags) -c -o $@ $< +$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE + $(call if_changed_dep,host-cxxobjs) + +# Compile .c file, create position independent .o file +# host-cshobjs -> .o +quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ + cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< +$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cshobjs) + +# Compile .c file, create position independent .o file +# Note that plugin capable gcc versions can be either C or C++ based +# therefore plugin source files have to be compilable in both C and C++ mode. +# This is why a C++ compiler is invoked on a .c file. +# host-cxxshobjs -> .o +quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ + cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< +$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cxxshobjs) + +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cshlib) +quiet_cmd_host-cshlib = HOSTLLD -shared $@ + cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) +$(host-cshlib): FORCE + $(call if_changed,host-cshlib) +$(call multi-depend, $(host-cshlib), .so, -objs) + +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cxxshlib) +quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ + cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) +$(host-cxxshlib): FORCE + $(call if_changed,host-cxxshlib) +$(call multi-depend, $(host-cxxshlib), .so, -objs) + +targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ + $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/xen/tools/kconfig/Makefile b/xen/tools/kconfig/Makefile index f39521a0ed..b7b9a419ad 100644 --- a/xen/tools/kconfig/Makefile +++ b/xen/tools/kconfig/Makefile @@ -91,6 +91,9 @@ endif configfiles=$(wildcard $(srctree)/kernel/configs/$@ $(srctree)/arch/$(SRCARCH)/configs/$@) +# Don't try to remake this file included by Config.mk. +$(XEN_ROOT)/.config: ; + %.config: $(obj)/conf $(if $(call configfiles),, $(error No configuration exists for this target on this architecture)) $(Q)$(CONFIG_SHELL) $(srctree)/tools/kconfig/merge_config.sh -m .config $(configfiles) diff --git a/xen/tools/kconfig/Makefile.host b/xen/tools/kconfig/Makefile.host deleted file mode 100644 index 4c51c95d40..0000000000 --- a/xen/tools/kconfig/Makefile.host +++ /dev/null @@ -1,181 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0 - -# LEX -# --------------------------------------------------------------------------- -quiet_cmd_flex = LEX $@ - cmd_flex = $(LEX) -o$@ -L $< - -$(obj)/%.lex.c: $(src)/%.l FORCE - $(call if_changed,flex) - -# YACC -# --------------------------------------------------------------------------- -quiet_cmd_bison = YACC $(basename $@).[ch] - cmd_bison = $(YACC) -o $(basename $@).c --defines=$(basename $@).h -t -l $< - -$(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE - $(call if_changed,bison) - -# ========================================================================== -# Building binaries on the host system -# Binaries are used during the compilation of the kernel, for example -# to preprocess a data file. -# -# Both C and C++ are supported, but preferred language is C for such utilities. -# -# Sample syntax (see Documentation/kbuild/makefiles.rst for reference) -# hostprogs-y := bin2hex -# Will compile bin2hex.c and create an executable named bin2hex -# -# hostprogs-y := lxdialog -# lxdialog-objs := checklist.o lxdialog.o -# Will compile lxdialog.c and checklist.c, and then link the executable -# lxdialog, based on checklist.o and lxdialog.o -# -# hostprogs-y := qconf -# qconf-cxxobjs := qconf.o -# qconf-objs := menu.o -# Will compile qconf as a C++ program, and menu as a C program. -# They are linked as C++ code to the executable qconf - -__hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) -host-cshlib := $(sort $(hostlibs-y) $(hostlibs-m)) -host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) - -# C code -# Executables compiled from a single .c file -host-csingle := $(foreach m,$(__hostprogs), \ - $(if $($(m)-objs)$($(m)-cxxobjs),,$(m))) - -# C executables linked based on several .o files -host-cmulti := $(foreach m,$(__hostprogs),\ - $(if $($(m)-cxxobjs),,$(if $($(m)-objs),$(m)))) - -# Object (.o) files compiled from .c files -host-cobjs := $(sort $(foreach m,$(__hostprogs),$($(m)-objs))) - -# C++ code -# C++ executables compiled from at least one .cc file -# and zero or more .c files -host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) - -# C++ Object (.o) files compiled from .cc files -host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) - -# Object (.o) files used by the shared libaries -host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) -host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) - -host-csingle := $(addprefix $(obj)/,$(host-csingle)) -host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) -host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) -host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) -host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) -host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) -host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) -host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) -host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) - -##### -# Handle options to gcc. Support building with separate output directory - -_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ - $(HOSTCFLAGS_$(target-stem).o) -_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ - $(HOSTCXXFLAGS_$(target-stem).o) - -# $(objtree)/$(obj) for including generated headers from checkin source files -ifeq ($(KBUILD_EXTMOD),) -ifdef building_out_of_srctree -_hostc_flags += -I $(objtree)/$(obj) -_hostcxx_flags += -I $(objtree)/$(obj) -endif -endif - -hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) -hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) - -##### -# Compile programs on the host - -# Create executable from a single .c file -# host-csingle -> Executable -quiet_cmd_host-csingle = HOSTCC $@ - cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-csingle): $(obj)/%: $(src)/%.c FORCE - $(call if_changed_dep,host-csingle) - -# Link an executable based on list of .o files, all plain c -# host-cmulti -> executable -quiet_cmd_host-cmulti = HOSTLD $@ - cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-cmulti): FORCE - $(call if_changed,host-cmulti) -$(call multi_depend, $(host-cmulti), , -objs) - -# Create .o file from a single .c file -# host-cobjs -> .o -quiet_cmd_host-cobjs = HOSTCC $@ - cmd_host-cobjs = $(HOSTCC) $(hostc_flags) -c -o $@ $< -$(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cobjs) - -# Link an executable based on list of .o files, a mixture of .c and .cc -# host-cxxmulti -> executable -quiet_cmd_host-cxxmulti = HOSTLD $@ - cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ - $(foreach o,objs cxxobjs,\ - $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-cxxmulti): FORCE - $(call if_changed,host-cxxmulti) -$(call multi_depend, $(host-cxxmulti), , -objs -cxxobjs) - -# Create .o file from a single .cc (C++) file -quiet_cmd_host-cxxobjs = HOSTCXX $@ - cmd_host-cxxobjs = $(HOSTCXX) $(hostcxx_flags) -c -o $@ $< -$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE - $(call if_changed_dep,host-cxxobjs) - -# Compile .c file, create position independent .o file -# host-cshobjs -> .o -quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ - cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< -$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cshobjs) - -# Compile .c file, create position independent .o file -# Note that plugin capable gcc versions can be either C or C++ based -# therefore plugin source files have to be compilable in both C and C++ mode. -# This is why a C++ compiler is invoked on a .c file. -# host-cxxshobjs -> .o -quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ - cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< -$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cxxshobjs) - -# Link a shared library, based on position independent .o files -# *.o -> .so shared library (host-cshlib) -quiet_cmd_host-cshlib = HOSTLLD -shared $@ - cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) -$(host-cshlib): FORCE - $(call if_changed,host-cshlib) -$(call multi_depend, $(host-cshlib), .so, -objs) - -# Link a shared library, based on position independent .o files -# *.o -> .so shared library (host-cxxshlib) -quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ - cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) -$(host-cxxshlib): FORCE - $(call if_changed,host-cxxshlib) -$(call multi_depend, $(host-cxxshlib), .so, -objs) - -targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ - $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/xen/tools/kconfig/Makefile.kconfig b/xen/tools/kconfig/Makefile.kconfig deleted file mode 100644 index 799321ec4d..0000000000 --- a/xen/tools/kconfig/Makefile.kconfig +++ /dev/null @@ -1,106 +0,0 @@ -# xen/tools/kconfig - -# default rule to do nothing -all: - -# Xen doesn't have a silent build flag -quiet := -Q := -kecho := : - -# eventually you'll want to do out of tree builds -srctree := $(BASEDIR) -objtree := $(srctree) -src := tools/kconfig -obj := $(src) - -# handle functions (most of these lifted from different Linux makefiles -dot-target = $(dir $@).$(notdir $@) -depfile = $(subst $(comma),,$(dot-target).d) -basetarget = $(basename $(notdir $@)) -# target with $(obj)/ and its suffix stripped -target-stem = $(basename $(patsubst $(obj)/%,%,$@)) -cmd = $(cmd_$(1)) -if_changed = $(cmd_$(1)) -if_changed_dep = $(cmd_$(1)) - -### -# filechk is used to check if the content of a generated file is updated. -# Sample usage: -# -# filechk_sample = echo $(KERNELRELEASE) -# version.h: FORCE -# $(call filechk,sample) -# -# The rule defined shall write to stdout the content of the new file. -# The existing file will be compared with the new one. -# - If no file exist it is created -# - If the content differ the new file is used -# - If they are equal no change, and no timestamp update -# - stdin is piped in from the first prerequisite ($<) so one has -# to specify a valid file as first prerequisite (often the kbuild file) -define filechk - $(Q)set -e; \ - mkdir -p $(dir $@); \ - { $(filechk_$(1)); } > $@.tmp; \ - if [ -r $@ ] && cmp -s $@ $@.tmp; then \ - rm -f $@.tmp; \ - else \ - $(kecho) ' UPD $@'; \ - mv -f $@.tmp $@; \ - fi -endef - -define multi_depend -$(foreach m, $(notdir $1), \ - $(eval $(obj)/$m: \ - $(addprefix $(obj)/, $(foreach s, $3, $($(m:%$(strip $2)=%$(s))))))) -endef - -# Set our default defconfig file -KBUILD_DEFCONFIG := $(ARCH)_defconfig - -# provide our shell -CONFIG_SHELL := $(SHELL) - -# provide the host compiler -HOSTCC ?= gcc -HOSTCXX ?= g++ -YACC = $(if $(BISON),$(BISON),bison) -LEX = $(if $(FLEX),$(FLEX),flex) - -# force target -PHONY += FORCE - -FORCE: - -# include the original Makefile and Makefile.host from Linux -include $(src)/Makefile -include $(src)/Makefile.host - -# Add intermediate targets: -# When building objects with specific suffix patterns, add intermediate -# targets that the final targets are derived from. -intermediate_targets = $(foreach sfx, $(2), \ - $(patsubst %$(strip $(1)),%$(sfx), \ - $(filter %$(strip $(1)), $(targets)))) - -# %.lex.o <- %.lex.c <- %.l -# %.tab.o <- %.tab.[ch] <- %.y -targets += $(call intermediate_targets, .lex.o, .lex.c) \ - $(call intermediate_targets, .tab.o, .tab.c .tab.h) - -# clean up rule -clean-deps = $(foreach f,$(host-cobjs) $(host-cxxobjs),$(dir $f).$(notdir $f).d) -clean-shipped = $(patsubst %_shipped,%,$(wildcard $(obj)/*_shipped)) - -clean: - rm -rf $(clean-files) - rm -rf $(clean-deps) - rm -rf $(host-csingle) $(host-cmulti) $(host-cxxmulti) $(host-cobjs) $(host-cxxobjs) - rm -rf $(clean-shipped) - -$(obj)/zconf%: $(src)/zconf%_shipped - cp -f $< $@ - -.PHONY: $(PHONY) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278952.476402 (Exim 4.92) (envelope-from ) id 1nNXaC-00058S-Fm; Fri, 25 Feb 2022 10:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278952.476402; Fri, 25 Feb 2022 10:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaC-00058N-Cl; Fri, 25 Feb 2022 10:12:16 +0000 Received: by outflank-mailman (input) for mailman id 278952; Fri, 25 Feb 2022 10:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaB-00058B-Ey for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaB-00076J-EE for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXaB-0001KX-DY for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lHugI3C/bDtk2VTmWaNb9zbiauK1vlxxai39UTJA8Bg=; b=rXoD9lsrTYQGLz/wDJqye4BCTs Dy1XeHb3oh7vYASqj5KZ8ZjRwuIG9UzurhDL6jt0Mfg8eR0F6VKJRlA2YyXyrXE9vOTZ6YVYArpge vtjQ8uKnbOwoqIYcdKvlvNIyl+QMKy1nE/OlGMh1/FbtrUlAqX16kLNpIa+nNK83Hwps=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/tools/kconfig: fix build with -Wdeclaration-after-statement Message-Id: Date: Fri, 25 Feb 2022 10:12:15 +0000 commit 5c5e10129830bdd8871bd8a458d2ef1813392273 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:44 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:44 2022 +0100 xen/tools/kconfig: fix build with -Wdeclaration-after-statement We are going to start building kconfig with HOSTCFLAGS from Config.mk, it has the flag "-Wdeclaration-after-statement". Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/tools/kconfig/confdata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/tools/kconfig/confdata.c b/xen/tools/kconfig/confdata.c index 3569d2dec3..a69250c913 100644 --- a/xen/tools/kconfig/confdata.c +++ b/xen/tools/kconfig/confdata.c @@ -1237,6 +1237,7 @@ void set_all_choice_values(struct symbol *csym) bool conf_set_all_new_symbols(enum conf_def_mode mode) { + bool has_changed = false; struct symbol *sym, *csym; int i, cnt, pby, pty, ptm; /* pby: probability of bool = y * pty: probability of tristate = y @@ -1283,7 +1284,6 @@ bool conf_set_all_new_symbols(enum conf_def_mode mode) exit( 1 ); } } - bool has_changed = false; for_all_symbols(i, sym) { if (sym_has_value(sym) || (sym->flags & SYMBOL_VALID)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278953.476407 (Exim 4.92) (envelope-from ) id 1nNXaM-0005Bp-He; Fri, 25 Feb 2022 10:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278953.476407; Fri, 25 Feb 2022 10:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaM-0005Bh-EQ; Fri, 25 Feb 2022 10:12:26 +0000 Received: by outflank-mailman (input) for mailman id 278953; Fri, 25 Feb 2022 10:12:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaL-0005BX-IG for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaL-00076d-HT for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXaL-0001LF-Gc for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H+bv4ivbpo6nrAjcAEWT8mCa1ybnM5UrtB8JFezQ92w=; b=5CatpfYzXbki1KUF+e97nD1a8/ 0NFaFzuGXSzWczOtf22Z13Zb3buw8kRK+NL8ZyrWDlUeRne+veVfykAhrMn4NPeYMaghaKJ9oB6zM WlQkkdXoczXyaP1dtmhAJx8ZTtIMXRSCXvVl/GczJhNXNY0eaqNWBYpQqqwKErT4BPCM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: remove KBUILD_ specific from Makefile.host Message-Id: Date: Fri, 25 Feb 2022 10:12:25 +0000 commit 44f231cd88a7433cb2cba9992708559afef4c0e1 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:53 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:53 2022 +0100 build: remove KBUILD_ specific from Makefile.host This will allow $(HOSTCFLAGS) to actually be used when building programmes for the build-host. The other variable don't exist in our build system. Also remove $(KBUILD_EXTMOD) since it should always be empty. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/scripts/Makefile.host | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/scripts/Makefile.host b/xen/scripts/Makefile.host index 8a85f94316..d6c358095e 100644 --- a/xen/scripts/Makefile.host +++ b/xen/scripts/Makefile.host @@ -82,18 +82,16 @@ host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) ##### # Handle options to gcc. Support building with separate output directory -_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ +_hostc_flags = $(HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ $(HOSTCFLAGS_$(target-stem).o) -_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ +_hostcxx_flags = $(HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ $(HOSTCXXFLAGS_$(target-stem).o) # $(objtree)/$(obj) for including generated headers from checkin source files -ifeq ($(KBUILD_EXTMOD),) ifdef building_out_of_srctree _hostc_flags += -I $(objtree)/$(obj) _hostcxx_flags += -I $(objtree)/$(obj) endif -endif hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) @@ -104,17 +102,17 @@ hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) # Create executable from a single .c file # host-csingle -> Executable quiet_cmd_host-csingle = HOSTCC $@ - cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(HOSTLDFLAGS) -o $@ $< \ + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-csingle): $(obj)/%: $(src)/%.c FORCE $(call if_changed_dep,host-csingle) # Link an executable based on list of .o files, all plain c # host-cmulti -> executable quiet_cmd_host-cmulti = HOSTLD $@ - cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ + cmd_host-cmulti = $(HOSTCC) $(HOSTLDFLAGS) -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-cmulti): FORCE $(call if_changed,host-cmulti) $(call multi-depend, $(host-cmulti), , -objs) @@ -129,10 +127,10 @@ $(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE # Link an executable based on list of .o files, a mixture of .c and .cc # host-cxxmulti -> executable quiet_cmd_host-cxxmulti = HOSTLD $@ - cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ + cmd_host-cxxmulti = $(HOSTCXX) $(HOSTLDFLAGS) -o $@ \ $(foreach o,objs cxxobjs,\ $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-cxxmulti): FORCE $(call if_changed,host-cxxmulti) $(call multi-depend, $(host-cxxmulti), , -objs -cxxobjs) @@ -163,9 +161,9 @@ $(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE # Link a shared library, based on position independent .o files # *.o -> .so shared library (host-cshlib) quiet_cmd_host-cshlib = HOSTLLD -shared $@ - cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + cmd_host-cshlib = $(HOSTCC) $(HOSTLDFLAGS) -shared -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) $(host-cshlib): FORCE $(call if_changed,host-cshlib) $(call multi-depend, $(host-cshlib), .so, -objs) @@ -173,9 +171,9 @@ $(call multi-depend, $(host-cshlib), .so, -objs) # Link a shared library, based on position independent .o files # *.o -> .so shared library (host-cxxshlib) quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ - cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) $(host-cxxshlib): FORCE $(call if_changed,host-cxxshlib) $(call multi-depend, $(host-cxxshlib), .so, -objs) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278954.476412 (Exim 4.92) (envelope-from ) id 1nNXaW-0005En-JT; Fri, 25 Feb 2022 10:12:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278954.476412; Fri, 25 Feb 2022 10:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaW-0005Ee-GA; Fri, 25 Feb 2022 10:12:36 +0000 Received: by outflank-mailman (input) for mailman id 278954; Fri, 25 Feb 2022 10:12:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaV-0005EW-LG for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaV-00076l-KT for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXaV-0001M5-Jc for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m8yllq+NJ71x89GQVJdwyq03vPqsxAsuuqK6kNO5CZ4=; b=227wrKtLlQ7rqZupd3n/sYE2A3 4C/wCfz26tmED7jQhb9pfEfzpRfciN1z1ZSGshgbRHZ2HEkVOTYhGFyEvuZyFUmNoinaNrgKy90vv 3AI9e60k5HFyAkB4Un0YWT9KDzpBe9x77RchOqhjqiFgxG6ZgsGRL5hPTlFwywg29vlk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: handle always-y and hostprogs-always-y Message-Id: Date: Fri, 25 Feb 2022 10:12:35 +0000 commit 446108a1bb55dcbff395c183278507d3c506e69e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:04:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:04:42 2022 +0100 build: handle always-y and hostprogs-always-y This will be used for xen/tools/. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Rules.mk | 10 +++++++++- xen/scripts/Makefile.clean | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 13c1943da9..5f2368805b 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -78,9 +78,17 @@ else obj-y := $(filter-out %/, $(obj-y)) endif +# hostprogs-always-y += foo +# ... is a shorthand for +# hostprogs-y += foo +# always-y += foo +hostprogs-y += $(hostprogs-always-y) +always-y += $(hostprogs-always-y) + # Add subdir path extra-y := $(addprefix $(obj)/,$(extra-y)) +always-y := $(addprefix $(obj)/,$(always-y)) targets := $(addprefix $(obj)/,$(targets)) lib-y := $(addprefix $(obj)/,$(lib-y)) obj-y := $(addprefix $(obj)/,$(obj-y)) @@ -283,7 +291,7 @@ targets += $(call intermediate_targets, .init.o, .o) \ # Build # --------------------------------------------------------------------------- -__build: $(targets-for-builtin) $(subdir-y) +__build: $(targets-for-builtin) $(subdir-y) $(always-y) @: # Descending diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 156d6307cf..c2689d4af5 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -18,7 +18,8 @@ subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) __clean-files := \ - $(clean-files) $(hostprogs-y) $(hostprogs-) + $(clean-files) $(hostprogs-y) $(hostprogs-) \ + $(hostprogs-always-y) $(hostprogs-always-) __clean-files := $(wildcard $(__clean-files)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278955.476414 (Exim 4.92) (envelope-from ) id 1nNXag-0005HW-Ku; Fri, 25 Feb 2022 10:12:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278955.476414; Fri, 25 Feb 2022 10:12:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXag-0005HO-Hj; Fri, 25 Feb 2022 10:12:46 +0000 Received: by outflank-mailman (input) for mailman id 278955; Fri, 25 Feb 2022 10:12:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaf-0005HF-O3 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaf-00076p-NG for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXaf-0001Mm-Ma for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7CNPeQOFIk0MHFx7OV0qGvD2fRRp2a9yrkzmSrEhoiE=; b=sR5dkElV4xKnvcdFizWcv+R98G Es+HZgAAKzXBUgvgyCPszNd8TkkGZKmQV2DBEH2BodfXyQ40dU1AJBnmy6fUpHB7Nun9WtHveLWRU AmJuIzs3eY6Rct7DVTlyAoddjfbSoaG6OYGE1K4kFP3IeuhL75EUB8s/r0wgICdssZMg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: start building the tools with the main makefiles Message-Id: Date: Fri, 25 Feb 2022 10:12:45 +0000 commit e3ef0917bb0ea596051865bb67954af685f714ad Author: Anthony PERARD AuthorDate: Fri Feb 25 11:04:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:04:52 2022 +0100 build: start building the tools with the main makefiles This will make out-of-tree build easier. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 8 ++++---- xen/tools/Makefile | 17 ++--------------- 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index c95655b502..0fb1e737f2 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -209,7 +209,7 @@ endif # root-make-done PHONY += tools_fixdep tools_fixdep: - $(MAKE) -C tools fixdep + $(Q)$(MAKE) $(build)=tools tools/fixdep ifeq ($(config-build),y) # =========================================================================== @@ -247,7 +247,7 @@ ifeq ($(need-config),y) # "tools_fixdep" which is a .PHONY target and would force make to call # "defconfig" again to update $(KCONFIG_CONFIG). tools/fixdep: - $(MAKE) -C tools fixdep + $(Q)$(MAKE) $(build)=tools tools/fixdep # Allow people to just run `make` as before and not force them to configure $(KCONFIG_CONFIG): tools/fixdep @@ -406,7 +406,7 @@ _debug: .PHONY: _clean _clean: - $(MAKE) -C tools clean + $(MAKE) $(clean) tools $(MAKE) $(clean) include $(MAKE) $(clean) common $(MAKE) $(clean) drivers @@ -435,7 +435,7 @@ $(TARGET).gz: $(TARGET) mv $@.new $@ $(TARGET): FORCE - $(MAKE) -C tools + $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ do test -r arch/$(TARGET_ARCH)/efi/$$f || \ diff --git a/xen/tools/Makefile b/xen/tools/Makefile index 722f366454..a5078b7cb8 100644 --- a/xen/tools/Makefile +++ b/xen/tools/Makefile @@ -1,15 +1,2 @@ - -include $(XEN_ROOT)/Config.mk - -.PHONY: default -default: symbols fixdep - -.PHONY: clean -clean: - rm -f *.o symbols fixdep - -symbols: symbols.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< - -fixdep: fixdep.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< +hostprogs-always-y += symbols +hostprogs-always-y += fixdep -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:12:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:12:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278956.476419 (Exim 4.92) (envelope-from ) id 1nNXaq-0005KR-MY; Fri, 25 Feb 2022 10:12:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278956.476419; Fri, 25 Feb 2022 10:12:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaq-0005KJ-JK; Fri, 25 Feb 2022 10:12:56 +0000 Received: by outflank-mailman (input) for mailman id 278956; Fri, 25 Feb 2022 10:12:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXap-0005KB-Qu for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXap-00076t-QA for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXap-0001Nv-PW for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:12:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BxpttYc2//dD3b4lCyENIpE4wa7NRpPGGKMFvzjeBN4=; b=ItDKxU61jkN8rcDNqpMZ6WhbZP g0hP58ZpfA8A6cRRy3rkh/pDx5iJdi40GvI5W1FfLsGJdYhJ5ggBp0dB2NLaPPLFcNZX3lryiFs6Q X0MWwY6SmthyH/azmiAa9+0si1WXRaShXXrII3jxDskTeNf5m6J/x91L98lhp5UD2hnY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: add headers path to CFLAGS once for all archs Message-Id: Date: Fri, 25 Feb 2022 10:12:55 +0000 commit 109980738e1449f5f281e5d6bfb5681eb9defea6 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:06:46 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:06:46 2022 +0100 build: add headers path to CFLAGS once for all archs This just remove duplication. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 3 +++ xen/arch/arm/arch.mk | 3 --- xen/arch/riscv/arch.mk | 2 -- xen/arch/x86/arch.mk | 2 -- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 0fb1e737f2..2cfaa49fe3 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -312,6 +312,9 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include + # Note that link order matters! ALL_OBJS-y := common/built_in.o ALL_OBJS-y += drivers/built_in.o diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index 4e3f701430..094b670723 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -1,9 +1,6 @@ ######################################## # arm-specific definitions -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include - $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-Wnested-externs) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 694ba053ce..ae8fe9dec7 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,5 +11,3 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c # -mcmodel=medlow would force Xen into the lower half. CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index d6ae4cc2f5..f6fc852b57 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -3,8 +3,6 @@ export XEN_IMG_OFFSET := 0x200000 -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-generic CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-default CFLAGS += -DXEN_IMG_OFFSET=$(XEN_IMG_OFFSET) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278957.476422 (Exim 4.92) (envelope-from ) id 1nNXb0-0005Nc-Nx; Fri, 25 Feb 2022 10:13:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278957.476422; Fri, 25 Feb 2022 10:13:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXb0-0005NU-L8; Fri, 25 Feb 2022 10:13:06 +0000 Received: by outflank-mailman (input) for mailman id 278957; Fri, 25 Feb 2022 10:13:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaz-0005NL-Tq for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXaz-00077H-T7 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXaz-0001Ou-SK for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=am/d7g6QNPCcujLEhVyMrahzFSTfwmxYQCf8GgOMtgU=; b=rMmXbNqWcUPnRnXJMqSdXgxsx3 TMQM1FFqHoN/r50gkvpBt2ISGBpDhNsy7zBW1tTfYM8f8hLfaZs+AlVBdHBSOpFSdqJY3pA5BkHU/ CztYZmclof9jeYxgcSLWG35AIA8mJ9AH/dESSlfg6EF3q/4w1dlN0iHRz79rvFjUGb0k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: generate x86's asm-macros.h with filechk Message-Id: Date: Fri, 25 Feb 2022 10:13:05 +0000 commit 913b8be1c78f336a066f7237a6b3de42d4537dc8 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:04 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:04 2022 +0100 build: generate x86's asm-macros.h with filechk When we will build out-of-tree, make is going to try to generate "asm-macros.h" before the directories "arch/x86/include/asm" exist, thus we would need to call `mkdir` explicitly. We will use "filechk" for that as it does everything that the current recipe does and does call `mkdir`. Also, they are no more "*.new" files generated in this directory. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9107cf2ce2..8a081de551 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -236,18 +236,21 @@ include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h $(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P $(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile - echo '#if 0' >$@.new - echo '.if 0' >>$@.new - echo '#endif' >>$@.new - echo '#ifndef __ASM_MACROS_H__' >>$@.new - echo '#define __ASM_MACROS_H__' >>$@.new - echo 'asm ( ".include \"$@\"" );' >>$@.new - echo '#endif /* __ASM_MACROS_H__ */' >>$@.new - echo '#if 0' >>$@.new - echo '.endif' >>$@.new - cat $< >>$@.new - echo '#endif' >>$@.new - $(call move-if-changed,$@.new,$@) + $(call filechk,asm-macros.h) + +define filechk_asm-macros.h + echo '#if 0'; \ + echo '.if 0'; \ + echo '#endif'; \ + echo '#ifndef __ASM_MACROS_H__'; \ + echo '#define __ASM_MACROS_H__'; \ + echo 'asm ( ".include \"$@\"" );'; \ + echo '#endif /* __ASM_MACROS_H__ */'; \ + echo '#if 0'; \ + echo '.endif'; \ + cat $<; \ + echo '#endif' +endef $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE @@ -261,7 +264,7 @@ $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c .PHONY: clean clean:: - rm -f *.lds *.new boot/*.o boot/*~ boot/core boot/mkelf32 + rm -f *.lds boot/*.o boot/*~ boot/core boot/mkelf32 rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* rm -f $(BASEDIR)/.xen-syms.[0-9]* boot/.*.d $(BASEDIR)/.xen.elf32 rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278958.476426 (Exim 4.92) (envelope-from ) id 1nNXbA-0005QR-PT; Fri, 25 Feb 2022 10:13:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278958.476426; Fri, 25 Feb 2022 10:13:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbA-0005QJ-Mc; Fri, 25 Feb 2022 10:13:16 +0000 Received: by outflank-mailman (input) for mailman id 278958; Fri, 25 Feb 2022 10:13:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbA-0005QA-0T for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXb9-00077R-W5 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXb9-0001Pb-VM for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xN99Q9SrM9h9OD7zzqer3HPu/grJ3aYnigQybv4hi3Y=; b=Vn5Xrs0KHgbTmQxKfq3X2zDBye pgcZjXG/+CrTTaIr5jp2WhX/oB5Mg65Hq4qHXcMeb4ZtLTOLG49WCtGTm1jU816tQj5VwnpuWX7i9 JsiEWws7UAjgFs7X21BZEKt3bFkr7Lyvvo/zhJztL+sPS1PRAf1+zlcTygVVe4vZqPxw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: clean-up "clean" rules of duplication Message-Id: Date: Fri, 25 Feb 2022 10:13:15 +0000 commit 42989ff5ca969c63810e29483e86a7779579481e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:13 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:13 2022 +0100 build: clean-up "clean" rules of duplication All those files to be removed are already done in the main Makefile, either by the "find" command or directly (for $(TARGET).efi). Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Reviewed-by: Daniel P. Smith # XSM --- xen/Makefile | 2 +- xen/arch/arm/Makefile | 1 - xen/arch/x86/Makefile | 5 ++--- xen/test/livepatch/Makefile | 2 +- xen/xsm/flask/Makefile | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 2cfaa49fe3..84774eaf05 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -425,7 +425,7 @@ _clean: -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; - rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core + rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index fd24f0212f..3ce5f1674f 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -120,4 +120,3 @@ $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) clean:: rm -f $(obj)/xen.lds rm -f $(BASEDIR)/.xen-syms.[0-9]* - rm -f $(TARGET).efi diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 8a081de551..d083c5653b 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -264,9 +264,8 @@ $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c .PHONY: clean clean:: - rm -f *.lds boot/*.o boot/*~ boot/core boot/mkelf32 + rm -f *.lds boot/mkelf32 rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* - rm -f $(BASEDIR)/.xen-syms.[0-9]* boot/.*.d $(BASEDIR)/.xen.elf32 + rm -f $(BASEDIR)/.xen-syms.[0-9]* $(BASEDIR)/.xen.elf32 rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin - rm -f note.o diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index afb8d589ec..adb484dc5d 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -162,4 +162,4 @@ uninstall: .PHONY: clean clean:: - rm -f *.o .*.o.d *.livepatch config.h expect_config.h + rm -f *.livepatch config.h expect_config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 49cf730cf0..832f65274c 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -51,4 +51,4 @@ $(obj)/policy.bin: FORCE .PHONY: clean clean:: - rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC) flask-policy.S + rm -f $(ALL_H_FILES) policy.* $(POLICY_SRC) flask-policy.S -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278959.476431 (Exim 4.92) (envelope-from ) id 1nNXbK-0005Ti-SW; Fri, 25 Feb 2022 10:13:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278959.476431; Fri, 25 Feb 2022 10:13:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbK-0005Ta-PV; Fri, 25 Feb 2022 10:13:26 +0000 Received: by outflank-mailman (input) for mailman id 278959; Fri, 25 Feb 2022 10:13:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbK-0005TS-3d for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbK-00077o-2t for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXbK-0001QL-28 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=15sohi//qWdy8+bsiD3fUZ/clFRORmxx1kl3iQa3b40=; b=grQavsR2GWER5enIE32wlT9Jff ANhwWvnPG9jzs3VteYpbsKg8rcn4KoTWON5yBHt/p72ZDaCqDvRYhd9d3U2MbxHBZX03qRDvj0Xgh WUzwq1EdyXzDeQRo35HR6PDvCBmeGmQTysCO5xzWYzrMdNmHbf8lQrMdex+Vam+d3gn8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework "clean" to clean from the root dir Message-Id: Date: Fri, 25 Feb 2022 10:13:26 +0000 commit 17f5c115210c7674437691f42cdfaf14164efbb6 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:21 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:21 2022 +0100 build: rework "clean" to clean from the root dir This will allow "clean" to work from an out-of-tree build when it will be available. Some of the file been removed in current "clean" target aren't added to $(clean-files) because they are already listed in $(extra-) or $(extra-y). Also start to clean files listed in $(targets). This allows to clean "common/config_data.S" and "xsm/flask/flask-policy.S" without having to list them a second time. Also clean files in "arch/x86/boot" from that directory by allowing "clean" to descend into the subdir by adding "boot" into $(subdir-). Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM Acked-by: Julien Grall --- xen/Makefile | 24 ++++++++++++------------ xen/arch/arm/Makefile | 5 +---- xen/arch/x86/Makefile | 20 ++++++++++++-------- xen/arch/x86/boot/Makefile | 2 ++ xen/common/Makefile | 3 +-- xen/include/Makefile | 4 +--- xen/scripts/Kbuild.include | 4 ++-- xen/scripts/Makefile.clean | 14 +++++++++++--- xen/test/livepatch/Makefile | 4 +--- xen/xsm/flask/Makefile | 4 +--- 10 files changed, 44 insertions(+), 40 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 84774eaf05..133b382f86 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -409,18 +409,18 @@ _debug: .PHONY: _clean _clean: - $(MAKE) $(clean) tools - $(MAKE) $(clean) include - $(MAKE) $(clean) common - $(MAKE) $(clean) drivers - $(MAKE) $(clean) lib - $(MAKE) $(clean) xsm - $(MAKE) $(clean) crypto - $(MAKE) $(clean) arch/arm - $(MAKE) $(clean) arch/riscv - $(MAKE) $(clean) arch/x86 - $(MAKE) $(clean) test - $(MAKE) $(clean) tools/kconfig + $(Q)$(MAKE) $(clean)=tools + $(Q)$(MAKE) $(clean)=include + $(Q)$(MAKE) $(clean)=common + $(Q)$(MAKE) $(clean)=drivers + $(Q)$(MAKE) $(clean)=lib + $(Q)$(MAKE) $(clean)=xsm + $(Q)$(MAKE) $(clean)=crypto + $(Q)$(MAKE) $(clean)=arch/arm + $(Q)$(MAKE) $(clean)=arch/riscv + $(Q)$(MAKE) $(clean)=arch/x86 + $(Q)$(MAKE) $(clean)=test + $(Q)$(MAKE) $(clean)=tools/kconfig find . \( -name "*.o" -o -name ".*.d" -o -name ".*.d2" \ -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' \ diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 3ce5f1674f..cecfaf4f3c 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -116,7 +116,4 @@ $(obj)/xen.lds: $(src)/xen.lds.S FORCE $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) -.PHONY: clean -clean:: - rm -f $(obj)/xen.lds - rm -f $(BASEDIR)/.xen-syms.[0-9]* +clean-files := $(objtree)/.xen-syms.[0-9]* diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index d083c5653b..79a6467b07 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -77,6 +77,9 @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif +# Allows "clean" to descend into boot/ +subdir- += boot + extra-y += asm-macros.i extra-y += xen.lds @@ -193,8 +196,8 @@ note_file := endif note_file_option ?= $(note_file) +extra-$(XEN_BUILD_PE) += efi.lds ifeq ($(XEN_BUILD_PE),y) -extra-y += efi.lds $(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" @@ -262,10 +265,11 @@ $(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< -.PHONY: clean -clean:: - rm -f *.lds boot/mkelf32 - rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* - rm -f $(BASEDIR)/.xen-syms.[0-9]* $(BASEDIR)/.xen.elf32 - rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc - rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin +clean-files := \ + boot/mkelf32 \ + include/asm/asm-macros.* \ + $(objtree)/.xen-syms.[0-9]* \ + $(objtree)/.xen.elf32 \ + $(objtree)/.xen.efi.[0-9]* \ + efi/*.efi \ + efi/mkreloc diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ba732e4a88..1ac8cb435e 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -21,3 +21,5 @@ $(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds $(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" + +clean-files := cmdline.S reloc.S *.lnk *.bin diff --git a/xen/common/Makefile b/xen/common/Makefile index ca839118e4..dc8d3a13f5 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -84,5 +84,4 @@ $(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S -clean:: - rm -f config_data.S config.gz 2>/dev/null +clean-files := config.gz diff --git a/xen/include/Makefile b/xen/include/Makefile index cd40d5b4c9..a3c2511f5f 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -131,6 +131,4 @@ lib-x86-all: all: lib-x86-all endif -clean:: - rm -rf compat config generated headers*.chk - rm -f $(BASEDIR)/include/xen/lib/x86/cpuid-autogen.h +clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index ed48fb39f1..6e7a403b35 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -99,8 +99,8 @@ build := -f $(srctree)/Rules.mk obj # Shorthand for $(MAKE) clean # Usage: -# $(MAKE) $(clean) dir -clean := -f $(BASEDIR)/scripts/Makefile.clean clean -C +# $(Q)$(MAKE) $(clean)=dir +clean := -f $(srctree)/scripts/Makefile.clean obj # echo command. # Short version is used, if $(quiet) equals `quiet_', otherwise full one. diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index c2689d4af5..4eed319745 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -3,7 +3,6 @@ # Cleaning up # ========================================================================== -obj := . src := $(obj) clean:: @@ -17,11 +16,20 @@ include $(src)/Makefile subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) +subdir-all := $(addprefix $(obj)/,$(subdir-all)) + __clean-files := \ $(clean-files) $(hostprogs-y) $(hostprogs-) \ + $(extra-y) $(extra-) $(targets) \ $(hostprogs-always-y) $(hostprogs-always-) -__clean-files := $(wildcard $(__clean-files)) +# clean-files is given relative to the current directory, unless it +# starts with $(objtree)/ (which means "./", so do not add "./" unless +# you want to delete a file from the toplevel object directory). + +__clean-files := $(wildcard \ + $(addprefix $(obj)/, $(filter-out /% $(objtree)/%, $(__clean-files))) \ + $(filter /% $(objtree)/%, $(__clean-files))) .PHONY: clean clean:: $(subdir-all) @@ -35,6 +43,6 @@ endif PHONY += $(subdir-all) $(subdir-all): - $(MAKE) $(clean) $@ + $(Q)$(MAKE) $(clean)=$@ .PHONY: $(PHONY) diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index adb484dc5d..e6fee84b69 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -160,6 +160,4 @@ install: $(addprefix $(obj)/,$(LIVEPATCHES)) uninstall: cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) -.PHONY: clean -clean:: - rm -f *.livepatch config.h expect_config.h +clean-files := config.h expect_config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 832f65274c..4ac6fb8778 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -49,6 +49,4 @@ $(obj)/policy.bin: FORCE FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@ -.PHONY: clean -clean:: - rm -f $(ALL_H_FILES) policy.* $(POLICY_SRC) flask-policy.S +clean-files := policy.* $(POLICY_SRC) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278960.476435 (Exim 4.92) (envelope-from ) id 1nNXbU-0005WN-UU; Fri, 25 Feb 2022 10:13:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278960.476435; Fri, 25 Feb 2022 10:13:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbU-0005WF-R0; Fri, 25 Feb 2022 10:13:36 +0000 Received: by outflank-mailman (input) for mailman id 278960; Fri, 25 Feb 2022 10:13:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbU-0005W2-6P for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbU-00077t-5k for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXbU-0001R0-50 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xNvO+WMaYhNpsD/2LeIY+mZLouse0CZwVQ3rSPJvnf0=; b=HGNC7uvIcAuM4DkgiIEYiQZJMn SWmNY8j2a9hv25QsznS2/lVHM5ONt+EbfTGfjFtjYtYTurZGew3Rh853ikDXvO6I4cMpMw3b2K9yn RdBTL7XSYgRG58TPf6RxRWnGvGMUp//8KuVKulDPu15olRWtSHKWV4iz+LNRRXsMq5mE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: use main rune to build host binary x86's mkelf32 and mkreloc Message-Id: Date: Fri, 25 Feb 2022 10:13:36 +0000 commit 2c8708956e13d10142af8a2434697d50da7db94f Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:43 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:43 2022 +0100 build: use main rune to build host binary x86's mkelf32 and mkreloc Also, remove the HOSTCFLAGS "-g" from "mkreloc" command line. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 79a6467b07..9c40e0b4d7 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -83,6 +83,9 @@ subdir- += boot extra-y += asm-macros.i extra-y += xen.lds +hostprogs-y += boot/mkelf32 +hostprogs-y += efi/mkreloc + # Allows usercopy.c to include itself $(obj)/usercopy.o: CFLAGS-y += -iquote . @@ -259,17 +262,9 @@ $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE $(call if_changed_dep,cpp_lds_S) -$(obj)/boot/mkelf32: $(src)/boot/mkelf32.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< - -$(obj)/efi/mkreloc: $(src)/efi/mkreloc.c - $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< - clean-files := \ - boot/mkelf32 \ include/asm/asm-macros.* \ $(objtree)/.xen-syms.[0-9]* \ $(objtree)/.xen.elf32 \ $(objtree)/.xen.efi.[0-9]* \ - efi/*.efi \ - efi/mkreloc + efi/*.efi -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278961.476439 (Exim 4.92) (envelope-from ) id 1nNXbe-0005Za-VT; Fri, 25 Feb 2022 10:13:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278961.476439; Fri, 25 Feb 2022 10:13:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbe-0005ZS-SV; Fri, 25 Feb 2022 10:13:46 +0000 Received: by outflank-mailman (input) for mailman id 278961; Fri, 25 Feb 2022 10:13:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbe-0005ZL-9B for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbe-000786-8U for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXbe-0001Rr-7n for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W7dTjvhw4q4z0wnfga97B38SLsiCBeL4JNmy2A4A8Fo=; b=hoQkP+g9ftG0fvVqZN5gAjLV4Z 5iH5/wDIbBlejCfns4+1GFrEqWpkXAU9c+AcEjj5lCn1JW6UT17YC87XsfalmN5Y+BD/A2Ok5GP2G qXSHk2wRpk0efvKTwmD4JB5xrMq1oohDnqcddKqrYHUVnbAwDK7FGG9X/1/IXB1aV1mk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: rework coverage and ubsan CFLAGS handling Message-Id: Date: Fri, 25 Feb 2022 10:13:46 +0000 commit 1449f6873d7dd477ba110b415ca08a3c2553451e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:52 2022 +0100 build: rework coverage and ubsan CFLAGS handling When assigning a value a target-specific variable, that also affect prerequisite of the target. This is mostly fine, but there is one case where we will not want the COV_FLAGS added to the CFLAGS. In arch/x86/boot, we have "head.o" with "cmdline.S" as prerequisite and ultimately "cmdline.o", we don't want COV_FLAGS to that last one. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Rules.mk | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 5f2368805b..abeba1ab74 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -126,19 +126,31 @@ targets += $(targets-for-builtin) $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += -DINIT_SECTIONS_ONLY +non-init-objects = $(filter-out %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)) + ifeq ($(CONFIG_COVERAGE),y) ifeq ($(CONFIG_CC_IS_CLANG),y) COV_FLAGS := -fprofile-instr-generate -fcoverage-mapping else COV_FLAGS := -fprofile-arcs -ftest-coverage endif -$(filter-out %.init.o $(nocov-y),$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += $(COV_FLAGS) + +# Reset COV_FLAGS in cases where an objects has another one as prerequisite +$(nocov-y) $(filter %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)): \ + COV_FLAGS := + +$(non-init-objects): _c_flags += $(COV_FLAGS) endif ifeq ($(CONFIG_UBSAN),y) # Any -fno-sanitize= options need to come after any -fsanitize= options -$(filter-out %.init.o $(noubsan-y),$(obj-y) $(obj-bin-y) $(extra-y)): \ -CFLAGS-y += $(filter-out -fno-%,$(CFLAGS_UBSAN)) $(filter -fno-%,$(CFLAGS_UBSAN)) +UBSAN_FLAGS := $(filter-out -fno-%,$(CFLAGS_UBSAN)) $(filter -fno-%,$(CFLAGS_UBSAN)) + +# Reset UBSAN_FLAGS in cases where an objects has another one as prerequisite +$(noubsan-y) $(filter %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)): \ + UBSAN_FLAGS := + +$(non-init-objects): _c_flags += $(UBSAN_FLAGS) endif ifeq ($(CONFIG_LTO),y) @@ -167,6 +179,9 @@ a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk +c_flags += $(_c_flags) +a_flags += $(_c_flags) + c_flags += $(CFLAGS-y) a_flags += $(CFLAGS-y) $(AFLAGS-y) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:13:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:13:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278962.476443 (Exim 4.92) (envelope-from ) id 1nNXbp-0005cV-0X; Fri, 25 Feb 2022 10:13:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278962.476443; Fri, 25 Feb 2022 10:13:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbo-0005cN-Ty; Fri, 25 Feb 2022 10:13:56 +0000 Received: by outflank-mailman (input) for mailman id 278962; Fri, 25 Feb 2022 10:13:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbo-0005cF-By for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbo-00078G-BH for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXbo-0001Ua-Ad for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:13:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Sb+8iMjtIdmI4DS6VJCllQBIJvfVU2lPJoHbyutWmCk=; b=NUe2k86/ynsZt+Y3tz8SxFzMNf ZDvDGP28CIBnnKn+a6VkuLcMlk9J0O0PUR5K6EozbqVAW5jzvOu8p7h0HbAKCyspMY3zAJM4Gi4pw MrdVkijDfV+pXz8+4Q7PJOk4UeJvTscBos4z4PRMEAjpb9bKrzevpZXKtsBsaEi8N9NY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/altp2m: p2m_altp2m_propagate_change() should honor present page order Message-Id: Date: Fri, 25 Feb 2022 10:13:56 +0000 commit cbd0874fef835b229d91c94ac736ea26b23915da Author: Jan Beulich AuthorDate: Fri Feb 25 11:09:21 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:09:21 2022 +0100 x86/altp2m: p2m_altp2m_propagate_change() should honor present page order For higher order mappings the comparison against p2m->min_remapped_gfn needs to take the upper bound of the covered GFN range into account, not just the base GFN. Otherwise, i.e. when dropping a mapping overlapping the remapped range but the base GFN outside of that range, an altp2m may wrongly not get reset. Note that there's no need to call get_gfn_type_access() ahead of the check against the remapped range boundaries: None of its outputs are needed earlier, and p2m_reset_altp2m() doesn't require the lock to be held. In fact this avoids a latent lock order violation: With per-GFN locking p2m_reset_altp2m() not only doesn't require the GFN lock to be held, but holding such a lock would actually not be allowed, as the function acquires a P2M lock. Local variables are moved into the more narrow scope (one is deleted altogether) to help see their actual life ranges. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel --- xen/arch/x86/mm/p2m.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index c1cff37709..444761d31b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2481,9 +2481,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, p2m_type_t p2mt, p2m_access_t p2ma) { struct p2m_domain *p2m; - p2m_access_t a; - p2m_type_t t; - mfn_t m; unsigned int i; unsigned int reset_count = 0; unsigned int last_reset_idx = ~0; @@ -2496,15 +2493,17 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, for ( i = 0; i < MAX_ALTP2M; i++ ) { + p2m_type_t t; + p2m_access_t a; + if ( d->arch.altp2m_eptp[i] == mfn_x(INVALID_MFN) ) continue; p2m = d->arch.altp2m_p2m[i]; - m = get_gfn_type_access(p2m, gfn_x(gfn), &t, &a, 0, NULL); /* Check for a dropped page that may impact this altp2m */ if ( mfn_eq(mfn, INVALID_MFN) && - gfn_x(gfn) >= p2m->min_remapped_gfn && + gfn_x(gfn) + (1UL << page_order) > p2m->min_remapped_gfn && gfn_x(gfn) <= p2m->max_remapped_gfn ) { if ( !reset_count++ ) @@ -2515,8 +2514,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, else { /* At least 2 altp2m's impacted, so reset everything */ - __put_gfn(p2m, gfn_x(gfn)); - for ( i = 0; i < MAX_ALTP2M; i++ ) { if ( i == last_reset_idx || @@ -2530,16 +2527,19 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, break; } } - else if ( !mfn_eq(m, INVALID_MFN) ) + else if ( !mfn_eq(get_gfn_type_access(p2m, gfn_x(gfn), &t, &a, 0, + NULL), INVALID_MFN) ) { int rc = p2m_set_entry(p2m, gfn, mfn, page_order, p2mt, p2ma); /* Best effort: Don't bail on error. */ if ( !ret ) ret = rc; - } - __put_gfn(p2m, gfn_x(gfn)); + __put_gfn(p2m, gfn_x(gfn)); + } + else + __put_gfn(p2m, gfn_x(gfn)); } altp2m_list_unlock(d); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:14:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:14:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278963.476446 (Exim 4.92) (envelope-from ) id 1nNXc0-0005fk-21; Fri, 25 Feb 2022 10:14:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278963.476446; Fri, 25 Feb 2022 10:14:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXbz-0005fc-VW; Fri, 25 Feb 2022 10:14:07 +0000 Received: by outflank-mailman (input) for mailman id 278963; Fri, 25 Feb 2022 10:14:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXby-0005fT-Ei for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXby-00078X-Dy for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXby-0001Vj-DM for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0y7Jq/OyQREucS6Hqdh1xEs2a3ONPUu/VqjdZWt8VzU=; b=n/gAAYZhjx5zAj87uXk2g8yWw1 Xpqi3KrgZmnh/mHy3BdJz9m9ybMNZBbblQHiynNlUSe0ridOMyuaxLY4HrrV2LrxgNXuS5VE65kb/ unw4AnMR9ncz96pCWTWTAlX6NR3SSKAPdWWcYSL73gASKUEShknuoqs5HegOAEL+3vSA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: update TXT section Message-Id: Date: Fri, 25 Feb 2022 10:14:06 +0000 commit 676450d24670abbc0518447b2488ab5d4d568822 Author: Jan Beulich AuthorDate: Fri Feb 25 11:09:53 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:09:53 2022 +0100 MAINTAINERS: update TXT section Since Lukasz has left Intel, they have suggested a replacement contact. Signed-off-by: Jan Beulich Acked-by: Mateusz Mówka --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index d41572128b..d4b06f5bfb 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -318,6 +318,7 @@ F: xen/include/xen/hypfs.h INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) R: Lukasz Hawrylko R: Daniel P. Smith +R: Mateusz Mówka S: Odd Fixes F: xen/arch/x86/include/asm/tboot.h F: xen/arch/x86/tboot.c -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 10:14:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 10:14:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.278964.476451 (Exim 4.92) (envelope-from ) id 1nNXcA-0005ib-3k; Fri, 25 Feb 2022 10:14:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 278964.476451; Fri, 25 Feb 2022 10:14:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXcA-0005iT-0f; Fri, 25 Feb 2022 10:14:18 +0000 Received: by outflank-mailman (input) for mailman id 278964; Fri, 25 Feb 2022 10:14:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXc8-0005iG-Ha for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNXc8-000793-Gs for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNXc8-0001Wa-G2 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 10:14:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gI0nJi7a0rOZdTI6wy8bCev67MaLYMA8UtACmDa+tjc=; b=YMGHDWChR2W5GpWU6OQ9jfGVTo bSVWWHpM0PKsIh3nFefLB/GmKozFMPmHe7Fst6yugJlKwoADIcTApcfBwoxktLqklsvi5Y7DSKtrO uiIbG2fdf/1ALC0/8XCtfbI988futUlMo5tQRjkDzmnzFgZDP3Q5ewVOKVENrO+qWAbY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/public: add comment to struct xen_mem_acquire_resource Message-Id: Date: Fri, 25 Feb 2022 10:14:16 +0000 commit f0f2f42c21de82ff65672e8ecfadcfddc63f2186 Author: Juergen Gross AuthorDate: Fri Feb 25 11:10:19 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:10:19 2022 +0100 xen/public: add comment to struct xen_mem_acquire_resource Commit 7c7f7e8fba01 changed xen/include/public/memory.h in an incompatible way. Unfortunately the changed parts were already in use in the Linux kernel, so an update of the header in the kernel would result in a build breakage. As the change of above commit was in a section originally meant to be not stable, it was the usage in the kernel which was wrong. Add a comment to the modified struct for not reusing the now removed bit, in order to avoid kernels using it stumbling over a possible new meaning of the bit. In case the kernel is updating to a new version of the header, the wrong use case must be removed first. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- xen/include/public/memory.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 383a9468c3..a1a0f0233a 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -662,6 +662,13 @@ struct xen_mem_acquire_resource { * two calls. */ uint32_t nr_frames; + /* + * Padding field, must be zero on input. + * In a previous version this was an output field with the lowest bit + * named XENMEM_rsrc_acq_caller_owned. Future versions of this interface + * will not reuse this bit as an output with the field being zero on + * input. + */ uint32_t pad; /* * IN - the index of the initial frame to be mapped. This parameter -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 12:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 12:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279056.476568 (Exim 4.92) (envelope-from ) id 1nNZbo-000729-9j; Fri, 25 Feb 2022 12:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279056.476568; Fri, 25 Feb 2022 12:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZbo-000721-6Z; Fri, 25 Feb 2022 12:22:04 +0000 Received: by outflank-mailman (input) for mailman id 279056; Fri, 25 Feb 2022 12:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZbm-00071v-Ah for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZbm-0000w0-7I for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNZbm-0000pN-69 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OtJdefQBaRoPtUpsVkT/vHcphPng9WtjxFzm/rGTUiM=; b=5gSOgVKokG7Du6Vbf0I+74h442 BE5GUkBqikHY5xxLwifHr4ZMihpYscFnqln9PUFyKjGanejXCURYu6WeQVJBiQQmg51R08wBEZX8/ BTUfUw9UYtcuELL5XwspL9EFgeaEcSUyLk2pom3v0RH2kn7CjTCuabLsu3NZuVAKaed0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/mm: Remove always true ASSERT() in free_heap_pages() Message-Id: Date: Fri, 25 Feb 2022 12:22:02 +0000 commit f1097988b9baeb4cae38a1a71e027794291213ff Author: Julien Grall AuthorDate: Wed Feb 23 18:38:31 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 24 14:57:55 2022 +0000 xen/mm: Remove always true ASSERT() in free_heap_pages() free_heap_pages() has an ASSERT() checking that node is >= 0. However node is defined as an unsigned int. So it cannot be negative. Therefore remove the check as it will always be true. Coverity-ID: 1055631 Signed-off-by: Julien Grall Acked-by: Andrew Cooper Acked-by: Jan Beulich --- xen/common/page_alloc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 4635718237..e971bf91e0 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1441,7 +1441,6 @@ static void free_heap_pages( unsigned int zone = page_to_zone(pg); ASSERT(order <= MAX_ORDER); - ASSERT(node >= 0); spin_lock(&heap_lock); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 12:22:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 12:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279057.476572 (Exim 4.92) (envelope-from ) id 1nNZby-00074A-BR; Fri, 25 Feb 2022 12:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279057.476572; Fri, 25 Feb 2022 12:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZby-000740-8A; Fri, 25 Feb 2022 12:22:14 +0000 Received: by outflank-mailman (input) for mailman id 279057; Fri, 25 Feb 2022 12:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZbw-00073k-BT for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZbw-0000w7-Af for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNZbw-0000ps-9b for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TYXgYlIsF3T9vDYl67WcKxkEvO4X32s/K1XecANItjE=; b=uptZRyJZiLFYdvAbAp5QvBtSi7 kJRyDa6lLCSP3lp2SGq3ujjJBxc7WXkquJDRFwmSw6ErQ7Q6cVNGFmfCL32Cc/58gAV2IKXyIiCMl SRXBMzuGvGhtIOOM8zoUjb+QNaGeK+i1ClSHQqExnWFGQ4RqcFRRh8cNOnvJcQsqfFw0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: add some clarification to xenstore-migration.md Message-Id: Date: Fri, 25 Feb 2022 12:22:12 +0000 commit 20c9e4581ae3d35b776838defab424c5601310da Author: Juergen Gross AuthorDate: Thu Feb 17 12:47:26 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:18:04 2022 +0000 docs: add some clarification to xenstore-migration.md The Xenstore migration document is missing the specification that a node record must be preceded by the record of its parent node in case of live update. Add that missing part. Signed-off-by: Juergen Gross Acked-by: Julien Grall --- docs/designs/xenstore-migration.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/designs/xenstore-migration.md b/docs/designs/xenstore-migration.md index 5f1155273e..b94af7fd7c 100644 --- a/docs/designs/xenstore-migration.md +++ b/docs/designs/xenstore-migration.md @@ -316,6 +316,11 @@ a _committed_ node (globally visible in xenstored) or a _pending_ node (created or modified by a transaction for which there is also a `TRANSACTION_DATA` record previously present). +Each _committed_ node in the stream is required to have an already known parent +node. A parent node is known if it was either in the node data base before the +stream was started to be processed, or if a `NODE_DATA` record for that parent +node has already been processed in the stream. + ``` 0 1 2 3 octet -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 12:22:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 12:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279058.476576 (Exim 4.92) (envelope-from ) id 1nNZc8-000776-Cf; Fri, 25 Feb 2022 12:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279058.476576; Fri, 25 Feb 2022 12:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZc8-00076y-9f; Fri, 25 Feb 2022 12:22:24 +0000 Received: by outflank-mailman (input) for mailman id 279058; Fri, 25 Feb 2022 12:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZc6-00076j-Eb for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZc6-0000wt-Dn for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNZc6-0000qN-Cj for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gX5Oqv0LRtcEpn82eZkG3HKr/JpczTXi8ZEqG5hs7C0=; b=KzPvuVne/3rwzOXyT7xu1HAdQW pp5clLW7hFDFY2mDNfICL0W6yMWHe3G/kL44LkwfNDBufaIZee8O4lrI6k64cu2DO/gsruAzeYosm Dq3nStZXBDqIUwYEEreZ34PCuHjF/YwfWXn86bgAxkAI8M1lAgcy3xkx5maJxd1PHagY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Rename psr_mode_is_32bit to regs_mode_is_32bit Message-Id: Date: Fri, 25 Feb 2022 12:22:22 +0000 commit 526731c559f7f53543a3dbcc65b1d16b2bc48678 Author: Michal Orzel AuthorDate: Tue Feb 22 11:56:12 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:21:17 2022 +0000 xen/arm: Rename psr_mode_is_32bit to regs_mode_is_32bit Commit aa2f5aefa8de ("xen/arm: Rework psr_mode_is_32bit()") modified the function to take a struct cpu_user_regs instead of psr. Perform renaming of psr_mode_is_32bit to regs_mode_is_32bit to reflect that change. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/include/asm/regs.h | 2 +- xen/arch/arm/traps.c | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/include/asm/regs.h b/xen/arch/arm/include/asm/regs.h index ec091a28a2..04e821138a 100644 --- a/xen/arch/arm/include/asm/regs.h +++ b/xen/arch/arm/include/asm/regs.h @@ -13,7 +13,7 @@ #define psr_mode(psr,m) (((psr) & PSR_MODE_MASK) == m) -static inline bool psr_mode_is_32bit(const struct cpu_user_regs *regs) +static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) { #ifdef CONFIG_ARM_32 return true; diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 9339d12f58..0db8e42d65 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -896,7 +896,7 @@ static void _show_registers(const struct cpu_user_regs *regs, if ( guest_mode ) { - if ( psr_mode_is_32bit(regs) ) + if ( regs_mode_is_32bit(regs) ) show_registers_32(regs, ctxt, guest_mode, v); #ifdef CONFIG_ARM_64 else @@ -1631,7 +1631,7 @@ int check_conditional_instr(struct cpu_user_regs *regs, const union hsr hsr) { unsigned long it; - BUG_ON( !psr_mode_is_32bit(regs) || !(cpsr & PSR_THUMB) ); + BUG_ON( !regs_mode_is_32bit(regs) || !(cpsr & PSR_THUMB) ); it = ( (cpsr >> (10-2)) & 0xfc) | ((cpsr >> 25) & 0x3 ); @@ -1656,7 +1656,7 @@ int check_conditional_instr(struct cpu_user_regs *regs, const union hsr hsr) void advance_pc(struct cpu_user_regs *regs, const union hsr hsr) { register_t itbits, cond, cpsr = regs->cpsr; - bool is_thumb = psr_mode_is_32bit(regs) && (cpsr & PSR_THUMB); + bool is_thumb = regs_mode_is_32bit(regs) && (cpsr & PSR_THUMB); if ( is_thumb && (cpsr & PSR_IT_MASK) ) { @@ -2098,37 +2098,37 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) advance_pc(regs, hsr); break; case HSR_EC_CP15_32: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp15_32); do_cp15_32(regs, hsr); break; case HSR_EC_CP15_64: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp15_64); do_cp15_64(regs, hsr); break; case HSR_EC_CP14_32: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_32); do_cp14_32(regs, hsr); break; case HSR_EC_CP14_64: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_64); do_cp14_64(regs, hsr); break; case HSR_EC_CP14_DBG: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp14_dbg); do_cp14_dbg(regs, hsr); break; case HSR_EC_CP10: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp10); do_cp10(regs, hsr); break; case HSR_EC_CP: - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_cp); do_cp(regs, hsr); break; @@ -2139,7 +2139,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) * ARMv7 (DDI 0406C.b): B1.14.8 * ARMv8 (DDI 0487A.d): D1-1501 Table D1-44 */ - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_smc32); do_trap_smc(regs, hsr); break; @@ -2147,7 +2147,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) { register_t nr; - GUEST_BUG_ON(!psr_mode_is_32bit(regs)); + GUEST_BUG_ON(!regs_mode_is_32bit(regs)); perfc_incr(trap_hvc32); #ifndef NDEBUG if ( (hsr.iss & 0xff00) == 0xff00 ) @@ -2162,7 +2162,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) } #ifdef CONFIG_ARM_64 case HSR_EC_HVC64: - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_hvc64); #ifndef NDEBUG if ( (hsr.iss & 0xff00) == 0xff00 ) @@ -2178,12 +2178,12 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) * * ARMv8 (DDI 0487A.d): D1-1501 Table D1-44 */ - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_smc64); do_trap_smc(regs, hsr); break; case HSR_EC_SYSREG: - GUEST_BUG_ON(psr_mode_is_32bit(regs)); + GUEST_BUG_ON(regs_mode_is_32bit(regs)); perfc_incr(trap_sysreg); do_sysreg(regs, hsr); break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 12:22:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 12:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279059.476580 (Exim 4.92) (envelope-from ) id 1nNZcI-0007AJ-EC; Fri, 25 Feb 2022 12:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279059.476580; Fri, 25 Feb 2022 12:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcI-0007AA-BE; Fri, 25 Feb 2022 12:22:34 +0000 Received: by outflank-mailman (input) for mailman id 279059; Fri, 25 Feb 2022 12:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcG-00079u-HZ for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcG-0000x8-Gr for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNZcG-0000r7-G2 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CDmDMkBPeJJ+nLGifrHn6OaXLUjQwwNSbY3rbtYJgHI=; b=KvfWZBQ3nPVmvEy003kWxVMMiq r0xhyX/YQ77ZNEKosaVK6QBjAPOMXktYCUOAud5rEvFoMbpuHQ6J0vHMb4Pf6rnEFCN7BMO8Gsrru VsQuQWqbYSkWf8GWpGuZBL51wlpq6DFCdyFglhqrosBI0bPo8y0XJ7mmhHCNdD5dMA1A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Rename psr_mode_is_user to regs_mode_is_user Message-Id: Date: Fri, 25 Feb 2022 12:22:32 +0000 commit 66b467a0e86daff8caa2b571871b1cb96633df45 Author: Michal Orzel AuthorDate: Tue Feb 22 11:56:13 2022 +0100 Commit: Julien Grall CommitDate: Thu Feb 24 15:21:17 2022 +0000 xen/arm: Rename psr_mode_is_user to regs_mode_is_user Perform renaming of psr_mode_is_user to regs_mode_is_user in order to reflect that it takes struct cpu_user_regs as a parameter and not psr. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/arm64/vsysreg.c | 4 ++-- xen/arch/arm/include/asm/regs.h | 4 ++-- xen/arch/arm/traps.c | 12 ++++++------ xen/arch/arm/vcpreg.c | 4 ++-- xen/arch/arm/vtimer.c | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/arm64/vsysreg.c b/xen/arch/arm/arm64/vsysreg.c index cf55544081..758750983c 100644 --- a/xen/arch/arm/arm64/vsysreg.c +++ b/xen/arch/arm/arm64/vsysreg.c @@ -91,7 +91,7 @@ void do_sysreg(struct cpu_user_regs *regs, * ARMv8 (DDI 0487A.d): D7.2.1 */ case HSR_SYSREG_ACTLR_EL1: - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( hsr.sysreg.read ) set_user_reg(regs, regidx, v->arch.actlr); @@ -206,7 +206,7 @@ void do_sysreg(struct cpu_user_regs *regs, return handle_raz_wi(regs, regidx, hsr.sysreg.read, hsr, 1); case HSR_SYSREG_PMUSERENR_EL0: /* RO at EL0. RAZ/WI at EL1 */ - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return handle_ro_raz(regs, regidx, hsr.sysreg.read, hsr, 0); else return handle_raz_wi(regs, regidx, hsr.sysreg.read, hsr, 1); diff --git a/xen/arch/arm/include/asm/regs.h b/xen/arch/arm/include/asm/regs.h index 04e821138a..794721a103 100644 --- a/xen/arch/arm/include/asm/regs.h +++ b/xen/arch/arm/include/asm/regs.h @@ -33,7 +33,7 @@ static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) #ifdef CONFIG_ARM_32 #define hyp_mode(r) psr_mode((r)->cpsr,PSR_MODE_HYP) -#define psr_mode_is_user(r) usr_mode(r) +#define regs_mode_is_user(r) usr_mode(r) #else #define hyp_mode(r) (psr_mode((r)->cpsr,PSR_MODE_EL2h) || \ psr_mode((r)->cpsr,PSR_MODE_EL2t)) @@ -42,7 +42,7 @@ static inline bool regs_mode_is_32bit(const struct cpu_user_regs *regs) * Trap may have been taken from EL0, which might be in AArch32 usr * mode, or in AArch64 mode (PSR_MODE_EL0t). */ -#define psr_mode_is_user(r) \ +#define regs_mode_is_user(r) \ (psr_mode((r)->cpsr,PSR_MODE_EL0t) || usr_mode(r)) #endif diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 0db8e42d65..7a1b679b8c 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -561,7 +561,7 @@ static void inject_abt64_exception(struct cpu_user_regs *regs, .len = instr_len, }; - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) esr.ec = prefetch ? HSR_EC_INSTR_ABORT_LOWER_EL : HSR_EC_DATA_ABORT_LOWER_EL; else @@ -1193,7 +1193,7 @@ void vcpu_show_execution_state(struct vcpu *v) vcpu_pause(v); /* acceptably dangerous */ vcpu_show_registers(v); - if ( !psr_mode_is_user(&v->arch.cpu_info->guest_cpu_user_regs) ) + if ( !regs_mode_is_user(&v->arch.cpu_info->guest_cpu_user_regs) ) show_guest_stack(v, &v->arch.cpu_info->guest_cpu_user_regs); vcpu_unpause(v); @@ -1560,7 +1560,7 @@ enum mc_disposition arch_do_multicall_call(struct mc_state *state) multi->args[2], multi->args[3], multi->args[4]); - return likely(!psr_mode_is_user(guest_cpu_user_regs())) + return likely(!regs_mode_is_user(guest_cpu_user_regs())) ? mc_continue : mc_preempt; } @@ -1699,7 +1699,7 @@ void handle_raz_wi(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( read ) @@ -1718,7 +1718,7 @@ void handle_wo_wi(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( read ) @@ -1738,7 +1738,7 @@ void handle_ro_read_val(struct cpu_user_regs *regs, { ASSERT((min_el == 0) || (min_el == 1)); - if ( min_el > 0 && psr_mode_is_user(regs) ) + if ( min_el > 0 && regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( !read ) diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c index dfc18d12ff..b5fbbe1cb8 100644 --- a/xen/arch/arm/vcpreg.c +++ b/xen/arch/arm/vcpreg.c @@ -224,7 +224,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) * ARMv8 (DDI 0487A.d): G6.2.1 */ case HSR_CPREG32(ACTLR): - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return inject_undef_exception(regs, hsr); if ( cp32.read ) set_user_reg(regs, regidx, v->arch.actlr); @@ -296,7 +296,7 @@ void do_cp15_32(struct cpu_user_regs *regs, const union hsr hsr) */ case HSR_CPREG32(PMUSERENR): /* RO at EL0. RAZ/WI at EL1 */ - if ( psr_mode_is_user(regs) ) + if ( regs_mode_is_user(regs) ) return handle_ro_raz(regs, regidx, cp32.read, hsr, 0); else return handle_raz_wi(regs, regidx, cp32.read, hsr, 1); diff --git a/xen/arch/arm/vtimer.c b/xen/arch/arm/vtimer.c index 0196951af4..5bb5970f58 100644 --- a/xen/arch/arm/vtimer.c +++ b/xen/arch/arm/vtimer.c @@ -36,7 +36,7 @@ * CNTKCTL_EL1_ bit name which gates user access */ #define ACCESS_ALLOWED(regs, user_gate) \ - ( !psr_mode_is_user(regs) || \ + ( !regs_mode_is_user(regs) || \ (READ_SYSREG(CNTKCTL_EL1) & CNTKCTL_EL1_##user_gate) ) static void phys_timer_expired(void *data) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 12:22:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 12:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279060.476583 (Exim 4.92) (envelope-from ) id 1nNZcS-0007D3-Fb; Fri, 25 Feb 2022 12:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279060.476583; Fri, 25 Feb 2022 12:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcS-0007Cw-Ch; Fri, 25 Feb 2022 12:22:44 +0000 Received: by outflank-mailman (input) for mailman id 279060; Fri, 25 Feb 2022 12:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcQ-0007CZ-Kb for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNZcQ-0000xI-Jk for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNZcQ-0000rj-J3 for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 12:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/1BjGTGhoQqwdt2Ro/tjz/vTPcQ9g38dXWuHYwP8AJQ=; b=GGjfPLfqJIGbhz+OQ5JsTdQHEr iaf6wKp2wDqEVLNr1hTRzbp3iHMlkZo21SC1eagEYZkYCoB6QABfDs+dpzho4Edgk9rYxS/NTidih Px9hjROcsaVd01fKQR94JGn+RPUBFVoE3J339mF+ZSapIQlXCithG4bkqNmxSwUuT3gU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/mm: pg_offlined can be defined as bool in free_heap_pages() Message-Id: Date: Fri, 25 Feb 2022 12:22:42 +0000 commit 9ba4c529985a1773852069889a5b53f2ed26c408 Author: Julien Grall AuthorDate: Wed Feb 23 19:08:33 2022 +0000 Commit: Julien Grall CommitDate: Thu Feb 24 17:32:43 2022 +0000 xen/mm: pg_offlined can be defined as bool in free_heap_pages() The local variable pg_offlined in free_heap_pages() can only take two values. So switch it to a bool. Fixes: 289610483fc43 ("mm: fix broken tainted value in mark_page_free") Signed-off-by: Julien Grall Acked-by: Andrew Cooper --- xen/common/page_alloc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index e971bf91e0..319029140f 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -1437,8 +1437,9 @@ static void free_heap_pages( { unsigned long mask; mfn_t mfn = page_to_mfn(pg); - unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), pg_offlined = 0; + unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)); unsigned int zone = page_to_zone(pg); + bool pg_offlined = false; ASSERT(order <= MAX_ORDER); @@ -1447,7 +1448,7 @@ static void free_heap_pages( for ( i = 0; i < (1 << order); i++ ) { if ( mark_page_free(&pg[i], mfn_add(mfn, i)) ) - pg_offlined = 1; + pg_offlined = true; if ( need_scrub ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 17:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 17:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279547.477273 (Exim 4.92) (envelope-from ) id 1nNe7V-0004n6-8d; Fri, 25 Feb 2022 17:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279547.477273; Fri, 25 Feb 2022 17:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7V-0004my-5e; Fri, 25 Feb 2022 17:11:05 +0000 Received: by outflank-mailman (input) for mailman id 279547; Fri, 25 Feb 2022 17:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7U-0004mZ-6j for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7U-0006mg-3c for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNe7U-00028u-2g for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E1KRt0Xn8dDX4wzUY8jsYYsFNfvrXs5ejwxOCtB9iPc=; b=LKpzxYctBCNrEmb/4+nlMzACGH bLJB0zutj9Ri+AxvYvliNhhzi2/bnxUrD1n5pcLMZl6iOKV1ORaUBrL+3eNMQRcFEeLwl8w5QUUR7 t9tn+z1b2n0j1K8J53J9QpFrGOud7VeqOr9yipJieNNC5zLc/ErU5cuYw7ujpE/z7Ork=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Fri, 25 Feb 2022 17:11:04 +0000 commit 7d9589239ec068c944190408b9838774d5ec1f8f Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 25 13:15:42 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index fa41990dde..5d12937a0e 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Feb 25 17:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Feb 2022 17:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279548.477277 (Exim 4.92) (envelope-from ) id 1nNe7f-0004pb-Bl; Fri, 25 Feb 2022 17:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279548.477277; Fri, 25 Feb 2022 17:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7f-0004pQ-8U; Fri, 25 Feb 2022 17:11:15 +0000 Received: by outflank-mailman (input) for mailman id 279548; Fri, 25 Feb 2022 17:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7e-0004p9-7G for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNe7e-0006mk-6Z for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNe7e-00029T-5f for xen-changelog@lists.xenproject.org; Fri, 25 Feb 2022 17:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kSXpWkP3Y4sY3ZbonT64qDKAMe0OjZ597VnBPcyyRz0=; b=yQkAB2dZeLId37NEZ9vp7YnZpY QomKxObGax0bGsuhItaKVZBebMU88f8iB8YxzgzYdJhpwx3QfjOaLkNAYBSMW92ylHLl2iRcMOrWB eonxFXQSKPTq7IsU3yHBcGntVl1DGB7nBhbIWu2jqXOPZ442JLfuvosFwD2icxBX0k78=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: fix auto defconfig rule Message-Id: Date: Fri, 25 Feb 2022 17:11:14 +0000 commit 10f1f7b010a22d6d4ee67b018412d5f7ea386fc6 Author: Anthony PERARD AuthorDate: Fri Feb 25 14:54:08 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 25 16:23:09 2022 +0000 build: fix auto defconfig rule We should only run "defconfig" if ".config" is missing. Commit 317c98cb91 have added a dependency on "tools/fixdep", so make would start runnning "defconfig" also when "tools/fixdep" is newer than ".config" and thus overwrite any changes made by a developer. Reintroduce intended behavior of the rule to only generate a default Kconfig when ".config" is missing. Fixes: 317c98cb91 ("build: hook kconfig into xen build system") Reported-by: Andrew Cooper Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- xen/Makefile | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 133b382f86..ed4891daf1 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -243,15 +243,10 @@ ifeq ($(need-config),y) # changes are detected. -include include/config/auto.conf.cmd -# This allows make to build fixdep before invoking defconfig. We can't use -# "tools_fixdep" which is a .PHONY target and would force make to call -# "defconfig" again to update $(KCONFIG_CONFIG). -tools/fixdep: - $(Q)$(MAKE) $(build)=tools tools/fixdep - # Allow people to just run `make` as before and not force them to configure -$(KCONFIG_CONFIG): tools/fixdep - $(Q)$(MAKE) $(build)=tools/kconfig defconfig +# Only run defconfig if $(KCONFIG_CONFIG) is missing +$(KCONFIG_CONFIG): tools_fixdep + $(if $(wildcard $@), , $(Q)$(MAKE) $(build)=tools/kconfig defconfig) # The actual configuration files used during the build are stored in # include/generated/ and include/config/. Update them if .config is newer than -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279683.477435 (Exim 4.92) (envelope-from ) id 1nNnel-0006QH-41; Sat, 26 Feb 2022 03:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279683.477435; Sat, 26 Feb 2022 03:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnel-0006Q8-0h; Sat, 26 Feb 2022 03:22:03 +0000 Received: by outflank-mailman (input) for mailman id 279683; Sat, 26 Feb 2022 03:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnej-0006Q2-Ko for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnej-0002tE-Jt for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnej-0006qV-Is for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k/W4k5dWLMfz2smNgN1JCYM42zf9YQTI8baJs+l3Q2s=; b=HomMTA59uDHAm9XhOfPTjSTsRu nnIGKqC/9XOazXzxNB0zA/OLUFBl5EkzgQEm9Gotmc40T72CD8HI+BsfLglTl2nOugzh7KSPHqEgb Br8dIVRU+AKgGylhfWSjN6bLHxZW8EbC9lntXk8nziR320O5Vjzgtp0hy2mkkelvOM00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/time: switch platform timer hooks to altcall Message-Id: Date: Sat, 26 Feb 2022 03:22:01 +0000 commit bed9ae54df44b9f6914eae4c6d231be41d859ecd Author: Jan Beulich AuthorDate: Fri Feb 25 10:48:20 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:48:20 2022 +0100 x86/time: switch platform timer hooks to altcall Except in the "clocksource=tsc" case we can replace the indirect calls involved in accessing the platform timers by direct ones, as they get established once and never changed. To also cover the "tsc" case, invoke what read_tsc() resolves to directly. In turn read_tsc() then becomes unreachable and hence can move to .init.*. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/time.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c005388e32..c05d3ca98b 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -66,6 +66,7 @@ struct platform_timesource { char *id; char *name; u64 frequency; + /* Post-init this hook may only be invoked via the read_counter() wrapper! */ u64 (*read_counter)(void); s64 (*init)(struct platform_timesource *); void (*resume)(struct platform_timesource *); @@ -584,7 +585,7 @@ static s64 __init cf_check init_tsc(struct platform_timesource *pts) return ret; } -static u64 cf_check read_tsc(void) +static uint64_t __init cf_check read_tsc(void) { return rdtsc_ordered(); } @@ -816,6 +817,18 @@ static s_time_t __read_platform_stime(u64 platform_time) return (stime_platform_stamp + scale_delta(diff, &plt_scale)); } +static uint64_t read_counter(void) +{ + /* + * plt_tsc is put in use only after alternatives patching has occurred, + * hence we can't invoke read_tsc() that way. Special case it here, open- + * coding the function call at the same time. + */ + return plt_src.read_counter != read_tsc + ? alternative_call(plt_src.read_counter) + : rdtsc_ordered(); +} + static void cf_check plt_overflow(void *unused) { int i; @@ -824,7 +837,7 @@ static void cf_check plt_overflow(void *unused) spin_lock_irq(&platform_timer_lock); - count = plt_src.read_counter(); + count = read_counter(); plt_stamp64 += (count - plt_stamp) & plt_mask; plt_stamp = count; @@ -860,7 +873,7 @@ static s_time_t read_platform_stime(u64 *stamp) ASSERT(!local_irq_is_enabled()); spin_lock(&platform_timer_lock); - plt_counter = plt_src.read_counter(); + plt_counter = read_counter(); count = plt_stamp64 + ((plt_counter - plt_stamp) & plt_mask); stime = __read_platform_stime(count); spin_unlock(&platform_timer_lock); @@ -878,7 +891,7 @@ static void platform_time_calibration(void) unsigned long flags; spin_lock_irqsave(&platform_timer_lock, flags); - count = plt_stamp64 + ((plt_src.read_counter() - plt_stamp) & plt_mask); + count = plt_stamp64 + ((read_counter() - plt_stamp) & plt_mask); stamp = __read_platform_stime(count); stime_platform_stamp = stamp; platform_timer_stamp = count; @@ -889,10 +902,10 @@ static void resume_platform_timer(void) { /* Timer source can be reset when backing from S3 to S0 */ if ( plt_src.resume ) - plt_src.resume(&plt_src); + alternative_vcall(plt_src.resume, &plt_src); plt_stamp64 = platform_timer_stamp; - plt_stamp = plt_src.read_counter(); + plt_stamp = read_counter(); } static void __init reset_platform_timer(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279684.477439 (Exim 4.92) (envelope-from ) id 1nNnev-0006Sa-5L; Sat, 26 Feb 2022 03:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279684.477439; Sat, 26 Feb 2022 03:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnev-0006SS-2J; Sat, 26 Feb 2022 03:22:13 +0000 Received: by outflank-mailman (input) for mailman id 279684; Sat, 26 Feb 2022 03:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnet-0006SC-Nz for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnet-0002tV-NC for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnet-0006r4-MD for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=t7NbRD/cSuRxKys/5Lof0iMFvzFBfXTgiXienx+h4GU=; b=DtAN7e6SP+Hl3wNijEPhSJrWzs DQP1bHIs3dBuG87xKvQSeh+3G+e/Sro6PvTIMGFxJWehDK4R9rbgDG7huOyHQVC4bGJiUJJpzoC27 cJtBt09bxhsm6UEOl6gvLjuQNX+Cqg5T+AG+gL9BC8WeMD7WORvYIILueD4rnyQ3cL00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: make embedded endbr64 check compatible with older GNU grep Message-Id: Date: Sat, 26 Feb 2022 03:22:11 +0000 commit 91fa912206d83518661062d70e6082a70eadb6ec Author: Jan Beulich AuthorDate: Fri Feb 25 10:49:17 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:49:17 2022 +0100 x86: make embedded endbr64 check compatible with older GNU grep With version 2.7 I'm observing support for binary searches, but unreliable results: Only a subset of the supposed matches is actually reported; for our pattern I've never observed any match. This same version works fine when handing it a Perl regexp using hex or octal escapes. Probe for support of -P and prefer that over the original approach. Fixes: 4d037425dccf ("x86: Build check for embedded endbr64 instructions") Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/tools/check-endbr.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 7fbb181b3c..9799c451a1 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -24,6 +24,11 @@ BAD=$D/bad-addrs echo "X" | grep -aob "X" -q 2>/dev/null || { echo "$MSG_PFX Warning: grep can't do binary searches" >&2; exit 0; } +# Check whether grep supports Perl regexps. Older GNU grep doesn't reliably +# find binary patterns otherwise. +perl_re=true +echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false + # # First, look for all the valid endbr64 instructions. # A worst-case disassembly, viewed through cat -A, may look like: @@ -60,8 +65,12 @@ eval $(${OBJDUMP} -j .text $1 -h | awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN -grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN | - awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL +if $perl_re +then + LC_ALL=C grep -aobP '\363\17\36\372' $TEXT_BIN +else + grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN +fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete wait -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279685.477443 (Exim 4.92) (envelope-from ) id 1nNnf5-0006VE-6t; Sat, 26 Feb 2022 03:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279685.477443; Sat, 26 Feb 2022 03:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnf5-0006V6-3y; Sat, 26 Feb 2022 03:22:23 +0000 Received: by outflank-mailman (input) for mailman id 279685; Sat, 26 Feb 2022 03:22:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnf3-0006Uw-R9 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnf3-0002tg-QQ for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnf3-0006rZ-PP for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ymdxToPDNCNjZnrMqZxFKqfIe02zJjHWoJklWGELGKw=; b=FOMk7ahyaMj/Q814nZ9KHR7eND xyw5l8ybhgTo/lPWrawN5UPYh0fELKqBVfwxhidOAWMDT3mS5vIOXFOIUbBIuLwAK2WWrfx96nLbY n3HVj4cSD2LSa3U1P6LPP51iss6agVOHFl8qITyvhSv2c7047te8YuJKUp//CPYU6SJc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework test/livepatch/Makefile Message-Id: Date: Sat, 26 Feb 2022 03:22:21 +0000 commit 27060920a79be3a12628e91212d6e21a9b4a2b76 Author: Anthony PERARD AuthorDate: Fri Feb 25 10:55:30 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 10:55:30 2022 +0100 build: rework test/livepatch/Makefile This rework the livepatch/Makefile to make it less repetitive and make use of the facilities. All the targets to be built are now listed in $(extra-y) which will allow Rules.mk to build them without the need of a local target in a future patch. There are some changes/fixes in this patch: - when "xen-syms" is used for a target, it is added to the dependency list of the target, which allow to rebuild the target when xen-syms changes. But if "xen-syms" is missing, make simply fails. - modinfo.o wasn't removing it's $@.bin file like the other targets, this is now done. - The command to build *.livepatch targets as been fixed to use $(XEN_LDFLAGS) rather than just $(LDFLAGS) which is a fallout from 2740d96efdd3 ("xen/build: have the root Makefile generates the CFLAGS") make will findout the dependencies of the *.livepatch files and thus what to built by "looking" at the objects listed in the *-objs variables. The actual dependencies is generated by the new "multi-depend" macro. "$(targets)" needs to be updated with the objects listed in the different *-objs variables to allow make to load the .*.cmd dependency files. This patch copies the macro "multi_depend" from Linux 5.12, and rename it to "multi-depend". Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/scripts/Kbuild.include | 9 ++ xen/test/livepatch/Makefile | 213 +++++++++++++++++--------------------------- 2 files changed, 91 insertions(+), 131 deletions(-) diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 2d482d1cb9..4875bb28c2 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -153,3 +153,12 @@ why = \ echo-why = $(call escsq, $(strip $(why))) endif + +# Useful for describing the dependency of composite objects +# Usage: +# $(call multi-depend, multi-used-targets, suffix-to-remove, suffix-to-add) +define multi-depend +$(foreach m, $(notdir $1), \ + $(eval $(obj)/$(m): \ + $(addprefix $(obj)/, $(foreach s, $3, $($(m:%$(strip $2)=%$(s))))))) +endef diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index 148dddb904..69fadccd01 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -12,81 +12,29 @@ CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') .PHONY: default - -LIVEPATCH := xen_hello_world.livepatch -LIVEPATCH_BYE := xen_bye_world.livepatch -LIVEPATCH_REPLACE := xen_replace_world.livepatch -LIVEPATCH_NOP := xen_nop.livepatch -LIVEPATCH_NO_XEN_BUILDID := xen_no_xen_buildid.livepatch -LIVEPATCH_PREPOST_HOOKS := xen_prepost_hooks.livepatch -LIVEPATCH_PREPOST_HOOKS_FAIL := xen_prepost_hooks_fail.livepatch -LIVEPATCH_ACTION_HOOKS := xen_action_hooks.livepatch -LIVEPATCH_ACTION_HOOKS_NOFUNC := xen_action_hooks_nofunc.livepatch -LIVEPATCH_ACTION_HOOKS_MARKER:= xen_action_hooks_marker.livepatch -LIVEPATCH_ACTION_HOOKS_NOAPPLY:= xen_action_hooks_noapply.livepatch -LIVEPATCH_ACTION_HOOKS_NOREVERT:= xen_action_hooks_norevert.livepatch -LIVEPATCH_EXPECTATIONS:= xen_expectations.livepatch -LIVEPATCH_EXPECTATIONS_FAIL:= xen_expectations_fail.livepatch - -LIVEPATCHES += $(LIVEPATCH) -LIVEPATCHES += $(LIVEPATCH_BYE) -LIVEPATCHES += $(LIVEPATCH_REPLACE) -LIVEPATCHES += $(LIVEPATCH_NOP) -LIVEPATCHES += $(LIVEPATCH_NO_XEN_BUILDID) -LIVEPATCHES += $(LIVEPATCH_PREPOST_HOOKS) -LIVEPATCHES += $(LIVEPATCH_PREPOST_HOOKS_FAIL) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOFUNC) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_MARKER) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) -LIVEPATCHES += $(LIVEPATCH_ACTION_HOOKS_NOREVERT) -LIVEPATCHES += $(LIVEPATCH_EXPECTATIONS) -LIVEPATCHES += $(LIVEPATCH_EXPECTATIONS_FAIL) - -LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch - build default: livepatch -install: livepatch - $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) - $(INSTALL_DATA) $(LIVEPATCHES) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) - -uninstall: - cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) - -.PHONY: clean -clean:: - rm -f *.o .*.o.d *.livepatch config.h expect_config.h +extra-y += xen_hello_world.livepatch +xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o +$(obj)/xen_hello_world.o: $(obj)/config.h # # To compute these values we need the binary files: xen-syms # and xen_hello_world_func.o to be already compiled. # -.PHONY: config.h -config.h: OLD_CODE_SZ=$(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version) -config.h: NEW_CODE_SZ=$(call CODE_SZ,$<,xen_hello_world) -config.h: MINOR_VERSION_SZ=$(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version) -config.h: MINOR_VERSION_ADDR=$(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version) -config.h: xen_hello_world_func.o +$(obj)/config.h: $(obj)/xen_hello_world_func.o (set -e; \ - echo "#define NEW_CODE_SZ $(NEW_CODE_SZ)"; \ - echo "#define MINOR_VERSION_SZ $(MINOR_VERSION_SZ)"; \ - echo "#define MINOR_VERSION_ADDR $(MINOR_VERSION_ADDR)"; \ - echo "#define OLD_CODE_SZ $(OLD_CODE_SZ)") > $@ + echo "#define NEW_CODE_SZ $(call CODE_SZ,$<,xen_hello_world)"; \ + echo "#define MINOR_VERSION_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_minor_version)"; \ + echo "#define MINOR_VERSION_ADDR $(call CODE_ADDR,$(BASEDIR)/xen-syms,xen_minor_version)"; \ + echo "#define OLD_CODE_SZ $(call CODE_SZ,$(BASEDIR)/xen-syms,xen_extra_version)") > $@ -xen_hello_world.o: config.h - -.PHONY: $(LIVEPATCH) -$(LIVEPATCH): xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH) $^ - -.PHONY: modinfo.o -modinfo.o: +$(obj)/modinfo.o: (set -e; \ printf "LIVEPATCH_RULEZ\0") > $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.modinfo,alloc,load,readonly,data,contents -S $@.bin $@ - #rm -f $@.bin + rm -f $@.bin # # This target is only accessible if CONFIG_LIVEPATCH is defined, which @@ -97,9 +45,8 @@ modinfo.o: # not be built (it is for EFI builds), and that we do not have # the note.o.bin to muck with (as it gets deleted) # -.PHONY: note.o -note.o: - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin +$(obj)/note.o: $(BASEDIR)/xen-syms + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin @@ -108,9 +55,8 @@ note.o: # Append .livepatch.xen_depends section # with Xen build-id derived from xen-syms. # -.PHONY: xen_note.o -xen_note.o: - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(BASEDIR)/xen-syms $@.bin +$(obj)/xen_note.o: $(BASEDIR)/xen-syms + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.xen_depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin @@ -119,102 +65,107 @@ xen_note.o: # Extract the build-id of the xen_hello_world.livepatch # (which xen_bye_world will depend on). # -.PHONY: hello_world_note.o -hello_world_note.o: $(LIVEPATCH) - $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $(LIVEPATCH) $@.bin +$(obj)/hello_world_note.o: $(obj)/xen_hello_world.livepatch + $(OBJCOPY) -O binary --only-section=.note.gnu.build-id $< $@.bin $(OBJCOPY) $(OBJCOPY_MAGIC) \ --rename-section=.data=.livepatch.depends,alloc,load,readonly,data,contents -S $@.bin $@ rm -f $@.bin -xen_bye_world.o: config.h -.PHONY: $(LIVEPATCH_BYE) -$(LIVEPATCH_BYE): xen_bye_world_func.o xen_bye_world.o hello_world_note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_BYE) $^ +extra-y += xen_bye_world.livepatch +xen_bye_world-objs := xen_bye_world_func.o xen_bye_world.o hello_world_note.o xen_note.o +$(obj)/xen_bye_world.o: $(obj)/config.h -xen_replace_world.o: config.h -.PHONY: $(LIVEPATCH_REPLACE) -$(LIVEPATCH_REPLACE): xen_replace_world_func.o xen_replace_world.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_REPLACE) $^ +extra-y += xen_replace_world.livepatch +xen_replace_world-objs := xen_replace_world_func.o xen_replace_world.o note.o xen_note.o +$(obj)/xen_replace_world.o: $(obj)/config.h -xen_nop.o: config.h -.PHONY: $(LIVEPATCH_NOP) -$(LIVEPATCH_NOP): xen_nop.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_NOP) $^ +extra-y += xen_nop.livepatch +xen_nop-objs := xen_nop.o note.o xen_note.o +$(obj)/xen_nop.o: $(obj)/config.h # This one always fails upon upload, because it deliberately # does not have a .livepatch.xen_depends (xen_note.o) section. -xen_no_xen_buildid.o: config.h - -.PHONY: $(LIVEPATCH_NO_XEN_BUILDID) -$(LIVEPATCH_NO_XEN_BUILDID): xen_nop.o note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_NO_XEN_BUILDID) $^ +extra-y += xen_no_xen_buildid.livepatch +xen_no_xen_buildid-objs := xen_nop.o note.o -xen_prepost_hooks.o: config.h +$(obj)/xen_prepost_hooks.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_PREPOST_HOOKS) -$(LIVEPATCH_PREPOST_HOOKS): xen_prepost_hooks.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_PREPOST_HOOKS) $^ +extra-y += xen_prepost_hooks.livepatch +xen_prepost_hooks-objs := xen_prepost_hooks.o xen_hello_world_func.o note.o xen_note.o -xen_prepost_hooks_fail.o: config.h +$(obj)/xen_prepost_hooks_fail.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_PREPOST_HOOKS_FAIL) -$(LIVEPATCH_PREPOST_HOOKS_FAIL): xen_prepost_hooks_fail.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_PREPOST_HOOKS_FAIL) $^ +extra-y += xen_prepost_hooks_fail.livepatch +xen_prepost_hooks_fail-objs := xen_prepost_hooks_fail.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks.o: config.h +$(obj)/xen_action_hooks.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS) -$(LIVEPATCH_ACTION_HOOKS): xen_action_hooks.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS) $^ +extra-y += xen_action_hooks.livepatch +xen_action_hooks-objs := xen_action_hooks.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_nofunc.o: config.h +$(obj)/xen_action_hooks_nofunc.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOFUNC) -$(LIVEPATCH_ACTION_HOOKS_NOFUNC): xen_action_hooks_nofunc.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOFUNC) $^ +extra-y += xen_action_hooks_nofunc.livepatch +xen_action_hooks_nofunc-objs := xen_action_hooks_nofunc.o note.o xen_note.o -xen_action_hooks_marker.o: config.h +$(obj)/xen_action_hooks_marker.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_MARKER) -$(LIVEPATCH_ACTION_HOOKS_MARKER): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_MARKER) $^ +extra-y += xen_action_hooks_marker.livepatch +xen_action_hooks_marker-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_noapply.o: config.h +$(obj)/xen_action_hooks_noapply.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) -$(LIVEPATCH_ACTION_HOOKS_NOAPPLY): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) $^ +extra-y += xen_action_hooks_noapply.livepatch +xen_action_hooks_noapply-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o -xen_action_hooks_norevert.o: config.h +$(obj)/xen_action_hooks_norevert.o: $(obj)/config.h -.PHONY: $(LIVEPATCH_ACTION_HOOKS_NOREVERT) -$(LIVEPATCH_ACTION_HOOKS_NOREVERT): xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_ACTION_HOOKS_NOREVERT) $^ +extra-y += xen_action_hooks_norevert.livepatch +xen_action_hooks_norevert-objs := xen_action_hooks_marker.o xen_hello_world_func.o note.o xen_note.o EXPECT_BYTES_COUNT := 8 CODE_GET_EXPECT=$(shell $(OBJDUMP) -d --insn-width=1 $(1) | sed -n -e '/<'$(2)'>:$$/,/^$$/ p' | tail -n +2 | head -n $(EXPECT_BYTES_COUNT) | awk '{$$0=$$2; printf "%s", substr($$0,length-1)}' | sed 's/.\{2\}/0x&,/g' | sed 's/^/{/;s/,$$/}/g') -.PHONY: expect_config.h -expect_config.h: EXPECT_BYTES=$(call CODE_GET_EXPECT,$(BASEDIR)/xen-syms,xen_extra_version) -expect_config.h: +$(obj)/expect_config.h: $(BASEDIR)/xen-syms (set -e; \ - echo "#define EXPECT_BYTES $(EXPECT_BYTES)"; \ + echo "#define EXPECT_BYTES $(call CODE_GET_EXPECT,$<,xen_extra_version)"; \ echo "#define EXPECT_BYTES_COUNT $(EXPECT_BYTES_COUNT)") > $@ -xen_expectations.o: expect_config.h +$(obj)/xen_expectations.o: $(obj)/expect_config.h -.PHONY: $(LIVEPATCH_EXPECTATIONS) -$(LIVEPATCH_EXPECTATIONS): xen_expectations.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_EXPECTATIONS) $^ +extra-y += xen_expectations.livepatch +xen_expectations-objs := xen_expectations.o xen_hello_world_func.o note.o xen_note.o -.PHONY: $(LIVEPATCH_EXPECTATIONS_FAIL) -$(LIVEPATCH_EXPECTATIONS_FAIL): xen_expectations_fail.o xen_hello_world_func.o note.o xen_note.o - $(LD) $(LDFLAGS) $(build_id_linker) -r -o $(LIVEPATCH_EXPECTATIONS_FAIL) $^ +extra-y += xen_expectations_fail.livepatch +xen_expectations_fail-objs := xen_expectations_fail.o xen_hello_world_func.o note.o xen_note.o + + +quiet_cmd_livepatch = LD $@ +cmd_livepatch = $(LD) $(XEN_LDFLAGS) $(build_id_linker) -r -o $@ $(real-prereqs) + +$(obj)/%.livepatch: FORCE + $(call if_changed,livepatch) + +$(call multi-depend, $(filter %.livepatch,$(extra-y)), .livepatch, -objs) +targets += $(sort $(foreach m,$(basename $(notdir $(filter %.livepatch,$(extra-y)))), \ + $($(m)-objs))) + +LIVEPATCHES := $(filter %.livepatch,$(extra-y)) + +LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch .PHONY: livepatch -livepatch: $(LIVEPATCH) $(LIVEPATCH_BYE) $(LIVEPATCH_REPLACE) $(LIVEPATCH_NOP) $(LIVEPATCH_NO_XEN_BUILDID) \ - $(LIVEPATCH_PREPOST_HOOKS) $(LIVEPATCH_PREPOST_HOOKS_FAIL) $(LIVEPATCH_ACTION_HOOKS) \ - $(LIVEPATCH_ACTION_HOOKS_NOFUNC) $(LIVEPATCH_ACTION_HOOKS_MARKER) $(LIVEPATCH_ACTION_HOOKS_NOAPPLY) \ - $(LIVEPATCH_ACTION_HOOKS_NOREVERT) $(LIVEPATCH_EXPECTATIONS) $(LIVEPATCH_EXPECTATIONS_FAIL) +livepatch: $(LIVEPATCHES) + +install: $(addprefix $(obj)/,$(LIVEPATCHES)) + $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) + $(INSTALL_DATA) $(addprefix $(obj)/,$(LIVEPATCHES)) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) + +uninstall: + cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) + +.PHONY: clean +clean:: + rm -f *.o .*.o.d *.livepatch config.h expect_config.h -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279686.477446 (Exim 4.92) (envelope-from ) id 1nNnfF-0006Yu-AS; Sat, 26 Feb 2022 03:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279686.477446; Sat, 26 Feb 2022 03:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfF-0006Ym-6l; Sat, 26 Feb 2022 03:22:33 +0000 Received: by outflank-mailman (input) for mailman id 279686; Sat, 26 Feb 2022 03:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfD-0006YR-UZ for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfD-0002uC-Tm for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnfD-0006sJ-St for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nx8Tp4Y9D7T8ZzHKg12ea5jgbLuabGvmvSdTSlKYJoI=; b=enLXExWo608PS3RTAbhDPrGIU7 Uk9EcIXwjzrtTNr4TpApkOdg0LkxCb+oYImu/zzm7+IlzdAg9xibwrTmOcPmfdX8hOmNtSaK0eFIc uYo8GmNuQlJ7LjxElV/N8VmhxyviG7fcPEVkARIHwaVvqoW3WPkwZY50RoayeE03H5cI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: build everything from the root dir, use obj=$subdir Message-Id: Date: Sat, 26 Feb 2022 03:22:31 +0000 commit 7a3bcd2babcc7d9952bcf174f3705ebd9290671a Author: Anthony PERARD AuthorDate: Fri Feb 25 11:01:15 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:01:15 2022 +0100 build: build everything from the root dir, use obj=$subdir A subdirectory is now built by setting "$(obj)" instead of changing directory. "$(obj)" should always be set when using "Rules.mk" and thus a shortcut "$(build)" is introduced and should be used. A new variable "$(need-builtin)" is introduce. It is to be used whenever a "built_in.o" is wanted from a subdirectory. "built_in.o" isn't the main target anymore, and thus only needs to depends on the objects that should be part of "built_in.o". Introduce $(srctree) and $(objtree) to replace $(BASEDIR) in cases a relative path is better, and $(abs_srctree) and $(abs_objtree) which have an absolute path. DEPS is updated as the existing macro to deal with it doesn't know about $(obj). There's some changes in "Rules.mk" which in addition to deal with "$(obj)" also make it's looks more like "Makefile.build" from Linux v5.12. test/Makefile doesn't need special handling in order to build everything under test/, Rules.mk will visit test/livepatch via $(subdir-y), thus "tests" "all" and "build" target are removed. "subtree-force-update" target isn't useful so it is removed as well. test/livepatch/Makefile doesn't need default target anymore, Rules.mk will build everything in $(extra-y) and thus all *.livepatch. Adjust cloc recipe: dependency files generated by CC will now have the full path to the source file, so we don't need to prepend the subdirectory. This fix some issue with source not been parsed by cloc before. Also source from tools/kconfig would be listed with changes in this patch so adjust the find command to stop listing the "tools" directory and thus kconfig. With a default build of Xen on X86, they are a few new files parsed by cloc: arch/x86/x86_64/compat/mm.c arch/x86/x86_64/mm.c common/compat/domain.c common/compat/memory.c common/compat/xlat.c Signed-off-by: Anthony PERARD Acked-by: Bob Eshleman Acked-by: Julien Grall Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM --- xen/Makefile | 36 +++++++----- xen/Rules.mk | 138 +++++++++++++++++++++++++++++--------------- xen/arch/arm/Makefile | 4 +- xen/arch/arm/Rules.mk | 4 -- xen/arch/arm/arch.mk | 4 +- xen/arch/riscv/arch.mk | 4 +- xen/arch/x86/Makefile | 11 ++-- xen/arch/x86/Rules.mk | 4 +- xen/arch/x86/arch.mk | 12 ++-- xen/arch/x86/boot/Makefile | 8 +-- xen/build.mk | 12 +++- xen/include/Makefile | 6 +- xen/scripts/Kbuild.include | 6 ++ xen/test/Makefile | 7 +-- xen/test/livepatch/Makefile | 6 -- xen/xsm/flask/Makefile | 2 +- xen/xsm/flask/ss/Makefile | 2 +- 17 files changed, 162 insertions(+), 104 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 6e4ea200aa..7912e35503 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -22,6 +22,15 @@ export CHECKPOLICY ?= checkpolicy export BASEDIR := $(CURDIR) export XEN_ROOT := $(BASEDIR)/.. +abs_objtree := $(CURDIR) +abs_srctree := $(CURDIR) + +export abs_srctree abs_objtree + +srctree := . +objtree := . +export srctree objtree + # Do not use make's built-in rules and variables MAKEFLAGS += -rR @@ -47,7 +56,7 @@ export KCONFIG_CONFIG ?= .config export CC CXX LD -export TARGET := $(BASEDIR)/xen +export TARGET := xen .PHONY: default default: build @@ -250,7 +259,7 @@ endif CFLAGS += -nostdinc -fno-builtin -fno-common CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith $(call cc-option-add,CFLAGS,CC,-Wvla) -CFLAGS += -pipe -D__XEN__ -include $(BASEDIR)/include/xen/config.h +CFLAGS += -pipe -D__XEN__ -include $(srctree)/include/xen/config.h CFLAGS-$(CONFIG_DEBUG_INFO) += -g ifneq ($(CONFIG_CC_IS_CLANG),y) @@ -349,10 +358,10 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) .PHONY: tests tests: - $(MAKE) -f $(BASEDIR)/Rules.mk -C test tests + $(Q)$(MAKE) $(build)=test .PHONY: install-tests install-tests: - $(MAKE) -f $(BASEDIR)/Rules.mk -C test install + $(Q)$(MAKE) $(build)=test install .PHONY: _uninstall _uninstall: D=$(DESTDIR) @@ -408,16 +417,16 @@ $(TARGET).gz: $(TARGET) $(TARGET): FORCE $(MAKE) -C tools - $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h + $(Q)$(MAKE) $(build)=. include/xen/compile.h [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ do test -r arch/$(TARGET_ARCH)/efi/$$f || \ ln -nsf ../../../common/efi/$$f arch/$(TARGET_ARCH)/efi/; \ done; \ true - $(MAKE) -f $(BASEDIR)/Rules.mk -C include - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) include - $(MAKE) -f $(BASEDIR)/Rules.mk arch/$(TARGET_ARCH)/include/asm/asm-offsets.h - $(MAKE) -f $(BASEDIR)/Rules.mk MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ + $(Q)$(MAKE) $(build)=include all + $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) include + $(Q)$(MAKE) $(build)=. arch/$(TARGET_ARCH)/include/asm/asm-offsets.h + $(Q)$(MAKE) $(build)=. MKRELOC=$(MKRELOC) 'ALL_OBJS=$(ALL_OBJS-y)' 'ALL_LIBS=$(ALL_LIBS-y)' $@ SUBDIRS = xsm arch/$(TARGET_ARCH) common drivers lib test define all_sources @@ -463,19 +472,18 @@ _MAP: $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map %.o %.i %.s: %.c FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $(*D) $(@F) + $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) %.o %.s: %.S FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $(*D) $(@F) + $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) %/: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in.o built_in_bin.o + $(Q)$(MAKE) $(build)=$* need-builtin=1 .PHONY: cloc cloc: - find . -name '*.o.d' | while read f; do \ + find . -name tools -prune -o -name '*.o.d' -print | while read f; do \ for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ - sf="$$(dirname $$f)/$$sf"; \ test -f "$$sf" && echo "$$sf"; \ done; \ done | cloc --list-file=- diff --git a/xen/Rules.mk b/xen/Rules.mk index 1e7f47a3d8..67112e0077 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -3,19 +3,29 @@ # Makefile and are consumed by Rules.mk # -obj := . +ifndef obj +$(warning kbuild: Rules.mk is included improperly) +endif + src := $(obj) +PHONY := __build +__build: + -include $(BASEDIR)/include/config/auto.conf include $(XEN_ROOT)/Config.mk include $(BASEDIR)/scripts/Kbuild.include # Initialise some variables +obj-y := lib-y := targets := +subdir-y := CFLAGS-y := AFLAGS-y := +nocov-y := +noubsan-y := SPECIAL_DATA_SECTIONS := rodata $(foreach a,1 2 4 8 16, \ $(foreach w,1 2 4, \ @@ -50,27 +60,54 @@ cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $< $@ quiet_cmd_binfile = BINFILE $@ cmd_binfile = $(SHELL) $(BASEDIR)/tools/binfile $(BINFILE_FLAGS) $@ $(2) -define gendep - ifneq ($(1),$(subst /,:,$(1))) - DEPS += $(dir $(1)).$(notdir $(1)).d - endif -endef -$(foreach o,$(filter-out %/,$(obj-y) $(obj-bin-y) $(extra-y)),$(eval $(call gendep,$(o)))) +# Figure out what we need to build from the various variables +# =========================================================================== + +# Libraries are always collected in one lib file. +# Filter out objects already built-in +lib-y := $(filter-out $(obj-y), $(sort $(lib-y))) + +# Subdirectories we need to descend into +subdir-y := $(sort $(subdir-y) $(patsubst %/,%,$(filter %/, $(obj-y)))) # Handle objects in subdirs -# --------------------------------------------------------------------------- -# o if we encounter foo/ in $(obj-y), replace it by foo/built_in.o -# and add the directory to the list of dirs to descend into: $(subdir-y) -subdir-y := $(subdir-y) $(filter %/, $(obj-y)) +# - if we encounter foo/ in $(obj-y), replace it by foo/built_in.o +ifdef need-builtin obj-y := $(patsubst %/, %/built_in.o, $(obj-y)) +else +obj-y := $(filter-out %/, $(obj-y)) +endif -# $(subdir-obj-y) is the list of objects in $(obj-y) which uses dir/ to -# tell kbuild to descend -subdir-obj-y := $(filter %/built_in.o, $(obj-y)) +# Add subdir path -# Libraries are always collected in one lib file. -# Filter out objects already built-in -lib-y := $(filter-out $(obj-y), $(sort $(lib-y))) +extra-y := $(addprefix $(obj)/,$(extra-y)) +targets := $(addprefix $(obj)/,$(targets)) +lib-y := $(addprefix $(obj)/,$(lib-y)) +obj-y := $(addprefix $(obj)/,$(obj-y)) +obj-bin-y := $(addprefix $(obj)/,$(obj-bin-y)) +subdir-y := $(addprefix $(obj)/,$(subdir-y)) +nocov-y := $(addprefix $(obj)/,$(nocov-y)) +noubsan-y := $(addprefix $(obj)/,$(noubsan-y)) + +# subdir-builtin may contain duplications. Use $(sort ...) +subdir-builtin := $(sort $(filter %/built_in.o, $(obj-y))) + +targets-for-builtin := $(extra-y) + +ifneq ($(strip $(lib-y)),) + targets-for-builtin += $(obj)/lib.a +endif + +ifdef need-builtin + targets-for-builtin += $(obj)/built_in.o + ifneq ($(strip $(obj-bin-y)),) + ifeq ($(CONFIG_LTO),y) + targets-for-builtin += $(obj)/built_in_bin.o + endif + endif +endif + +targets += $(targets-for-builtin) $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += -DINIT_SECTIONS_ONLY @@ -122,29 +159,28 @@ quiet_cmd_cc_builtin = CC $@ cmd_cc_builtin = \ $(CC) $(XEN_CFLAGS) -c -x c /dev/null -o $@ +# To build objects in subdirs, we need to descend into the directories +$(subdir-builtin): $(obj)/%/built_in.o: $(obj)/% ; + quiet_cmd_ld_builtin = LD $@ ifeq ($(CONFIG_LTO),y) cmd_ld_builtin = \ - $(LD_LTO) -r -o $@ $(filter $(obj-y),$(real-prereqs)) + $(LD_LTO) -r -o $@ $(real-prereqs) else cmd_ld_builtin = \ - $(LD) $(XEN_LDFLAGS) -r -o $@ $(filter $(obj-y),$(real-prereqs)) + $(LD) $(XEN_LDFLAGS) -r -o $@ $(real-prereqs) endif -built_in.o: $(obj-y) $(if $(strip $(lib-y)),lib.a) $(extra-y) FORCE +$(obj)/built_in.o: $(obj-y) FORCE $(call if_changed,$(if $(strip $(obj-y)),ld_builtin,cc_builtin)) -lib.a: $(lib-y) FORCE +$(obj)/lib.a: $(lib-y) FORCE $(call if_changed,ar) -targets += built_in.o -ifneq ($(strip $(lib-y)),) -targets += lib.a -endif -targets += $(filter-out $(subdir-obj-y), $(obj-y) $(lib-y)) $(extra-y) -targets += $(MAKECMDGOALS) +targets += $(filter-out $(subdir-builtin), $(obj-y)) +targets += $(lib-y) $(MAKECMDGOALS) -built_in_bin.o: $(obj-bin-y) $(extra-y) +$(obj)/built_in_bin.o: $(obj-bin-y) ifeq ($(strip $(obj-bin-y)),) $(CC) $(a_flags) -c -x assembler /dev/null -o $@ else @@ -155,23 +191,15 @@ endif PHONY += FORCE FORCE: -%/built_in.o %/lib.a: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in.o - -%/built_in_bin.o: FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C $* built_in_bin.o - -SRCPATH := $(patsubst $(BASEDIR)/%,%,$(CURDIR)) - quiet_cmd_cc_o_c = CC $@ ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@ - ifeq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) - cmd_objcopy_fix_sym = $(OBJCOPY) --redefine-sym $<=$(SRCPATH)/$< $(dot-target).tmp $@ + ifneq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) + cmd_objcopy_fix_sym = \ + $(OBJCOPY) --redefine-sym $( .lds quiet_cmd_cpp_lds_S = LDS $@ cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -D__LINKER__ -MQ $@ -o $@ $< +targets := $(filter-out $(PHONY), $(targets)) + # Add intermediate targets: # When building objects with specific suffix patterns, add intermediate # targets that the final targets are derived from. @@ -239,7 +269,18 @@ intermediate_targets = $(foreach sfx, $(2), \ # %.init.o <- %.o targets += $(call intermediate_targets, .init.o, .o) --include $(DEPS_INCLUDE) +# Build +# --------------------------------------------------------------------------- + +__build: $(targets-for-builtin) $(subdir-y) + @: + +# Descending +# --------------------------------------------------------------------------- + +PHONY += $(subdir-y) +$(subdir-y): + $(Q)$(MAKE) $(build)=$@ need-builtin=$(if $(filter $@/built_in.o, $(subdir-builtin)),1) # Read all saved command lines and dependencies for the $(targets) we # may be building above, using $(if_changed{,_dep}). As an @@ -250,6 +291,9 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) +DEPS := $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).d) +-include $(DEPS_INCLUDE) + # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index c993ce72a3..fd24f0212f 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -95,12 +95,12 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds $(BASEDIR)/common/symbols-dummy.o -o $(@D)/.$(@F).0 $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/xen/arch/arm/Rules.mk b/xen/arch/arm/Rules.mk index c6463a433e..e69de29bb2 100644 --- a/xen/arch/arm/Rules.mk +++ b/xen/arch/arm/Rules.mk @@ -1,4 +0,0 @@ -# head.o is built by descending into arch/arm/$(TARGET_SUBARCH), depends on the -# part of $(ALL_OBJS) that will eventually recurse into $(TARGET_SUBARCH)/ and -# build head.o -arch/arm/$(TARGET_SUBARCH)/head.o: arch/arm/built_in.o ; diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index ba3f140e2e..4e3f701430 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -1,8 +1,8 @@ ######################################## # arm-specific definitions -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-Wnested-externs) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 39ae6ffea9..694ba053ce 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,5 +11,5 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c # -mcmodel=medlow would force Xen into the lower half. CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index b90146b756..77d90d6eae 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -80,6 +80,9 @@ endif extra-y += asm-macros.i extra-y += xen.lds +# Allows usercopy.c to include itself +$(obj)/usercopy.o: CFLAGS-y += -iquote . + ifneq ($(CONFIG_HVM),y) $(obj)/x86_emulate.o: CFLAGS-y += -Wno-unused-label endif @@ -129,13 +132,13 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds $(NM) -pa --format=sysv $(@D)/.$(@F).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort \ >$(@D)/.$(@F).0.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).0.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).0.o -o $(@D)/.$(@F).1 $(NM) -pa --format=sysv $(@D)/.$(@F).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort $(syms-warn-dup-y) \ >$(@D)/.$(@F).1.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1.o + $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ @@ -202,14 +205,14 @@ endif $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o + $(MAKE) $(build)=$(@D) .$(@F).0r.o .$(@F).0s.o $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ $(LD) $(call EFI_LDFLAGS,$(base)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : $(MKRELOC) $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S - $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o + $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ diff --git a/xen/arch/x86/Rules.mk b/xen/arch/x86/Rules.mk index 7aef93f5f3..ff7c7dd68a 100644 --- a/xen/arch/x86/Rules.mk +++ b/xen/arch/x86/Rules.mk @@ -2,9 +2,9 @@ # x86-specific definitions ifneq ($(filter -DHAVE_AS_QUOTED_SYM,$(XEN_CFLAGS)),) -object_label_flags = '-D__OBJECT_LABEL__=$(subst $(BASEDIR)/,,$(CURDIR))/$@' +object_label_flags = '-D__OBJECT_LABEL__=$@' else -object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$(subst $(BASEDIR)/,,$(CURDIR))/$@))' +object_label_flags = '-D__OBJECT_LABEL__=$(subst /,$$,$(subst -,_,$@))' endif c_flags += $(object_label_flags) $(CFLAGS_stack_boundary) a_flags += $(object_label_flags) $(CFLAGS_stack_boundary) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 92fd198110..d6ae4cc2f5 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -3,10 +3,10 @@ export XEN_IMG_OFFSET := 0x200000 -CFLAGS += -I$(BASEDIR)/include -CFLAGS += -I$(BASEDIR)/arch/$(TARGET_ARCH)/include -CFLAGS += -I$(BASEDIR)/arch/x86/include/asm/mach-generic -CFLAGS += -I$(BASEDIR)/arch/x86/include/asm/mach-default +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include +CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-generic +CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-default CFLAGS += -DXEN_IMG_OFFSET=$(XEN_IMG_OFFSET) # Prevent floating-point variables from creeping into Xen. @@ -99,7 +99,7 @@ efi-nr-fixups := $(shell $(OBJDUMP) -p $(efi-check).efi | grep '^[[:blank:]]*rel ifeq ($(efi-nr-fixups),2) MKRELOC := : else -MKRELOC := efi/mkreloc +MKRELOC := arch/x86/efi/mkreloc # If the linker produced fixups but not precisely two of them, we need to # disable it doing so. But if it didn't produce any fixups, it also wouldn't # recognize the option. @@ -115,6 +115,6 @@ export EFI_LDFLAGS endif # Set up the assembler include path properly for older toolchains. -CFLAGS += -Wa,-I$(BASEDIR)/include +CFLAGS += -Wa,-I$(srctree)/include ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 0aec8a4643..ba732e4a88 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,8 +1,8 @@ obj-bin-y += head.o -DEFS_H_DEPS = $(src)/defs.h $(BASEDIR)/include/xen/stdbool.h +DEFS_H_DEPS = $(abs_srctree)/$(src)/defs.h $(abs_srctree)/include/xen/stdbool.h -CMDLINE_DEPS = $(DEFS_H_DEPS) $(src)/video.h \ +CMDLINE_DEPS = $(DEFS_H_DEPS) $(abs_srctree)/$(src)/video.h \ $(BASEDIR)/include/xen/kconfig.h \ $(BASEDIR)/include/generated/autoconf.h @@ -17,7 +17,7 @@ RELOC_DEPS = $(DEFS_H_DEPS) \ $(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S $(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds - $(MAKE) -f build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" + $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" $(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds - $(MAKE) -f build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" + $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" diff --git a/xen/build.mk b/xen/build.mk index af1b283113..487db14c58 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -60,6 +60,16 @@ arch/$(TARGET_ARCH)/include/asm/asm-offsets.h: asm-offsets.s echo ""; \ echo "#endif") <$< >$@ +build-dirs := $(patsubst %/built_in.o,%,$(filter %/built_in.o,$(ALL_OBJS) $(ALL_LIBS))) + +# The actual objects are generated when descending, +# make sure no implicit rule kicks in +$(sort $(ALL_OBJS) $(ALL_LIBS)): $(build-dirs) ; + +PHONY += $(build-dirs) +$(build-dirs): FORCE + $(Q)$(MAKE) $(build)=$@ need-builtin=1 + ifeq ($(CONFIG_LTO),y) # Gather all LTO objects together prelink_lto.o: $(ALL_OBJS) $(ALL_LIBS) @@ -76,4 +86,4 @@ endif targets += prelink.o $(TARGET): prelink.o FORCE - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) $@ + $(Q)$(MAKE) $(build)=arch/$(TARGET_ARCH) $@ diff --git a/xen/include/Makefile b/xen/include/Makefile index d2f5a956a1..cd40d5b4c9 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -61,7 +61,7 @@ $(obj)/compat/.xlat/%.h: $(obj)/compat/%.h $(obj)/compat/.xlat/%.lst $(BASEDIR)/ export PYTHON=$(PYTHON); \ while read what name; do \ $(SHELL) $(BASEDIR)/tools/get-fields.sh "$$what" compat_$$name $< || exit $$?; \ - done <$(patsubst compat/%,compat/.xlat/%,$(basename $<)).lst >$@.new + done <$(patsubst $(obj)/compat/%,$(obj)/compat/.xlat/%,$(basename $<)).lst >$@.new mv -f $@.new $@ .PRECIOUS: $(obj)/compat/.xlat/%.lst @@ -86,8 +86,8 @@ PUBLIC_HEADERS := $(filter-out $(src)/public/arch-% $(src)/public/dom0_ops.h, $( PUBLIC_C99_HEADERS := $(src)/public/io/9pfs.h $(src)/public/io/pvcalls.h PUBLIC_ANSI_HEADERS := $(filter-out $(src)/public/%ctl.h $(src)/public/xsm/% $(src)/public/%hvm/save.h $(PUBLIC_C99_HEADERS), $(PUBLIC_HEADERS)) -public/io/9pfs.h-prereq := string -public/io/pvcalls.h-prereq := string +$(src)/public/io/9pfs.h-prereq := string +$(src)/public/io/pvcalls.h-prereq := string $(obj)/headers.chk: $(PUBLIC_ANSI_HEADERS) $(src)/Makefile for i in $(filter %.h,$^); do \ diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 4875bb28c2..c159136adb 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -61,6 +61,12 @@ cc-ifversion = $(shell [ $(CONFIG_GCC_VERSION)0 $(1) $(2)000 ] && echo $(3) || e clang-ifversion = $(shell [ $(CONFIG_CLANG_VERSION)0 $(1) $(2)000 ] && echo $(3) || echo $(4)) +### +# Shorthand for $(Q)$(MAKE) -f scripts/Makefile.build obj= +# Usage: +# $(Q)$(MAKE) $(build)=dir +build := -f $(srctree)/Rules.mk obj + # Shorthand for $(MAKE) clean # Usage: # $(MAKE) $(clean) dir diff --git a/xen/test/Makefile b/xen/test/Makefile index 41e4d7bdb7..080763c807 100644 --- a/xen/test/Makefile +++ b/xen/test/Makefile @@ -1,13 +1,10 @@ -tests all: build - - ifneq ($(XEN_TARGET_ARCH),x86_32) # Xen 32-bit x86 hypervisor no longer supported, so has no test livepatches subdir-y += livepatch endif -install build subtree-force-update uninstall: %: +install uninstall: %: set -e; for s in $(subdir-y); do \ - $(MAKE) -f $(BASEDIR)/Rules.mk -C $$s $*; \ + $(MAKE) $(build)=$$s $*; \ done diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index 69fadccd01..afb8d589ec 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -11,9 +11,6 @@ endif CODE_ADDR=$(shell nm --defined $(1) | grep $(2) | awk '{print "0x"$$1}') CODE_SZ=$(shell nm --defined -S $(1) | grep $(2) | awk '{ print "0x"$$2}') -.PHONY: default -build default: livepatch - extra-y += xen_hello_world.livepatch xen_hello_world-objs := xen_hello_world_func.o xen_hello_world.o note.o xen_note.o modinfo.o $(obj)/xen_hello_world.o: $(obj)/config.h @@ -156,9 +153,6 @@ LIVEPATCHES := $(filter %.livepatch,$(extra-y)) LIVEPATCH_DEBUG_DIR ?= $(DEBUG_DIR)/xen-livepatch -.PHONY: livepatch -livepatch: $(LIVEPATCHES) - install: $(addprefix $(obj)/,$(LIVEPATCHES)) $(INSTALL_DIR) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) $(INSTALL_DATA) $(addprefix $(obj)/,$(LIVEPATCHES)) $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 51fd37f6c4..49cf730cf0 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -40,7 +40,7 @@ $(obj)/flask-policy.S: $(BASEDIR)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/policy.bin xsm_flask_init_policy) targets += flask-policy.S -FLASK_BUILD_DIR := $(CURDIR) +FLASK_BUILD_DIR := $(abs_objtree)/$(obj) POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION) $(obj)/policy.bin: FORCE diff --git a/xen/xsm/flask/ss/Makefile b/xen/xsm/flask/ss/Makefile index d32b9e0713..aba1339f38 100644 --- a/xen/xsm/flask/ss/Makefile +++ b/xen/xsm/flask/ss/Makefile @@ -8,4 +8,4 @@ obj-y += services.o obj-y += conditional.o obj-y += mls.o -CFLAGS-y += -I../include +CFLAGS-y += -I$(srctree)/xsm/flask/include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279687.477452 (Exim 4.92) (envelope-from ) id 1nNnfP-0006cB-Bp; Sat, 26 Feb 2022 03:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279687.477452; Sat, 26 Feb 2022 03:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfP-0006bz-8R; Sat, 26 Feb 2022 03:22:43 +0000 Received: by outflank-mailman (input) for mailman id 279687; Sat, 26 Feb 2022 03:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfO-0006bn-1g for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfO-0002uN-0r for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnfN-0006sw-W5 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IH4GrtK3/EH9fJz0OCA3297MEVV3t/ebnaOrcxOLBBc=; b=ZEWtufoSuuL5ZoUkyIvBXrH+8K dIIznuZgsR/i3Kv7if696Q14xis2Tv01tuAZywUi7Apbewh713TsLf5sktdFKsBBv2qfsU7sNap2Y h26q+sC3exnKEvVyAeu7QFcgNPtYvxLZzl4hSF6y+2NwBj0xj5bBthAa/YkMyggCXnwM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: introduce if_changed_deps Message-Id: Date: Sat, 26 Feb 2022 03:22:41 +0000 commit 06ef696c85a7b170a91527a0f1c94f49cb3a2bd2 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:01:51 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:01:51 2022 +0100 build: introduce if_changed_deps This macro does compare command line like if_changed, but it also rewrite the dependencies generated by $(CC) in order to depend on a CONFIG_* as generated by kconfig instead of depending on autoconf.h. This allow to make a change in kconfig options and only rebuild the object that uses that CONFIG_* option. cmd_and_record isn't needed anymore as it is replace by cmd_and_fixdep. There's only one .*.d dependency file left which is explicitly included as a workound, all the other are been absorb into the .*.cmd dependency files via `fixdep`. So including .*.d can be removed from the makefile. Also adjust "cloc" recipe due to .*.d been replace by .*.cmd files. This imports fixdep.c and if_changed_deps macro from Linux v5.12. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- .gitignore | 1 + xen/Makefile | 15 +- xen/Rules.mk | 17 +- xen/arch/x86/Makefile | 8 +- xen/build.mk | 1 + xen/scripts/Kbuild.include | 17 +- xen/tools/Makefile | 7 +- xen/tools/fixdep.c | 404 +++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 441 insertions(+), 29 deletions(-) diff --git a/.gitignore b/.gitignore index 2403841e49..d425be4bd9 100644 --- a/.gitignore +++ b/.gitignore @@ -328,6 +328,7 @@ xen/include/xen/lib/x86/cpuid-autogen.h xen/test/livepatch/config.h xen/test/livepatch/expect_config.h xen/test/livepatch/*.livepatch +xen/tools/fixdep xen/tools/kconfig/.tmp_gtkcheck xen/tools/kconfig/.tmp_qtcheck xen/tools/symbols diff --git a/xen/Makefile b/xen/Makefile index 7912e35503..e1171f89e5 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -196,6 +196,13 @@ export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xe export root-make-done := y endif # root-make-done +# =========================================================================== +# Rules shared between *config targets and build targets + +PHONY += tools_fixdep +tools_fixdep: + $(MAKE) -C tools fixdep + # Shorthand for kconfig kconfig = -f $(BASEDIR)/tools/kconfig/Makefile.kconfig ARCH=$(ARCH) SRCARCH=$(SRCARCH) HOSTCC="$(HOSTCC)" HOSTCXX="$(HOSTCXX)" @@ -471,18 +478,18 @@ cscope: _MAP: $(NM) -n $(TARGET)-syms | grep -v '\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)' > System.map -%.o %.i %.s: %.c FORCE +%.o %.i %.s: %.c tools_fixdep FORCE $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) -%.o %.s: %.S FORCE +%.o %.s: %.S tools_fixdep FORCE $(Q)$(MAKE) $(build)=$(*D) $(*D)/$(@F) -%/: FORCE +%/: tools_fixdep FORCE $(Q)$(MAKE) $(build)=$* need-builtin=1 .PHONY: cloc cloc: - find . -name tools -prune -o -name '*.o.d' -print | while read f; do \ + find . -name tools -prune -o -name '*.o.cmd' -print | while read f; do \ for sf in $$(grep -o "[a-zA-Z0-9_/-]*\.[cS]" $$f); do \ test -f "$$sf" && echo "$$sf"; \ done; \ diff --git a/xen/Rules.mk b/xen/Rules.mk index 67112e0077..567a23a54c 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -147,8 +147,8 @@ cpp_flags = $(filter-out -Wa$(comma)% -flto,$(1)) # Calculation of flags, first the generic flags, then the arch specific flags, # and last the flags modified for a target or a directory. -c_flags = -MMD -MP -MF $(@D)/.$(@F).d $(XEN_CFLAGS) -a_flags = -MMD -MP -MF $(@D)/.$(@F).d $(XEN_AFLAGS) +c_flags = -MMD -MP -MF $(depfile) $(XEN_CFLAGS) +a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk @@ -205,7 +205,7 @@ else endif define rule_cc_o_c - $(call cmd_and_record,cc_o_c) + $(call cmd_and_fixdep,cc_o_c) $(call cmd,objcopy_fix_sym) endef @@ -216,7 +216,7 @@ quiet_cmd_cc_o_S = CC $@ cmd_cc_o_S = $(CC) $(a_flags) -c $< -o $@ $(obj)/%.o: $(src)/%.S FORCE - $(call if_changed,cc_o_S) + $(call if_changed_dep,cc_o_S) quiet_cmd_obj_init_o = INIT_O $@ @@ -246,13 +246,13 @@ quiet_cmd_cpp_s_S = CPP $@ cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< $(obj)/%.i: $(src)/%.c FORCE - $(call if_changed,cpp_i_c) + $(call if_changed_dep,cpp_i_c) $(obj)/%.s: $(src)/%.c FORCE - $(call if_changed,cc_s_c) + $(call if_changed_dep,cc_s_c) $(obj)/%.s: $(src)/%.S FORCE - $(call if_changed,cpp_s_S) + $(call if_changed_dep,cpp_s_S) # Linker scripts, .lds.S -> .lds quiet_cmd_cpp_lds_S = LDS $@ @@ -291,9 +291,6 @@ existing-targets := $(wildcard $(sort $(targets))) -include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) -DEPS := $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).d) --include $(DEPS_INCLUDE) - # Declare the contents of the PHONY variable as phony. We keep that # information in a variable so we can use it in if_changed and friends. .PHONY: $(PHONY) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 77d90d6eae..9107cf2ce2 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -251,7 +251,7 @@ $(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefil $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE - $(call if_changed,cpp_lds_S) + $(call if_changed_dep,cpp_lds_S) $(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< @@ -267,9 +267,3 @@ clean:: rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin rm -f note.o - -# Suppress loading of DEPS files for internal, temporary target files. This -# then also suppresses re-generation of the respective .*.d2 files. -ifeq ($(filter-out .xen%.o,$(notdir $(MAKECMDGOALS))),) -DEPS_INCLUDE:= -endif diff --git a/xen/build.mk b/xen/build.mk index 487db14c58..e718743ef7 100644 --- a/xen/build.mk +++ b/xen/build.mk @@ -40,6 +40,7 @@ include/xen/compile.h: include/xen/compile.h.in .banner FORCE targets += include/xen/compile.h +-include $(wildcard .asm-offsets.s.d) asm-offsets.s: arch/$(TARGET_ARCH)/$(TARGET_SUBARCH)/asm-offsets.c $(CC) $(call cpp_flags,$(c_flags)) -S -g0 -o $@.new -MQ $@ $< $(call move-if-changed,$@.new,$@) diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index c159136adb..872adfb456 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -15,8 +15,7 @@ dot-target = $(@D)/.$(@F) ### # dependencies -DEPS = .*.d -DEPS_INCLUDE = $(addsuffix .d2, $(basename $(wildcard $(DEPS)))) +depfile = $(dot-target).d ### # real prerequisites without phony targets @@ -83,6 +82,8 @@ cmd = @set -e; $(echo-cmd) $(cmd_$(1)) ### # if_changed - execute command if any prerequisite is newer than # target, or command line has changed +# if_changed_dep - as if_changed, but uses fixdep to reveal dependencies +# including used config symbols # if_changed_rule - as if_changed but execute rule instead ifneq ($(KBUILD_NOCMDDEP),1) @@ -111,15 +112,19 @@ if_changed = $(if $(any-prereq)$(cmd-check), \ $(cmd); \ printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) +# Execute the command and also postprocess generated .d dependencies file. +if_changed_dep = $(if $(any-prereq)$(cmd-check),$(cmd_and_fixdep),@:) + +cmd_and_fixdep = \ + $(cmd); \ + tools/fixdep $(depfile) $@ '$(make-cmd)' > $(dot-target).cmd; \ + rm -f $(depfile) + # Usage: $(call if_changed_rule,foo) # Will check if $(cmd_foo) or any of the prerequisites changed, # and if so will execute $(rule_foo). if_changed_rule = $(if $(any-prereq)$(cmd-check),$(rule_$(1)),@:) -cmd_and_record = \ - $(cmd); \ - printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd - ### # why - tell why a target got built # enabled by make V=2 diff --git a/xen/tools/Makefile b/xen/tools/Makefile index 4e42163f98..722f366454 100644 --- a/xen/tools/Makefile +++ b/xen/tools/Makefile @@ -2,11 +2,14 @@ include $(XEN_ROOT)/Config.mk .PHONY: default -default: symbols +default: symbols fixdep .PHONY: clean clean: - rm -f *.o symbols + rm -f *.o symbols fixdep symbols: symbols.c $(HOSTCC) $(HOSTCFLAGS) -o $@ $< + +fixdep: fixdep.c + $(HOSTCC) $(HOSTCFLAGS) -o $@ $< diff --git a/xen/tools/fixdep.c b/xen/tools/fixdep.c new file mode 100644 index 0000000000..d985405529 --- /dev/null +++ b/xen/tools/fixdep.c @@ -0,0 +1,404 @@ +/* + * "Optimize" a list of dependencies as spit out by gcc -MD + * for the kernel build + * =========================================================================== + * + * Author Kai Germaschewski + * Copyright 2002 by Kai Germaschewski + * + * This software may be used and distributed according to the terms + * of the GNU General Public License, incorporated herein by reference. + * + * + * Introduction: + * + * gcc produces a very nice and correct list of dependencies which + * tells make when to remake a file. + * + * To use this list as-is however has the drawback that virtually + * every file in the kernel includes autoconf.h. + * + * If the user re-runs make *config, autoconf.h will be + * regenerated. make notices that and will rebuild every file which + * includes autoconf.h, i.e. basically all files. This is extremely + * annoying if the user just changed CONFIG_HIS_DRIVER from n to m. + * + * So we play the same trick that "mkdep" played before. We replace + * the dependency on autoconf.h by a dependency on every config + * option which is mentioned in any of the listed prerequisites. + * + * kconfig populates a tree in include/config/ with an empty file + * for each config symbol and when the configuration is updated + * the files representing changed config options are touched + * which then let make pick up the changes and the files that use + * the config symbols are rebuilt. + * + * So if the user changes his CONFIG_HIS_DRIVER option, only the objects + * which depend on "include/config/his/driver.h" will be rebuilt, + * so most likely only his driver ;-) + * + * The idea above dates, by the way, back to Michael E Chastain, AFAIK. + * + * So to get dependencies right, there are two issues: + * o if any of the files the compiler read changed, we need to rebuild + * o if the command line given to the compile the file changed, we + * better rebuild as well. + * + * The former is handled by using the -MD output, the later by saving + * the command line used to compile the old object and comparing it + * to the one we would now use. + * + * Again, also this idea is pretty old and has been discussed on + * kbuild-devel a long time ago. I don't have a sensibly working + * internet connection right now, so I rather don't mention names + * without double checking. + * + * This code here has been based partially based on mkdep.c, which + * says the following about its history: + * + * Copyright abandoned, Michael Chastain, . + * This is a C version of syncdep.pl by Werner Almesberger. + * + * + * It is invoked as + * + * fixdep + * + * and will read the dependency file + * + * The transformed dependency snipped is written to stdout. + * + * It first generates a line + * + * cmd_ = + * + * and then basically copies the ..d file to stdout, in the + * process filtering out the dependency on autoconf.h and adding + * dependencies on include/config/my/option.h for every + * CONFIG_MY_OPTION encountered in any of the prerequisites. + * + * We don't even try to really parse the header files, but + * merely grep, i.e. if CONFIG_FOO is mentioned in a comment, it will + * be picked up as well. It's not a problem with respect to + * correctness, since that can only give too many dependencies, thus + * we cannot miss a rebuild. Since people tend to not mention totally + * unrelated CONFIG_ options all over the place, it's not an + * efficiency problem either. + * + * (Note: it'd be easy to port over the complete mkdep state machine, + * but I don't think the added complexity is worth it) + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void usage(void) +{ + fprintf(stderr, "Usage: fixdep \n"); + exit(1); +} + +/* + * In the intended usage of this program, the stdout is redirected to .*.cmd + * files. The return value of printf() and putchar() must be checked to catch + * any error, e.g. "No space left on device". + */ +static void xprintf(const char *format, ...) +{ + va_list ap; + int ret; + + va_start(ap, format); + ret = vprintf(format, ap); + if (ret < 0) { + perror("fixdep"); + exit(1); + } + va_end(ap); +} + +static void xputchar(int c) +{ + int ret; + + ret = putchar(c); + if (ret == EOF) { + perror("fixdep"); + exit(1); + } +} + +/* + * Print out a dependency path from a symbol name + */ +static void print_dep(const char *m, int slen, const char *dir) +{ + int c, prev_c = '/', i; + + xprintf(" $(wildcard %s/", dir); + for (i = 0; i < slen; i++) { + c = m[i]; + if (c == '_') + c = '/'; + else + c = tolower(c); + if (c != '/' || prev_c != '/') + xputchar(c); + prev_c = c; + } + xprintf(".h) \\\n"); +} + +struct item { + struct item *next; + unsigned int len; + unsigned int hash; + char name[]; +}; + +#define HASHSZ 256 +static struct item *hashtab[HASHSZ]; + +static unsigned int strhash(const char *str, unsigned int sz) +{ + /* fnv32 hash */ + unsigned int i, hash = 2166136261U; + + for (i = 0; i < sz; i++) + hash = (hash ^ str[i]) * 0x01000193; + return hash; +} + +/* + * Lookup a value in the configuration string. + */ +static int is_defined_config(const char *name, int len, unsigned int hash) +{ + struct item *aux; + + for (aux = hashtab[hash % HASHSZ]; aux; aux = aux->next) { + if (aux->hash == hash && aux->len == len && + memcmp(aux->name, name, len) == 0) + return 1; + } + return 0; +} + +/* + * Add a new value to the configuration string. + */ +static void define_config(const char *name, int len, unsigned int hash) +{ + struct item *aux = malloc(sizeof(*aux) + len); + + if (!aux) { + perror("fixdep:malloc"); + exit(1); + } + memcpy(aux->name, name, len); + aux->len = len; + aux->hash = hash; + aux->next = hashtab[hash % HASHSZ]; + hashtab[hash % HASHSZ] = aux; +} + +/* + * Record the use of a CONFIG_* word. + */ +static void use_config(const char *m, int slen) +{ + unsigned int hash = strhash(m, slen); + + if (is_defined_config(m, slen, hash)) + return; + + define_config(m, slen, hash); + print_dep(m, slen, "include/config"); +} + +/* test if s ends in sub */ +static int str_ends_with(const char *s, int slen, const char *sub) +{ + int sublen = strlen(sub); + + if (sublen > slen) + return 0; + + return !memcmp(s + slen - sublen, sub, sublen); +} + +static void parse_config_file(const char *p) +{ + const char *q, *r; + const char *start = p; + + while ((p = strstr(p, "CONFIG_"))) { + if (p > start && (isalnum(p[-1]) || p[-1] == '_')) { + p += 7; + continue; + } + p += 7; + q = p; + while (isalnum(*q) || *q == '_') + q++; + if (str_ends_with(p, q - p, "_MODULE")) + r = q - 7; + else + r = q; + if (r > p) + use_config(p, r - p); + p = q; + } +} + +static void *read_file(const char *filename) +{ + struct stat st; + int fd; + char *buf; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "fixdep: error opening file: "); + perror(filename); + exit(2); + } + if (fstat(fd, &st) < 0) { + fprintf(stderr, "fixdep: error fstat'ing file: "); + perror(filename); + exit(2); + } + buf = malloc(st.st_size + 1); + if (!buf) { + perror("fixdep: malloc"); + exit(2); + } + if (read(fd, buf, st.st_size) != st.st_size) { + perror("fixdep: read"); + exit(2); + } + buf[st.st_size] = '\0'; + close(fd); + + return buf; +} + +/* Ignore certain dependencies */ +static int is_ignored_file(const char *s, int len) +{ + return str_ends_with(s, len, "include/generated/autoconf.h") || + str_ends_with(s, len, "include/generated/autoksyms.h"); +} + +/* + * Important: The below generated source_foo.o and deps_foo.o variable + * assignments are parsed not only by make, but also by the rather simple + * parser in scripts/mod/sumversion.c. + */ +static void parse_dep_file(char *m, const char *target) +{ + char *p; + int is_last, is_target; + int saw_any_target = 0; + int is_first_dep = 0; + void *buf; + + while (1) { + /* Skip any "white space" */ + while (*m == ' ' || *m == '\\' || *m == '\n') + m++; + + if (!*m) + break; + + /* Find next "white space" */ + p = m; + while (*p && *p != ' ' && *p != '\\' && *p != '\n') + p++; + is_last = (*p == '\0'); + /* Is the token we found a target name? */ + is_target = (*(p-1) == ':'); + /* Don't write any target names into the dependency file */ + if (is_target) { + /* The /next/ file is the first dependency */ + is_first_dep = 1; + } else if (!is_ignored_file(m, p - m)) { + *p = '\0'; + + /* + * Do not list the source file as dependency, so that + * kbuild is not confused if a .c file is rewritten + * into .S or vice versa. Storing it in source_* is + * needed for modpost to compute srcversions. + */ + if (is_first_dep) { + /* + * If processing the concatenation of multiple + * dependency files, only process the first + * target name, which will be the original + * source name, and ignore any other target + * names, which will be intermediate temporary + * files. + */ + if (!saw_any_target) { + saw_any_target = 1; + xprintf("source_%s := %s\n\n", + target, m); + xprintf("deps_%s := \\\n", target); + } + is_first_dep = 0; + } else { + xprintf(" %s \\\n", m); + } + + buf = read_file(m); + parse_config_file(buf); + free(buf); + } + + if (is_last) + break; + + /* + * Start searching for next token immediately after the first + * "whitespace" character that follows this token. + */ + m = p + 1; + } + + if (!saw_any_target) { + fprintf(stderr, "fixdep: parse error; no targets found\n"); + exit(1); + } + + xprintf("\n%s: $(deps_%s)\n\n", target, target); + xprintf("$(deps_%s):\n", target); +} + +int main(int argc, char *argv[]) +{ + const char *depfile, *target, *cmdline; + void *buf; + + if (argc != 4) + usage(); + + depfile = argv[1]; + target = argv[2]; + cmdline = argv[3]; + + xprintf("cmd_%s := %s\n\n", target, cmdline); + + buf = read_file(depfile); + parse_dep_file(buf, target); + free(buf); + + return 0; +} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279688.477455 (Exim 4.92) (envelope-from ) id 1nNnfZ-0006fO-EV; Sat, 26 Feb 2022 03:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279688.477455; Sat, 26 Feb 2022 03:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfZ-0006fG-BV; Sat, 26 Feb 2022 03:22:53 +0000 Received: by outflank-mailman (input) for mailman id 279688; Sat, 26 Feb 2022 03:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfY-0006f6-4O for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfY-0002uX-3e for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnfY-0006tZ-31 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kh6Ygpkcz2d3MQ2wLIaXT+8ZFx0OfVt0QhuBZIXwJ3A=; b=XvpLtChdu3o56faGg2p80nF5n+ EN9xkdI5bNeBBBrx4HSUOny5ERdqD8umKjwfS0gsxXui7O74zsTm8xVa3tckYgdM9UBk8XRXdo5ey 18H1P48q3SuidoaTVJ4gi3Zlm23UkVGt6I8J0aRu67EOWF1YS0W8mK6XN3b6hAIrMQUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rename __LINKER__ to LINKER_SCRIPT Message-Id: Date: Sat, 26 Feb 2022 03:22:52 +0000 commit 04787e095a3dbca026c88b3ff786ada59b688f33 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:17 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:17 2022 +0100 build: rename __LINKER__ to LINKER_SCRIPT For two reasons: this macro is used to generate a "linker script" and is not by the linker, and name starting with an underscore '_' are supposed to be reserved, so better avoid them when not needed. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Rules.mk | 2 +- xen/arch/arm/include/asm/config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 567a23a54c..fea3f70cdb 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -256,7 +256,7 @@ $(obj)/%.s: $(src)/%.S FORCE # Linker scripts, .lds.S -> .lds quiet_cmd_cpp_lds_S = LDS $@ -cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -D__LINKER__ -MQ $@ -o $@ $< +cmd_cpp_lds_S = $(CPP) -P $(call cpp_flags,$(a_flags)) -DLINKER_SCRIPT -MQ $@ -o $@ $< targets := $(filter-out $(PHONY), $(targets)) diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index c7b7791201..2aced0bc3b 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -191,7 +191,7 @@ extern unsigned long frametable_virt_end; #define watchdog_disable() ((void)0) #define watchdog_enable() ((void)0) -#if defined(__ASSEMBLY__) && !defined(__LINKER__) +#if defined(__ASSEMBLY__) && !defined(LINKER_SCRIPT) #include #include #endif -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279689.477459 (Exim 4.92) (envelope-from ) id 1nNnfj-0006iU-Ge; Sat, 26 Feb 2022 03:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279689.477459; Sat, 26 Feb 2022 03:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfj-0006iN-D6; Sat, 26 Feb 2022 03:23:03 +0000 Received: by outflank-mailman (input) for mailman id 279689; Sat, 26 Feb 2022 03:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfi-0006i9-7Y for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfi-0002ux-6l for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnfi-0006uH-5y for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hB0tukhruOU9McoIR7D9jGBvuT7BDN21QbqtDvR+ioA=; b=oNHc0598Zl4/wGFklCbjPxhPXc x59E3OyfJ9IMMTX6VrRqFMuHxlSm+S10tGc4gEbPE/jtodnOnvXqL8RaiLBeGgqnOojUTG00wfTs0 2SbeO1Hep/AQrm/2RNTaBFiGnyXvOG4mj4MU1F0H4VQhQjhOnkPRFDTc8O9E2YRuvK+I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: hook kconfig into xen build system Message-Id: Date: Sat, 26 Feb 2022 03:23:02 +0000 commit 317c98cb91e43cb921ca53ed2059aada07728d7e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:35 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:35 2022 +0100 build: hook kconfig into xen build system Now that xen's build system is very close to Linux's ones, we can hook "Makefile.host" into Xen's build system, and we can build Kconfig with that. "tools/kconfig/Makefile" now needs a workaround to not rebuild "$(XEN_ROOT)/.config", as `make` tries the rules "%.config" which fails with: tools/kconfig/Makefile:95: *** No configuration exists for this target on this architecture. Stop. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 34 ++++--- xen/Rules.mk | 13 ++- xen/scripts/Kbuild.include | 31 +++++++ xen/scripts/Makefile.clean | 11 ++- xen/scripts/Makefile.host | 184 +++++++++++++++++++++++++++++++++++++ xen/tools/kconfig/Makefile | 3 + xen/tools/kconfig/Makefile.host | 181 ------------------------------------ xen/tools/kconfig/Makefile.kconfig | 106 --------------------- 8 files changed, 263 insertions(+), 300 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index e1171f89e5..c95655b502 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -40,6 +40,7 @@ ARCH=$(XEN_TARGET_ARCH) SRCARCH=$(shell echo $(ARCH) | \ sed -e 's/x86.*/x86/' -e s'/arm\(32\|64\)/arm/g' \ -e s'/riscv.*/riscv/g') +export ARCH SRCARCH # Don't break if the build process wasn't called from the top level # we need XEN_TARGET_ARCH to generate the proper config @@ -163,6 +164,13 @@ ifneq ($(filter %config,$(MAKECMDGOALS)),) config-build := y endif +export CONFIG_SHELL := $(SHELL) +export YACC = $(if $(BISON),$(BISON),bison) +export LEX = $(if $(FLEX),$(FLEX),flex) + +# Default file for 'make defconfig'. +export KBUILD_DEFCONFIG := $(ARCH)_defconfig + # CLANG_FLAGS needs to be calculated before calling Kconfig ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS := @@ -203,9 +211,6 @@ PHONY += tools_fixdep tools_fixdep: $(MAKE) -C tools fixdep -# Shorthand for kconfig -kconfig = -f $(BASEDIR)/tools/kconfig/Makefile.kconfig ARCH=$(ARCH) SRCARCH=$(SRCARCH) HOSTCC="$(HOSTCC)" HOSTCXX="$(HOSTCXX)" - ifeq ($(config-build),y) # =========================================================================== # *config targets only - make sure prerequisites are updated, and descend @@ -221,14 +226,14 @@ filechk_kconfig_allconfig = \ .allconfig.tmp: FORCE set -e; { $(call filechk_kconfig_allconfig); } > $@ -config: FORCE - $(MAKE) $(kconfig) $@ +config: tools_fixdep FORCE + $(Q)$(MAKE) $(build)=tools/kconfig $@ # Config.mk tries to include .config file, don't try to remake it %/.config: ; -%config: .allconfig.tmp FORCE - $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@ +%config: .allconfig.tmp tools_fixdep FORCE + $(Q)$(MAKE) $(build)=tools/kconfig KCONFIG_ALLCONFIG=$< $@ else # !config-build @@ -238,9 +243,15 @@ ifeq ($(need-config),y) # changes are detected. -include include/config/auto.conf.cmd +# This allows make to build fixdep before invoking defconfig. We can't use +# "tools_fixdep" which is a .PHONY target and would force make to call +# "defconfig" again to update $(KCONFIG_CONFIG). +tools/fixdep: + $(MAKE) -C tools fixdep + # Allow people to just run `make` as before and not force them to configure -$(KCONFIG_CONFIG): - $(MAKE) $(kconfig) defconfig +$(KCONFIG_CONFIG): tools/fixdep + $(Q)$(MAKE) $(build)=tools/kconfig defconfig # The actual configuration files used during the build are stored in # include/generated/ and include/config/. Update them if .config is newer than @@ -249,7 +260,7 @@ $(KCONFIG_CONFIG): # This exploits the 'multi-target pattern rule' trick. # The syncconfig should be executed only once to make all the targets. include/config/%.conf include/config/%.conf.cmd: $(KCONFIG_CONFIG) - $(MAKE) $(kconfig) syncconfig + $(Q)$(MAKE) $(build)=tools/kconfig syncconfig ifeq ($(CONFIG_DEBUG),y) CFLAGS += -O1 @@ -406,9 +417,10 @@ _clean: $(MAKE) $(clean) arch/riscv $(MAKE) $(clean) arch/x86 $(MAKE) $(clean) test - $(MAKE) $(kconfig) clean + $(MAKE) $(clean) tools/kconfig find . \( -name "*.o" -o -name ".*.d" -o -name ".*.d2" \ -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ + -o -name '*.lex.c' -o -name '*.tab.[ch]' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h diff --git a/xen/Rules.mk b/xen/Rules.mk index fea3f70cdb..13c1943da9 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -89,6 +89,13 @@ subdir-y := $(addprefix $(obj)/,$(subdir-y)) nocov-y := $(addprefix $(obj)/,$(nocov-y)) noubsan-y := $(addprefix $(obj)/,$(noubsan-y)) +# Do not include hostprogs rules unless needed. +# $(sort ...) is used here to remove duplicated words and excessive spaces. +hostprogs-y := $(sort $(hostprogs-y)) +ifneq ($(hostprogs-y),) +include scripts/Makefile.host +endif + # subdir-builtin may contain duplications. Use $(sort ...) subdir-builtin := $(sort $(filter %/built_in.o, $(obj-y))) @@ -267,7 +274,11 @@ intermediate_targets = $(foreach sfx, $(2), \ $(patsubst %$(strip $(1)),%$(sfx), \ $(filter %$(strip $(1)), $(targets)))) # %.init.o <- %.o -targets += $(call intermediate_targets, .init.o, .o) +# %.lex.o <- %.lex.c <- %.l +# %.tab.o <- %.tab.[ch] <- %.y +targets += $(call intermediate_targets, .init.o, .o) \ + $(call intermediate_targets, .lex.o, .lex.c) \ + $(call intermediate_targets, .tab.o, .tab.c .tab.h) # Build # --------------------------------------------------------------------------- diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index 872adfb456..ed48fb39f1 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -25,6 +25,37 @@ real-prereqs = $(filter-out $(PHONY), $^) # Escape single quote for use in echo statements escsq = $(subst $(squote),'\$(squote)',$1) +### +# Easy method for doing a status message + kecho := : + quiet_kecho := echo +silent_kecho := : +kecho := $($(quiet)kecho) + +### +# filechk is used to check if the content of a generated file is updated. +# Sample usage: +# +# filechk_sample = echo $(KERNELRELEASE) +# version.h: FORCE +# $(call filechk,sample) +# +# The rule defined shall write to stdout the content of the new file. +# The existing file will be compared with the new one. +# - If no file exist it is created +# - If the content differ the new file is used +# - If they are equal no change, and no timestamp update +define filechk + $(Q)set -e; \ + mkdir -p $(dir $@); \ + trap "rm -f $(dot-target).tmp" EXIT; \ + { $(filechk_$(1)); } > $(dot-target).tmp; \ + if [ ! -r $@ ] || ! cmp -s $@ $(dot-target).tmp; then \ + $(kecho) ' UPD $@'; \ + mv -f $(dot-target).tmp $@; \ + fi +endef + # as-insn: Check whether assembler supports an instruction. # Usage: cflags-y += $(call as-insn,CC FLAGS,"insn",option-yes,option-no) as-insn = $(if $(shell echo 'void _(void) { asm volatile ( $(2) ); }' \ diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index c3b0681611..156d6307cf 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -17,8 +17,17 @@ include $(src)/Makefile subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) +__clean-files := \ + $(clean-files) $(hostprogs-y) $(hostprogs-) + +__clean-files := $(wildcard $(__clean-files)) + .PHONY: clean -clean:: $(subdir-all) ; +clean:: $(subdir-all) +ifneq ($(strip $(__clean-files)),) + rm -rf $(__clean-files) +endif + @: # Descending # --------------------------------------------------------------------------- diff --git a/xen/scripts/Makefile.host b/xen/scripts/Makefile.host new file mode 100644 index 0000000000..8a85f94316 --- /dev/null +++ b/xen/scripts/Makefile.host @@ -0,0 +1,184 @@ +# SPDX-License-Identifier: GPL-2.0 + +# target with $(obj)/ and its suffix stripped +target-stem = $(basename $(patsubst $(obj)/%,%,$@)) + +# LEX +# --------------------------------------------------------------------------- +quiet_cmd_flex = LEX $@ + cmd_flex = $(LEX) -o$@ -L $< + +$(obj)/%.lex.c: $(src)/%.l FORCE + $(call if_changed,flex) + +# YACC +# --------------------------------------------------------------------------- +quiet_cmd_bison = YACC $(basename $@).[ch] + cmd_bison = $(YACC) -o $(basename $@).c --defines=$(basename $@).h -t -l $< + +$(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE + $(call if_changed,bison) + +# ========================================================================== +# Building binaries on the host system +# Binaries are used during the compilation of the kernel, for example +# to preprocess a data file. +# +# Both C and C++ are supported, but preferred language is C for such utilities. +# +# Sample syntax (see Documentation/kbuild/makefiles.rst for reference) +# hostprogs-y := bin2hex +# Will compile bin2hex.c and create an executable named bin2hex +# +# hostprogs-y := lxdialog +# lxdialog-objs := checklist.o lxdialog.o +# Will compile lxdialog.c and checklist.c, and then link the executable +# lxdialog, based on checklist.o and lxdialog.o +# +# hostprogs-y := qconf +# qconf-cxxobjs := qconf.o +# qconf-objs := menu.o +# Will compile qconf as a C++ program, and menu as a C program. +# They are linked as C++ code to the executable qconf + +__hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +host-cshlib := $(sort $(hostlibs-y) $(hostlibs-m)) +host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) + +# C code +# Executables compiled from a single .c file +host-csingle := $(foreach m,$(__hostprogs), \ + $(if $($(m)-objs)$($(m)-cxxobjs),,$(m))) + +# C executables linked based on several .o files +host-cmulti := $(foreach m,$(__hostprogs),\ + $(if $($(m)-cxxobjs),,$(if $($(m)-objs),$(m)))) + +# Object (.o) files compiled from .c files +host-cobjs := $(sort $(foreach m,$(__hostprogs),$($(m)-objs))) + +# C++ code +# C++ executables compiled from at least one .cc file +# and zero or more .c files +host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) + +# C++ Object (.o) files compiled from .cc files +host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) + +# Object (.o) files used by the shared libaries +host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) +host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) + +host-csingle := $(addprefix $(obj)/,$(host-csingle)) +host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) +host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) +host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) +host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) +host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) +host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) +host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) +host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) + +##### +# Handle options to gcc. Support building with separate output directory + +_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ + $(HOSTCFLAGS_$(target-stem).o) +_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ + $(HOSTCXXFLAGS_$(target-stem).o) + +# $(objtree)/$(obj) for including generated headers from checkin source files +ifeq ($(KBUILD_EXTMOD),) +ifdef building_out_of_srctree +_hostc_flags += -I $(objtree)/$(obj) +_hostcxx_flags += -I $(objtree)/$(obj) +endif +endif + +hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) +hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) + +##### +# Compile programs on the host + +# Create executable from a single .c file +# host-csingle -> Executable +quiet_cmd_host-csingle = HOSTCC $@ + cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-csingle): $(obj)/%: $(src)/%.c FORCE + $(call if_changed_dep,host-csingle) + +# Link an executable based on list of .o files, all plain c +# host-cmulti -> executable +quiet_cmd_host-cmulti = HOSTLD $@ + cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-cmulti): FORCE + $(call if_changed,host-cmulti) +$(call multi-depend, $(host-cmulti), , -objs) + +# Create .o file from a single .c file +# host-cobjs -> .o +quiet_cmd_host-cobjs = HOSTCC $@ + cmd_host-cobjs = $(HOSTCC) $(hostc_flags) -c -o $@ $< +$(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cobjs) + +# Link an executable based on list of .o files, a mixture of .c and .cc +# host-cxxmulti -> executable +quiet_cmd_host-cxxmulti = HOSTLD $@ + cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ + $(foreach o,objs cxxobjs,\ + $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) +$(host-cxxmulti): FORCE + $(call if_changed,host-cxxmulti) +$(call multi-depend, $(host-cxxmulti), , -objs -cxxobjs) + +# Create .o file from a single .cc (C++) file +quiet_cmd_host-cxxobjs = HOSTCXX $@ + cmd_host-cxxobjs = $(HOSTCXX) $(hostcxx_flags) -c -o $@ $< +$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE + $(call if_changed_dep,host-cxxobjs) + +# Compile .c file, create position independent .o file +# host-cshobjs -> .o +quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ + cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< +$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cshobjs) + +# Compile .c file, create position independent .o file +# Note that plugin capable gcc versions can be either C or C++ based +# therefore plugin source files have to be compilable in both C and C++ mode. +# This is why a C++ compiler is invoked on a .c file. +# host-cxxshobjs -> .o +quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ + cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< +$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cxxshobjs) + +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cshlib) +quiet_cmd_host-cshlib = HOSTLLD -shared $@ + cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) +$(host-cshlib): FORCE + $(call if_changed,host-cshlib) +$(call multi-depend, $(host-cshlib), .so, -objs) + +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cxxshlib) +quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ + cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/, $($(target-stem)-objs)) \ + $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) +$(host-cxxshlib): FORCE + $(call if_changed,host-cxxshlib) +$(call multi-depend, $(host-cxxshlib), .so, -objs) + +targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ + $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/xen/tools/kconfig/Makefile b/xen/tools/kconfig/Makefile index f39521a0ed..b7b9a419ad 100644 --- a/xen/tools/kconfig/Makefile +++ b/xen/tools/kconfig/Makefile @@ -91,6 +91,9 @@ endif configfiles=$(wildcard $(srctree)/kernel/configs/$@ $(srctree)/arch/$(SRCARCH)/configs/$@) +# Don't try to remake this file included by Config.mk. +$(XEN_ROOT)/.config: ; + %.config: $(obj)/conf $(if $(call configfiles),, $(error No configuration exists for this target on this architecture)) $(Q)$(CONFIG_SHELL) $(srctree)/tools/kconfig/merge_config.sh -m .config $(configfiles) diff --git a/xen/tools/kconfig/Makefile.host b/xen/tools/kconfig/Makefile.host deleted file mode 100644 index 4c51c95d40..0000000000 --- a/xen/tools/kconfig/Makefile.host +++ /dev/null @@ -1,181 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0 - -# LEX -# --------------------------------------------------------------------------- -quiet_cmd_flex = LEX $@ - cmd_flex = $(LEX) -o$@ -L $< - -$(obj)/%.lex.c: $(src)/%.l FORCE - $(call if_changed,flex) - -# YACC -# --------------------------------------------------------------------------- -quiet_cmd_bison = YACC $(basename $@).[ch] - cmd_bison = $(YACC) -o $(basename $@).c --defines=$(basename $@).h -t -l $< - -$(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE - $(call if_changed,bison) - -# ========================================================================== -# Building binaries on the host system -# Binaries are used during the compilation of the kernel, for example -# to preprocess a data file. -# -# Both C and C++ are supported, but preferred language is C for such utilities. -# -# Sample syntax (see Documentation/kbuild/makefiles.rst for reference) -# hostprogs-y := bin2hex -# Will compile bin2hex.c and create an executable named bin2hex -# -# hostprogs-y := lxdialog -# lxdialog-objs := checklist.o lxdialog.o -# Will compile lxdialog.c and checklist.c, and then link the executable -# lxdialog, based on checklist.o and lxdialog.o -# -# hostprogs-y := qconf -# qconf-cxxobjs := qconf.o -# qconf-objs := menu.o -# Will compile qconf as a C++ program, and menu as a C program. -# They are linked as C++ code to the executable qconf - -__hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) -host-cshlib := $(sort $(hostlibs-y) $(hostlibs-m)) -host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) - -# C code -# Executables compiled from a single .c file -host-csingle := $(foreach m,$(__hostprogs), \ - $(if $($(m)-objs)$($(m)-cxxobjs),,$(m))) - -# C executables linked based on several .o files -host-cmulti := $(foreach m,$(__hostprogs),\ - $(if $($(m)-cxxobjs),,$(if $($(m)-objs),$(m)))) - -# Object (.o) files compiled from .c files -host-cobjs := $(sort $(foreach m,$(__hostprogs),$($(m)-objs))) - -# C++ code -# C++ executables compiled from at least one .cc file -# and zero or more .c files -host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) - -# C++ Object (.o) files compiled from .cc files -host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) - -# Object (.o) files used by the shared libaries -host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) -host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) - -host-csingle := $(addprefix $(obj)/,$(host-csingle)) -host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) -host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) -host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) -host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) -host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) -host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) -host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) -host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) - -##### -# Handle options to gcc. Support building with separate output directory - -_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ - $(HOSTCFLAGS_$(target-stem).o) -_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ - $(HOSTCXXFLAGS_$(target-stem).o) - -# $(objtree)/$(obj) for including generated headers from checkin source files -ifeq ($(KBUILD_EXTMOD),) -ifdef building_out_of_srctree -_hostc_flags += -I $(objtree)/$(obj) -_hostcxx_flags += -I $(objtree)/$(obj) -endif -endif - -hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) -hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) - -##### -# Compile programs on the host - -# Create executable from a single .c file -# host-csingle -> Executable -quiet_cmd_host-csingle = HOSTCC $@ - cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-csingle): $(obj)/%: $(src)/%.c FORCE - $(call if_changed_dep,host-csingle) - -# Link an executable based on list of .o files, all plain c -# host-cmulti -> executable -quiet_cmd_host-cmulti = HOSTLD $@ - cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-cmulti): FORCE - $(call if_changed,host-cmulti) -$(call multi_depend, $(host-cmulti), , -objs) - -# Create .o file from a single .c file -# host-cobjs -> .o -quiet_cmd_host-cobjs = HOSTCC $@ - cmd_host-cobjs = $(HOSTCC) $(hostc_flags) -c -o $@ $< -$(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cobjs) - -# Link an executable based on list of .o files, a mixture of .c and .cc -# host-cxxmulti -> executable -quiet_cmd_host-cxxmulti = HOSTLD $@ - cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ - $(foreach o,objs cxxobjs,\ - $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) -$(host-cxxmulti): FORCE - $(call if_changed,host-cxxmulti) -$(call multi_depend, $(host-cxxmulti), , -objs -cxxobjs) - -# Create .o file from a single .cc (C++) file -quiet_cmd_host-cxxobjs = HOSTCXX $@ - cmd_host-cxxobjs = $(HOSTCXX) $(hostcxx_flags) -c -o $@ $< -$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE - $(call if_changed_dep,host-cxxobjs) - -# Compile .c file, create position independent .o file -# host-cshobjs -> .o -quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ - cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< -$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cshobjs) - -# Compile .c file, create position independent .o file -# Note that plugin capable gcc versions can be either C or C++ based -# therefore plugin source files have to be compilable in both C and C++ mode. -# This is why a C++ compiler is invoked on a .c file. -# host-cxxshobjs -> .o -quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ - cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< -$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cxxshobjs) - -# Link a shared library, based on position independent .o files -# *.o -> .so shared library (host-cshlib) -quiet_cmd_host-cshlib = HOSTLLD -shared $@ - cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) -$(host-cshlib): FORCE - $(call if_changed,host-cshlib) -$(call multi_depend, $(host-cshlib), .so, -objs) - -# Link a shared library, based on position independent .o files -# *.o -> .so shared library (host-cxxshlib) -quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ - cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ - $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) -$(host-cxxshlib): FORCE - $(call if_changed,host-cxxshlib) -$(call multi_depend, $(host-cxxshlib), .so, -objs) - -targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ - $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/xen/tools/kconfig/Makefile.kconfig b/xen/tools/kconfig/Makefile.kconfig deleted file mode 100644 index 799321ec4d..0000000000 --- a/xen/tools/kconfig/Makefile.kconfig +++ /dev/null @@ -1,106 +0,0 @@ -# xen/tools/kconfig - -# default rule to do nothing -all: - -# Xen doesn't have a silent build flag -quiet := -Q := -kecho := : - -# eventually you'll want to do out of tree builds -srctree := $(BASEDIR) -objtree := $(srctree) -src := tools/kconfig -obj := $(src) - -# handle functions (most of these lifted from different Linux makefiles -dot-target = $(dir $@).$(notdir $@) -depfile = $(subst $(comma),,$(dot-target).d) -basetarget = $(basename $(notdir $@)) -# target with $(obj)/ and its suffix stripped -target-stem = $(basename $(patsubst $(obj)/%,%,$@)) -cmd = $(cmd_$(1)) -if_changed = $(cmd_$(1)) -if_changed_dep = $(cmd_$(1)) - -### -# filechk is used to check if the content of a generated file is updated. -# Sample usage: -# -# filechk_sample = echo $(KERNELRELEASE) -# version.h: FORCE -# $(call filechk,sample) -# -# The rule defined shall write to stdout the content of the new file. -# The existing file will be compared with the new one. -# - If no file exist it is created -# - If the content differ the new file is used -# - If they are equal no change, and no timestamp update -# - stdin is piped in from the first prerequisite ($<) so one has -# to specify a valid file as first prerequisite (often the kbuild file) -define filechk - $(Q)set -e; \ - mkdir -p $(dir $@); \ - { $(filechk_$(1)); } > $@.tmp; \ - if [ -r $@ ] && cmp -s $@ $@.tmp; then \ - rm -f $@.tmp; \ - else \ - $(kecho) ' UPD $@'; \ - mv -f $@.tmp $@; \ - fi -endef - -define multi_depend -$(foreach m, $(notdir $1), \ - $(eval $(obj)/$m: \ - $(addprefix $(obj)/, $(foreach s, $3, $($(m:%$(strip $2)=%$(s))))))) -endef - -# Set our default defconfig file -KBUILD_DEFCONFIG := $(ARCH)_defconfig - -# provide our shell -CONFIG_SHELL := $(SHELL) - -# provide the host compiler -HOSTCC ?= gcc -HOSTCXX ?= g++ -YACC = $(if $(BISON),$(BISON),bison) -LEX = $(if $(FLEX),$(FLEX),flex) - -# force target -PHONY += FORCE - -FORCE: - -# include the original Makefile and Makefile.host from Linux -include $(src)/Makefile -include $(src)/Makefile.host - -# Add intermediate targets: -# When building objects with specific suffix patterns, add intermediate -# targets that the final targets are derived from. -intermediate_targets = $(foreach sfx, $(2), \ - $(patsubst %$(strip $(1)),%$(sfx), \ - $(filter %$(strip $(1)), $(targets)))) - -# %.lex.o <- %.lex.c <- %.l -# %.tab.o <- %.tab.[ch] <- %.y -targets += $(call intermediate_targets, .lex.o, .lex.c) \ - $(call intermediate_targets, .tab.o, .tab.c .tab.h) - -# clean up rule -clean-deps = $(foreach f,$(host-cobjs) $(host-cxxobjs),$(dir $f).$(notdir $f).d) -clean-shipped = $(patsubst %_shipped,%,$(wildcard $(obj)/*_shipped)) - -clean: - rm -rf $(clean-files) - rm -rf $(clean-deps) - rm -rf $(host-csingle) $(host-cmulti) $(host-cxxmulti) $(host-cobjs) $(host-cxxobjs) - rm -rf $(clean-shipped) - -$(obj)/zconf%: $(src)/zconf%_shipped - cp -f $< $@ - -.PHONY: $(PHONY) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279690.477463 (Exim 4.92) (envelope-from ) id 1nNnft-0006le-JI; Sat, 26 Feb 2022 03:23:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279690.477463; Sat, 26 Feb 2022 03:23:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnft-0006lW-GL; Sat, 26 Feb 2022 03:23:13 +0000 Received: by outflank-mailman (input) for mailman id 279690; Sat, 26 Feb 2022 03:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfs-0006lL-Aj for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnfs-0002v1-9y for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnfs-0006un-96 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Yasex/f9oHdjFvnuXfYxDODAEgqKR1BD2I0S7tnaPUU=; b=5Zk3HMHPYcgej/Vl7XWzonaBI4 Hi+FT8cVN7QQPeBTQNrPjykno71cQJqSdo34a3X0b06GSUd/J4S1DD+9mG52T1rxZRJytaY3yIQBd eAuDGYSce7rbjs9KCfDdDx8GDC6MNP1SDjZoFKap0j6Ct98GA6/3WA0lM1H2RocoFnQU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/tools/kconfig: fix build with -Wdeclaration-after-statement Message-Id: Date: Sat, 26 Feb 2022 03:23:12 +0000 commit 5c5e10129830bdd8871bd8a458d2ef1813392273 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:44 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:44 2022 +0100 xen/tools/kconfig: fix build with -Wdeclaration-after-statement We are going to start building kconfig with HOSTCFLAGS from Config.mk, it has the flag "-Wdeclaration-after-statement". Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/tools/kconfig/confdata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/tools/kconfig/confdata.c b/xen/tools/kconfig/confdata.c index 3569d2dec3..a69250c913 100644 --- a/xen/tools/kconfig/confdata.c +++ b/xen/tools/kconfig/confdata.c @@ -1237,6 +1237,7 @@ void set_all_choice_values(struct symbol *csym) bool conf_set_all_new_symbols(enum conf_def_mode mode) { + bool has_changed = false; struct symbol *sym, *csym; int i, cnt, pby, pty, ptm; /* pby: probability of bool = y * pty: probability of tristate = y @@ -1283,7 +1284,6 @@ bool conf_set_all_new_symbols(enum conf_def_mode mode) exit( 1 ); } } - bool has_changed = false; for_all_symbols(i, sym) { if (sym_has_value(sym) || (sym->flags & SYMBOL_VALID)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279691.477467 (Exim 4.92) (envelope-from ) id 1nNng3-0006o8-LE; Sat, 26 Feb 2022 03:23:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279691.477467; Sat, 26 Feb 2022 03:23:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNng3-0006o0-I4; Sat, 26 Feb 2022 03:23:23 +0000 Received: by outflank-mailman (input) for mailman id 279691; Sat, 26 Feb 2022 03:23:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNng2-0006ni-Dp for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNng2-0002vB-Cz for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNng2-0006vP-C4 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vXePp0rxIhhRVx57BVndOat7B21Z55PE/Qtj2QlLsqM=; b=uoFuuDUvsn4jUsscSnEKUQDkZ+ h54sQ4e4kbR1omMr2YZ6ArprqvwU/ZIdOQevy3H5v2ZNv5/8qnFSlLPSbRHn56DDVIiCXkbTlN8Jg JpOwDybQEdlaTg55DcvnO53XTMldg5ehXxZZgO2UQ3G7IkyvL7F0psqYSc6JgxtM+dpY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: remove KBUILD_ specific from Makefile.host Message-Id: Date: Sat, 26 Feb 2022 03:23:22 +0000 commit 44f231cd88a7433cb2cba9992708559afef4c0e1 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:03:53 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:03:53 2022 +0100 build: remove KBUILD_ specific from Makefile.host This will allow $(HOSTCFLAGS) to actually be used when building programmes for the build-host. The other variable don't exist in our build system. Also remove $(KBUILD_EXTMOD) since it should always be empty. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/scripts/Makefile.host | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/xen/scripts/Makefile.host b/xen/scripts/Makefile.host index 8a85f94316..d6c358095e 100644 --- a/xen/scripts/Makefile.host +++ b/xen/scripts/Makefile.host @@ -82,18 +82,16 @@ host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) ##### # Handle options to gcc. Support building with separate output directory -_hostc_flags = $(KBUILD_HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ +_hostc_flags = $(HOSTCFLAGS) $(HOST_EXTRACFLAGS) \ $(HOSTCFLAGS_$(target-stem).o) -_hostcxx_flags = $(KBUILD_HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ +_hostcxx_flags = $(HOSTCXXFLAGS) $(HOST_EXTRACXXFLAGS) \ $(HOSTCXXFLAGS_$(target-stem).o) # $(objtree)/$(obj) for including generated headers from checkin source files -ifeq ($(KBUILD_EXTMOD),) ifdef building_out_of_srctree _hostc_flags += -I $(objtree)/$(obj) _hostcxx_flags += -I $(objtree)/$(obj) endif -endif hostc_flags = -Wp,-MD,$(depfile) $(_hostc_flags) hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) @@ -104,17 +102,17 @@ hostcxx_flags = -Wp,-MD,$(depfile) $(_hostcxx_flags) # Create executable from a single .c file # host-csingle -> Executable quiet_cmd_host-csingle = HOSTCC $@ - cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(KBUILD_HOSTLDFLAGS) -o $@ $< \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + cmd_host-csingle = $(HOSTCC) $(hostc_flags) $(HOSTLDFLAGS) -o $@ $< \ + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-csingle): $(obj)/%: $(src)/%.c FORCE $(call if_changed_dep,host-csingle) # Link an executable based on list of .o files, all plain c # host-cmulti -> executable quiet_cmd_host-cmulti = HOSTLD $@ - cmd_host-cmulti = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -o $@ \ + cmd_host-cmulti = $(HOSTCC) $(HOSTLDFLAGS) -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-cmulti): FORCE $(call if_changed,host-cmulti) $(call multi-depend, $(host-cmulti), , -objs) @@ -129,10 +127,10 @@ $(host-cobjs): $(obj)/%.o: $(src)/%.c FORCE # Link an executable based on list of .o files, a mixture of .c and .cc # host-cxxmulti -> executable quiet_cmd_host-cxxmulti = HOSTLD $@ - cmd_host-cxxmulti = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -o $@ \ + cmd_host-cxxmulti = $(HOSTCXX) $(HOSTLDFLAGS) -o $@ \ $(foreach o,objs cxxobjs,\ $(addprefix $(obj)/, $($(target-stem)-$(o)))) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem)) $(host-cxxmulti): FORCE $(call if_changed,host-cxxmulti) $(call multi-depend, $(host-cxxmulti), , -objs -cxxobjs) @@ -163,9 +161,9 @@ $(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE # Link a shared library, based on position independent .o files # *.o -> .so shared library (host-cshlib) quiet_cmd_host-cshlib = HOSTLLD -shared $@ - cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + cmd_host-cshlib = $(HOSTCC) $(HOSTLDFLAGS) -shared -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) $(host-cshlib): FORCE $(call if_changed,host-cshlib) $(call multi-depend, $(host-cshlib), .so, -objs) @@ -173,9 +171,9 @@ $(call multi-depend, $(host-cshlib), .so, -objs) # Link a shared library, based on position independent .o files # *.o -> .so shared library (host-cxxshlib) quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ - cmd_host-cxxshlib = $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ + cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \ $(addprefix $(obj)/, $($(target-stem)-objs)) \ - $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) + $(HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) $(host-cxxshlib): FORCE $(call if_changed,host-cxxshlib) $(call multi-depend, $(host-cxxshlib), .so, -objs) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279692.477471 (Exim 4.92) (envelope-from ) id 1nNngE-0006rF-Mn; Sat, 26 Feb 2022 03:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279692.477471; Sat, 26 Feb 2022 03:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngE-0006r7-Jb; Sat, 26 Feb 2022 03:23:34 +0000 Received: by outflank-mailman (input) for mailman id 279692; Sat, 26 Feb 2022 03:23:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngC-0006qw-Gd for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngC-0002vf-G0 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNngC-0006wA-F6 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=onfD7YFM+UXnTsoMlBHT8GbWSfemGXkByyd3uXAIJTU=; b=D2EDjGjad6TTogrHeNCyOC80SF Of+npqkMWoEbh5udE1sIhshv525H534RbRYFetNVB9//BA0JpaHGvx58+i1jk5mholQjVb5H/ZuLL egAq9U+Ead4omP+WHO1Wp18G/61e4dOSPuFK8WuTQOVoBlOPTpSBgVyO87aUinTzqa5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: handle always-y and hostprogs-always-y Message-Id: Date: Sat, 26 Feb 2022 03:23:32 +0000 commit 446108a1bb55dcbff395c183278507d3c506e69e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:04:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:04:42 2022 +0100 build: handle always-y and hostprogs-always-y This will be used for xen/tools/. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Rules.mk | 10 +++++++++- xen/scripts/Makefile.clean | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 13c1943da9..5f2368805b 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -78,9 +78,17 @@ else obj-y := $(filter-out %/, $(obj-y)) endif +# hostprogs-always-y += foo +# ... is a shorthand for +# hostprogs-y += foo +# always-y += foo +hostprogs-y += $(hostprogs-always-y) +always-y += $(hostprogs-always-y) + # Add subdir path extra-y := $(addprefix $(obj)/,$(extra-y)) +always-y := $(addprefix $(obj)/,$(always-y)) targets := $(addprefix $(obj)/,$(targets)) lib-y := $(addprefix $(obj)/,$(lib-y)) obj-y := $(addprefix $(obj)/,$(obj-y)) @@ -283,7 +291,7 @@ targets += $(call intermediate_targets, .init.o, .o) \ # Build # --------------------------------------------------------------------------- -__build: $(targets-for-builtin) $(subdir-y) +__build: $(targets-for-builtin) $(subdir-y) $(always-y) @: # Descending diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index 156d6307cf..c2689d4af5 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -18,7 +18,8 @@ subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) __clean-files := \ - $(clean-files) $(hostprogs-y) $(hostprogs-) + $(clean-files) $(hostprogs-y) $(hostprogs-) \ + $(hostprogs-always-y) $(hostprogs-always-) __clean-files := $(wildcard $(__clean-files)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279693.477475 (Exim 4.92) (envelope-from ) id 1nNngO-0006u1-OI; Sat, 26 Feb 2022 03:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279693.477475; Sat, 26 Feb 2022 03:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngO-0006tt-LA; Sat, 26 Feb 2022 03:23:44 +0000 Received: by outflank-mailman (input) for mailman id 279693; Sat, 26 Feb 2022 03:23:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngM-0006tQ-N0 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngM-0002vp-Iz for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNngM-0006wj-IH for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mpx4K+akU0G2Bvbhy0zywf0RoriiPRUkRCRF4Nxlzuk=; b=PDuhqw+pZtzkeGZbCMYMxBJ1Gu aaDtDqIgkYasFjHrAqmD7BH1BCe9HJ3sAJXAtIGjDe73VJCd76QMWjT0gLX4tLDwvIVF+hMIjaUci 1MJ+X+DI2jrow0cV7TdtIcrgF3rjnIoUwLubP/MmXoCBAzqcMSEZ/dGS71tdmJgLt3uQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: start building the tools with the main makefiles Message-Id: Date: Sat, 26 Feb 2022 03:23:42 +0000 commit e3ef0917bb0ea596051865bb67954af685f714ad Author: Anthony PERARD AuthorDate: Fri Feb 25 11:04:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:04:52 2022 +0100 build: start building the tools with the main makefiles This will make out-of-tree build easier. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/Makefile | 8 ++++---- xen/tools/Makefile | 17 ++--------------- 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index c95655b502..0fb1e737f2 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -209,7 +209,7 @@ endif # root-make-done PHONY += tools_fixdep tools_fixdep: - $(MAKE) -C tools fixdep + $(Q)$(MAKE) $(build)=tools tools/fixdep ifeq ($(config-build),y) # =========================================================================== @@ -247,7 +247,7 @@ ifeq ($(need-config),y) # "tools_fixdep" which is a .PHONY target and would force make to call # "defconfig" again to update $(KCONFIG_CONFIG). tools/fixdep: - $(MAKE) -C tools fixdep + $(Q)$(MAKE) $(build)=tools tools/fixdep # Allow people to just run `make` as before and not force them to configure $(KCONFIG_CONFIG): tools/fixdep @@ -406,7 +406,7 @@ _debug: .PHONY: _clean _clean: - $(MAKE) -C tools clean + $(MAKE) $(clean) tools $(MAKE) $(clean) include $(MAKE) $(clean) common $(MAKE) $(clean) drivers @@ -435,7 +435,7 @@ $(TARGET).gz: $(TARGET) mv $@.new $@ $(TARGET): FORCE - $(MAKE) -C tools + $(Q)$(MAKE) $(build)=tools $(Q)$(MAKE) $(build)=. include/xen/compile.h [ -e arch/$(TARGET_ARCH)/efi ] && for f in $$(cd common/efi; echo *.[ch]); \ do test -r arch/$(TARGET_ARCH)/efi/$$f || \ diff --git a/xen/tools/Makefile b/xen/tools/Makefile index 722f366454..a5078b7cb8 100644 --- a/xen/tools/Makefile +++ b/xen/tools/Makefile @@ -1,15 +1,2 @@ - -include $(XEN_ROOT)/Config.mk - -.PHONY: default -default: symbols fixdep - -.PHONY: clean -clean: - rm -f *.o symbols fixdep - -symbols: symbols.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< - -fixdep: fixdep.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< +hostprogs-always-y += symbols +hostprogs-always-y += fixdep -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:23:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:23:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279694.477479 (Exim 4.92) (envelope-from ) id 1nNngY-0006xD-Q3; Sat, 26 Feb 2022 03:23:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279694.477479; Sat, 26 Feb 2022 03:23:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngY-0006x4-Mr; Sat, 26 Feb 2022 03:23:54 +0000 Received: by outflank-mailman (input) for mailman id 279694; Sat, 26 Feb 2022 03:23:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngW-0006wa-Mm for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngW-0002w0-M5 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNngW-0006yw-LI for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:23:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4pmS9y3G4N+BGLrLwmxzrxymwJt/UMPKAQEpDvUu/8Q=; b=KTTxtFe7nkFaFkWUEAxeMx7wtH 79Xh6RXZ+MmeU56Ds35Lmt5vbLpkj0xKEUoQevjidQZHIsUeycOAhKZ6k8JT8yaUjtQlsguJdX+0K iewfOfrmE68vwYlHXNfJ/83KmCT8C8F0qW1fiRy2DfOrUBB6MZua9dGeOs9hFJAQEQts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: add headers path to CFLAGS once for all archs Message-Id: Date: Sat, 26 Feb 2022 03:23:52 +0000 commit 109980738e1449f5f281e5d6bfb5681eb9defea6 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:06:46 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:06:46 2022 +0100 build: add headers path to CFLAGS once for all archs This just remove duplication. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/Makefile | 3 +++ xen/arch/arm/arch.mk | 3 --- xen/arch/riscv/arch.mk | 2 -- xen/arch/x86/arch.mk | 2 -- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 0fb1e737f2..2cfaa49fe3 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -312,6 +312,9 @@ CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so endif +CFLAGS += -I$(srctree)/include +CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include + # Note that link order matters! ALL_OBJS-y := common/built_in.o ALL_OBJS-y += drivers/built_in.o diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index 4e3f701430..094b670723 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -1,9 +1,6 @@ ######################################## # arm-specific definitions -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include - $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-Wnested-externs) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 694ba053ce..ae8fe9dec7 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,5 +11,3 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c # -mcmodel=medlow would force Xen into the lower half. CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index d6ae4cc2f5..f6fc852b57 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -3,8 +3,6 @@ export XEN_IMG_OFFSET := 0x200000 -CFLAGS += -I$(srctree)/include -CFLAGS += -I$(srctree)/arch/$(TARGET_ARCH)/include CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-generic CFLAGS += -I$(srctree)/arch/x86/include/asm/mach-default CFLAGS += -DXEN_IMG_OFFSET=$(XEN_IMG_OFFSET) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279695.477483 (Exim 4.92) (envelope-from ) id 1nNngh-000709-RS; Sat, 26 Feb 2022 03:24:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279695.477483; Sat, 26 Feb 2022 03:24:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngh-000701-OW; Sat, 26 Feb 2022 03:24:03 +0000 Received: by outflank-mailman (input) for mailman id 279695; Sat, 26 Feb 2022 03:24:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngg-0006zl-Pp for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngg-0002wN-P7 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNngg-0006zm-OD for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0H+sxWjLdGBKfBW1z03wJZVxcKu+LSHIZaUiaJQWl+k=; b=K1YNsx9YTPbq+P2cmBPyQti1oe 1E6VzjGhy8suGMlkHKMXO4fDD888lmEPMyaAxspt1LycuBxUL79bdOF09ZEl3k9PeHSvXp/MZTdz/ FtMtp5mAe+re8MDw63mh5sVwos3ozKd14iLEw0alQJu6diI8JcjcBWqPjWlmnZutTu8s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: generate x86's asm-macros.h with filechk Message-Id: Date: Sat, 26 Feb 2022 03:24:02 +0000 commit 913b8be1c78f336a066f7237a6b3de42d4537dc8 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:04 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:04 2022 +0100 build: generate x86's asm-macros.h with filechk When we will build out-of-tree, make is going to try to generate "asm-macros.h" before the directories "arch/x86/include/asm" exist, thus we would need to call `mkdir` explicitly. We will use "filechk" for that as it does everything that the current recipe does and does call `mkdir`. Also, they are no more "*.new" files generated in this directory. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9107cf2ce2..8a081de551 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -236,18 +236,21 @@ include: $(BASEDIR)/arch/x86/include/asm/asm-macros.h $(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P $(BASEDIR)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile - echo '#if 0' >$@.new - echo '.if 0' >>$@.new - echo '#endif' >>$@.new - echo '#ifndef __ASM_MACROS_H__' >>$@.new - echo '#define __ASM_MACROS_H__' >>$@.new - echo 'asm ( ".include \"$@\"" );' >>$@.new - echo '#endif /* __ASM_MACROS_H__ */' >>$@.new - echo '#if 0' >>$@.new - echo '.endif' >>$@.new - cat $< >>$@.new - echo '#endif' >>$@.new - $(call move-if-changed,$@.new,$@) + $(call filechk,asm-macros.h) + +define filechk_asm-macros.h + echo '#if 0'; \ + echo '.if 0'; \ + echo '#endif'; \ + echo '#ifndef __ASM_MACROS_H__'; \ + echo '#define __ASM_MACROS_H__'; \ + echo 'asm ( ".include \"$@\"" );'; \ + echo '#endif /* __ASM_MACROS_H__ */'; \ + echo '#if 0'; \ + echo '.endif'; \ + cat $<; \ + echo '#endif' +endef $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE @@ -261,7 +264,7 @@ $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c .PHONY: clean clean:: - rm -f *.lds *.new boot/*.o boot/*~ boot/core boot/mkelf32 + rm -f *.lds boot/*.o boot/*~ boot/core boot/mkelf32 rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* rm -f $(BASEDIR)/.xen-syms.[0-9]* boot/.*.d $(BASEDIR)/.xen.elf32 rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279696.477488 (Exim 4.92) (envelope-from ) id 1nNngr-00073B-TP; Sat, 26 Feb 2022 03:24:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279696.477488; Sat, 26 Feb 2022 03:24:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngr-00072y-Q6; Sat, 26 Feb 2022 03:24:13 +0000 Received: by outflank-mailman (input) for mailman id 279696; Sat, 26 Feb 2022 03:24:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngq-00072n-Sx for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNngq-0002wV-SD for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNngq-00070P-RN for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7oBqBijybww+YCxw5LHzu0XECHBjFHatcgU58zZ3cKU=; b=PgaJIYQJe4e/cYTY72PwnLvO6t XMqfEBabSZUTrXVHFAnvX81pChygsjksEzdQHJs5fcarZ4UtelNNp0mqjRgGZBJ4qyBK78mdiSuWG yShugDAbm7U1SmoHqrQlQSq8YjLNB8MZ4c/z93/X9pK20NHBPHecPiw8aSotOwCH1TxE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: clean-up "clean" rules of duplication Message-Id: Date: Sat, 26 Feb 2022 03:24:12 +0000 commit 42989ff5ca969c63810e29483e86a7779579481e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:13 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:13 2022 +0100 build: clean-up "clean" rules of duplication All those files to be removed are already done in the main Makefile, either by the "find" command or directly (for $(TARGET).efi). Signed-off-by: Anthony PERARD Acked-by: Jan Beulich Acked-by: Julien Grall Reviewed-by: Daniel P. Smith # XSM --- xen/Makefile | 2 +- xen/arch/arm/Makefile | 1 - xen/arch/x86/Makefile | 5 ++--- xen/test/livepatch/Makefile | 2 +- xen/xsm/flask/Makefile | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 2cfaa49fe3..84774eaf05 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -425,7 +425,7 @@ _clean: -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' \ -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; - rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core + rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index fd24f0212f..3ce5f1674f 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -120,4 +120,3 @@ $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) clean:: rm -f $(obj)/xen.lds rm -f $(BASEDIR)/.xen-syms.[0-9]* - rm -f $(TARGET).efi diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 8a081de551..d083c5653b 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -264,9 +264,8 @@ $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c .PHONY: clean clean:: - rm -f *.lds boot/*.o boot/*~ boot/core boot/mkelf32 + rm -f *.lds boot/mkelf32 rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* - rm -f $(BASEDIR)/.xen-syms.[0-9]* boot/.*.d $(BASEDIR)/.xen.elf32 + rm -f $(BASEDIR)/.xen-syms.[0-9]* $(BASEDIR)/.xen.elf32 rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin - rm -f note.o diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index afb8d589ec..adb484dc5d 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -162,4 +162,4 @@ uninstall: .PHONY: clean clean:: - rm -f *.o .*.o.d *.livepatch config.h expect_config.h + rm -f *.livepatch config.h expect_config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 49cf730cf0..832f65274c 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -51,4 +51,4 @@ $(obj)/policy.bin: FORCE .PHONY: clean clean:: - rm -f $(ALL_H_FILES) *.o $(DEPS_RM) policy.* $(POLICY_SRC) flask-policy.S + rm -f $(ALL_H_FILES) policy.* $(POLICY_SRC) flask-policy.S -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279697.477490 (Exim 4.92) (envelope-from ) id 1nNnh1-00076f-Vw; Sat, 26 Feb 2022 03:24:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279697.477490; Sat, 26 Feb 2022 03:24:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnh1-00076X-T2; Sat, 26 Feb 2022 03:24:23 +0000 Received: by outflank-mailman (input) for mailman id 279697; Sat, 26 Feb 2022 03:24:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnh0-00076Q-Vp for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnh0-0002wk-VA for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnh0-00071L-UT for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J1SbF0R+UDhBFl10y+CjsD+WTFnedAuGmFMTteafzJU=; b=dXdnv6Y8TYiSUx5T4YOLlukvWr COJJAjbxn1kEwwA+ZOCWrGsEedOXjyGuoWnMMcXXjko0iC70kbrtY19/CP0zzd0ojfpV5aElfAB/s oDWryZimH2Pc7wyxMc+asqLZaR0woNwAH7hnuA1RWJn0FvNrBpA2R5NiWqjnDCMsCakw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework "clean" to clean from the root dir Message-Id: Date: Sat, 26 Feb 2022 03:24:22 +0000 commit 17f5c115210c7674437691f42cdfaf14164efbb6 Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:21 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:21 2022 +0100 build: rework "clean" to clean from the root dir This will allow "clean" to work from an out-of-tree build when it will be available. Some of the file been removed in current "clean" target aren't added to $(clean-files) because they are already listed in $(extra-) or $(extra-y). Also start to clean files listed in $(targets). This allows to clean "common/config_data.S" and "xsm/flask/flask-policy.S" without having to list them a second time. Also clean files in "arch/x86/boot" from that directory by allowing "clean" to descend into the subdir by adding "boot" into $(subdir-). Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich Reviewed-by: Daniel P. Smith # XSM Acked-by: Julien Grall --- xen/Makefile | 24 ++++++++++++------------ xen/arch/arm/Makefile | 5 +---- xen/arch/x86/Makefile | 20 ++++++++++++-------- xen/arch/x86/boot/Makefile | 2 ++ xen/common/Makefile | 3 +-- xen/include/Makefile | 4 +--- xen/scripts/Kbuild.include | 4 ++-- xen/scripts/Makefile.clean | 14 +++++++++++--- xen/test/livepatch/Makefile | 4 +--- xen/xsm/flask/Makefile | 4 +--- 10 files changed, 44 insertions(+), 40 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 84774eaf05..133b382f86 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -409,18 +409,18 @@ _debug: .PHONY: _clean _clean: - $(MAKE) $(clean) tools - $(MAKE) $(clean) include - $(MAKE) $(clean) common - $(MAKE) $(clean) drivers - $(MAKE) $(clean) lib - $(MAKE) $(clean) xsm - $(MAKE) $(clean) crypto - $(MAKE) $(clean) arch/arm - $(MAKE) $(clean) arch/riscv - $(MAKE) $(clean) arch/x86 - $(MAKE) $(clean) test - $(MAKE) $(clean) tools/kconfig + $(Q)$(MAKE) $(clean)=tools + $(Q)$(MAKE) $(clean)=include + $(Q)$(MAKE) $(clean)=common + $(Q)$(MAKE) $(clean)=drivers + $(Q)$(MAKE) $(clean)=lib + $(Q)$(MAKE) $(clean)=xsm + $(Q)$(MAKE) $(clean)=crypto + $(Q)$(MAKE) $(clean)=arch/arm + $(Q)$(MAKE) $(clean)=arch/riscv + $(Q)$(MAKE) $(clean)=arch/x86 + $(Q)$(MAKE) $(clean)=test + $(Q)$(MAKE) $(clean)=tools/kconfig find . \( -name "*.o" -o -name ".*.d" -o -name ".*.d2" \ -o -name ".*.o.tmp" -o -name "*~" -o -name "core" \ -o -name '*.lex.c' -o -name '*.tab.[ch]' \ diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index 3ce5f1674f..cecfaf4f3c 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -116,7 +116,4 @@ $(obj)/xen.lds: $(src)/xen.lds.S FORCE $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) -.PHONY: clean -clean:: - rm -f $(obj)/xen.lds - rm -f $(BASEDIR)/.xen-syms.[0-9]* +clean-files := $(objtree)/.xen-syms.[0-9]* diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index d083c5653b..79a6467b07 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -77,6 +77,9 @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif +# Allows "clean" to descend into boot/ +subdir- += boot + extra-y += asm-macros.i extra-y += xen.lds @@ -193,8 +196,8 @@ note_file := endif note_file_option ?= $(note_file) +extra-$(XEN_BUILD_PE) += efi.lds ifeq ($(XEN_BUILD_PE),y) -extra-y += efi.lds $(TARGET).efi: $(BASEDIR)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi/relocs-dummy.o $(obj)/efi/mkreloc ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" @@ -262,10 +265,11 @@ $(obj)/boot/mkelf32: $(src)/boot/mkelf32.c $(obj)/efi/mkreloc: $(src)/efi/mkreloc.c $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< -.PHONY: clean -clean:: - rm -f *.lds boot/mkelf32 - rm -f asm-macros.i $(BASEDIR)/arch/x86/include/asm/asm-macros.* - rm -f $(BASEDIR)/.xen-syms.[0-9]* $(BASEDIR)/.xen.elf32 - rm -f $(BASEDIR)/.xen.efi.[0-9]* efi/*.efi efi/mkreloc - rm -f boot/cmdline.S boot/reloc.S boot/*.lnk boot/*.bin +clean-files := \ + boot/mkelf32 \ + include/asm/asm-macros.* \ + $(objtree)/.xen-syms.[0-9]* \ + $(objtree)/.xen.elf32 \ + $(objtree)/.xen.efi.[0-9]* \ + efi/*.efi \ + efi/mkreloc diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ba732e4a88..1ac8cb435e 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -21,3 +21,5 @@ $(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds $(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" + +clean-files := cmdline.S reloc.S *.lnk *.bin diff --git a/xen/common/Makefile b/xen/common/Makefile index ca839118e4..dc8d3a13f5 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -84,5 +84,4 @@ $(obj)/config_data.S: $(BASEDIR)/tools/binfile FORCE $(call if_changed,binfile,$(obj)/config.gz xen_config_data) targets += config_data.S -clean:: - rm -f config_data.S config.gz 2>/dev/null +clean-files := config.gz diff --git a/xen/include/Makefile b/xen/include/Makefile index cd40d5b4c9..a3c2511f5f 100644 --- a/xen/include/Makefile +++ b/xen/include/Makefile @@ -131,6 +131,4 @@ lib-x86-all: all: lib-x86-all endif -clean:: - rm -rf compat config generated headers*.chk - rm -f $(BASEDIR)/include/xen/lib/x86/cpuid-autogen.h +clean-files := compat config generated headers*.chk xen/lib/x86/cpuid-autogen.h diff --git a/xen/scripts/Kbuild.include b/xen/scripts/Kbuild.include index ed48fb39f1..6e7a403b35 100644 --- a/xen/scripts/Kbuild.include +++ b/xen/scripts/Kbuild.include @@ -99,8 +99,8 @@ build := -f $(srctree)/Rules.mk obj # Shorthand for $(MAKE) clean # Usage: -# $(MAKE) $(clean) dir -clean := -f $(BASEDIR)/scripts/Makefile.clean clean -C +# $(Q)$(MAKE) $(clean)=dir +clean := -f $(srctree)/scripts/Makefile.clean obj # echo command. # Short version is used, if $(quiet) equals `quiet_', otherwise full one. diff --git a/xen/scripts/Makefile.clean b/xen/scripts/Makefile.clean index c2689d4af5..4eed319745 100644 --- a/xen/scripts/Makefile.clean +++ b/xen/scripts/Makefile.clean @@ -3,7 +3,6 @@ # Cleaning up # ========================================================================== -obj := . src := $(obj) clean:: @@ -17,11 +16,20 @@ include $(src)/Makefile subdir-all := $(subdir-y) $(subdir-n) $(subdir-) \ $(patsubst %/,%, $(filter %/, $(obj-y) $(obj-n) $(obj-))) +subdir-all := $(addprefix $(obj)/,$(subdir-all)) + __clean-files := \ $(clean-files) $(hostprogs-y) $(hostprogs-) \ + $(extra-y) $(extra-) $(targets) \ $(hostprogs-always-y) $(hostprogs-always-) -__clean-files := $(wildcard $(__clean-files)) +# clean-files is given relative to the current directory, unless it +# starts with $(objtree)/ (which means "./", so do not add "./" unless +# you want to delete a file from the toplevel object directory). + +__clean-files := $(wildcard \ + $(addprefix $(obj)/, $(filter-out /% $(objtree)/%, $(__clean-files))) \ + $(filter /% $(objtree)/%, $(__clean-files))) .PHONY: clean clean:: $(subdir-all) @@ -35,6 +43,6 @@ endif PHONY += $(subdir-all) $(subdir-all): - $(MAKE) $(clean) $@ + $(Q)$(MAKE) $(clean)=$@ .PHONY: $(PHONY) diff --git a/xen/test/livepatch/Makefile b/xen/test/livepatch/Makefile index adb484dc5d..e6fee84b69 100644 --- a/xen/test/livepatch/Makefile +++ b/xen/test/livepatch/Makefile @@ -160,6 +160,4 @@ install: $(addprefix $(obj)/,$(LIVEPATCHES)) uninstall: cd $(DESTDIR)$(LIVEPATCH_DEBUG_DIR) && rm -f $(LIVEPATCHES) -.PHONY: clean -clean:: - rm -f *.livepatch config.h expect_config.h +clean-files := config.h expect_config.h diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile index 832f65274c..4ac6fb8778 100644 --- a/xen/xsm/flask/Makefile +++ b/xen/xsm/flask/Makefile @@ -49,6 +49,4 @@ $(obj)/policy.bin: FORCE FLASK_BUILD_DIR=$(FLASK_BUILD_DIR) POLICY_FILENAME=$(POLICY_SRC) cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@ -.PHONY: clean -clean:: - rm -f $(ALL_H_FILES) policy.* $(POLICY_SRC) flask-policy.S +clean-files := policy.* $(POLICY_SRC) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279698.477495 (Exim 4.92) (envelope-from ) id 1nNnhC-00079N-1Q; Sat, 26 Feb 2022 03:24:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279698.477495; Sat, 26 Feb 2022 03:24:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhB-00079F-Ud; Sat, 26 Feb 2022 03:24:33 +0000 Received: by outflank-mailman (input) for mailman id 279698; Sat, 26 Feb 2022 03:24:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhB-000798-2U for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhB-0002xA-1o for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnhB-00072L-16 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OLVeWVC9zDvWVjiJQzBeU9Wz1VzM612wI8xNTIF5Qfk=; b=L+VhBzNHa/LAQoXIMKHSUAJMI4 VnnWhC5nmRbBQZwSwaxKQqbsDQqlWElSIWsWRmcawXkzVSMVdGCZ2Y1J4BQlG9OayCl6FNs28dxVi T4g9Ic3Voj3m3SlPTSQMOBvbNe+70xJlEvtB9BTLBbr8NaCTJPSv6vWoQRmBNit+V4BQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: use main rune to build host binary x86's mkelf32 and mkreloc Message-Id: Date: Sat, 26 Feb 2022 03:24:33 +0000 commit 2c8708956e13d10142af8a2434697d50da7db94f Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:43 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:43 2022 +0100 build: use main rune to build host binary x86's mkelf32 and mkreloc Also, remove the HOSTCFLAGS "-g" from "mkreloc" command line. Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- xen/arch/x86/Makefile | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 79a6467b07..9c40e0b4d7 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -83,6 +83,9 @@ subdir- += boot extra-y += asm-macros.i extra-y += xen.lds +hostprogs-y += boot/mkelf32 +hostprogs-y += efi/mkreloc + # Allows usercopy.c to include itself $(obj)/usercopy.o: CFLAGS-y += -iquote . @@ -259,17 +262,9 @@ $(obj)/efi.lds: AFLAGS-y += -DEFI $(obj)/xen.lds $(obj)/efi.lds: $(src)/xen.lds.S FORCE $(call if_changed_dep,cpp_lds_S) -$(obj)/boot/mkelf32: $(src)/boot/mkelf32.c - $(HOSTCC) $(HOSTCFLAGS) -o $@ $< - -$(obj)/efi/mkreloc: $(src)/efi/mkreloc.c - $(HOSTCC) $(HOSTCFLAGS) -g -o $@ $< - clean-files := \ - boot/mkelf32 \ include/asm/asm-macros.* \ $(objtree)/.xen-syms.[0-9]* \ $(objtree)/.xen.elf32 \ $(objtree)/.xen.efi.[0-9]* \ - efi/*.efi \ - efi/mkreloc + efi/*.efi -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279699.477501 (Exim 4.92) (envelope-from ) id 1nNnhM-0007CF-3o; Sat, 26 Feb 2022 03:24:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279699.477501; Sat, 26 Feb 2022 03:24:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhM-0007C2-04; Sat, 26 Feb 2022 03:24:44 +0000 Received: by outflank-mailman (input) for mailman id 279699; Sat, 26 Feb 2022 03:24:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhL-0007Bp-5A for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhL-0002xK-4T for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnhL-00073V-3q for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SLadvADARhSpDtxRduoNFpOOl89OO6Dl3iYXXlTi9M8=; b=HP3s5uMVYztYi6z/+vd+8xX8kQ T5ffyyeQOH2rEXfa8AyOOW+PhjdkhGkVn8JE0nrZCum8cM2C+f29YBlN7YaQ3mwLjV2evb5DcYz7X +jb6c4GJ6D9MIGkVLq1JJvRWYnX0pE1o07QlHh/CCZ8NxtbLuHEbehnCxG6QAcVSuOPQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: rework coverage and ubsan CFLAGS handling Message-Id: Date: Sat, 26 Feb 2022 03:24:43 +0000 commit 1449f6873d7dd477ba110b415ca08a3c2553451e Author: Anthony PERARD AuthorDate: Fri Feb 25 11:07:52 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:07:52 2022 +0100 build: rework coverage and ubsan CFLAGS handling When assigning a value a target-specific variable, that also affect prerequisite of the target. This is mostly fine, but there is one case where we will not want the COV_FLAGS added to the CFLAGS. In arch/x86/boot, we have "head.o" with "cmdline.S" as prerequisite and ultimately "cmdline.o", we don't want COV_FLAGS to that last one. Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Rules.mk | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/xen/Rules.mk b/xen/Rules.mk index 5f2368805b..abeba1ab74 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk @@ -126,19 +126,31 @@ targets += $(targets-for-builtin) $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += -DINIT_SECTIONS_ONLY +non-init-objects = $(filter-out %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)) + ifeq ($(CONFIG_COVERAGE),y) ifeq ($(CONFIG_CC_IS_CLANG),y) COV_FLAGS := -fprofile-instr-generate -fcoverage-mapping else COV_FLAGS := -fprofile-arcs -ftest-coverage endif -$(filter-out %.init.o $(nocov-y),$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS-y += $(COV_FLAGS) + +# Reset COV_FLAGS in cases where an objects has another one as prerequisite +$(nocov-y) $(filter %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)): \ + COV_FLAGS := + +$(non-init-objects): _c_flags += $(COV_FLAGS) endif ifeq ($(CONFIG_UBSAN),y) # Any -fno-sanitize= options need to come after any -fsanitize= options -$(filter-out %.init.o $(noubsan-y),$(obj-y) $(obj-bin-y) $(extra-y)): \ -CFLAGS-y += $(filter-out -fno-%,$(CFLAGS_UBSAN)) $(filter -fno-%,$(CFLAGS_UBSAN)) +UBSAN_FLAGS := $(filter-out -fno-%,$(CFLAGS_UBSAN)) $(filter -fno-%,$(CFLAGS_UBSAN)) + +# Reset UBSAN_FLAGS in cases where an objects has another one as prerequisite +$(noubsan-y) $(filter %.init.o, $(obj-y) $(obj-bin-y) $(extra-y)): \ + UBSAN_FLAGS := + +$(non-init-objects): _c_flags += $(UBSAN_FLAGS) endif ifeq ($(CONFIG_LTO),y) @@ -167,6 +179,9 @@ a_flags = -MMD -MP -MF $(depfile) $(XEN_AFLAGS) include $(BASEDIR)/arch/$(TARGET_ARCH)/Rules.mk +c_flags += $(_c_flags) +a_flags += $(_c_flags) + c_flags += $(CFLAGS-y) a_flags += $(CFLAGS-y) $(AFLAGS-y) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:24:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:24:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279700.477504 (Exim 4.92) (envelope-from ) id 1nNnhW-0007Er-5H; Sat, 26 Feb 2022 03:24:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279700.477504; Sat, 26 Feb 2022 03:24:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhW-0007Eh-1b; Sat, 26 Feb 2022 03:24:54 +0000 Received: by outflank-mailman (input) for mailman id 279700; Sat, 26 Feb 2022 03:24:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhV-0007EX-8F for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhV-0002xW-7W for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnhV-00074b-6m for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:24:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q99di5UU9pSmu2esnfudZA/y8hI6900BMhT37w/Gm2s=; b=2pcIVaWjcmkaCl1NinAFFQ7Mie x2GcSwrp9+zKPyjDhVo1H/N7+rO3IkfxbDJcNatovVg4JL+rQJD/cB7q3zvw55r9tJ3DdPb5WIs0k /7tZHthVh9DjoVKIsrfvE1Ju84oPb7jqwh95RPnNVQXs2fRCmuQlWTDOAR7DaLs7jbW4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/altp2m: p2m_altp2m_propagate_change() should honor present page order Message-Id: Date: Sat, 26 Feb 2022 03:24:53 +0000 commit cbd0874fef835b229d91c94ac736ea26b23915da Author: Jan Beulich AuthorDate: Fri Feb 25 11:09:21 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:09:21 2022 +0100 x86/altp2m: p2m_altp2m_propagate_change() should honor present page order For higher order mappings the comparison against p2m->min_remapped_gfn needs to take the upper bound of the covered GFN range into account, not just the base GFN. Otherwise, i.e. when dropping a mapping overlapping the remapped range but the base GFN outside of that range, an altp2m may wrongly not get reset. Note that there's no need to call get_gfn_type_access() ahead of the check against the remapped range boundaries: None of its outputs are needed earlier, and p2m_reset_altp2m() doesn't require the lock to be held. In fact this avoids a latent lock order violation: With per-GFN locking p2m_reset_altp2m() not only doesn't require the GFN lock to be held, but holding such a lock would actually not be allowed, as the function acquires a P2M lock. Local variables are moved into the more narrow scope (one is deleted altogether) to help see their actual life ranges. Signed-off-by: Jan Beulich Reviewed-by: Tamas K Lengyel --- xen/arch/x86/mm/p2m.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index c1cff37709..444761d31b 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2481,9 +2481,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, p2m_type_t p2mt, p2m_access_t p2ma) { struct p2m_domain *p2m; - p2m_access_t a; - p2m_type_t t; - mfn_t m; unsigned int i; unsigned int reset_count = 0; unsigned int last_reset_idx = ~0; @@ -2496,15 +2493,17 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, for ( i = 0; i < MAX_ALTP2M; i++ ) { + p2m_type_t t; + p2m_access_t a; + if ( d->arch.altp2m_eptp[i] == mfn_x(INVALID_MFN) ) continue; p2m = d->arch.altp2m_p2m[i]; - m = get_gfn_type_access(p2m, gfn_x(gfn), &t, &a, 0, NULL); /* Check for a dropped page that may impact this altp2m */ if ( mfn_eq(mfn, INVALID_MFN) && - gfn_x(gfn) >= p2m->min_remapped_gfn && + gfn_x(gfn) + (1UL << page_order) > p2m->min_remapped_gfn && gfn_x(gfn) <= p2m->max_remapped_gfn ) { if ( !reset_count++ ) @@ -2515,8 +2514,6 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, else { /* At least 2 altp2m's impacted, so reset everything */ - __put_gfn(p2m, gfn_x(gfn)); - for ( i = 0; i < MAX_ALTP2M; i++ ) { if ( i == last_reset_idx || @@ -2530,16 +2527,19 @@ int p2m_altp2m_propagate_change(struct domain *d, gfn_t gfn, break; } } - else if ( !mfn_eq(m, INVALID_MFN) ) + else if ( !mfn_eq(get_gfn_type_access(p2m, gfn_x(gfn), &t, &a, 0, + NULL), INVALID_MFN) ) { int rc = p2m_set_entry(p2m, gfn, mfn, page_order, p2mt, p2ma); /* Best effort: Don't bail on error. */ if ( !ret ) ret = rc; - } - __put_gfn(p2m, gfn_x(gfn)); + __put_gfn(p2m, gfn_x(gfn)); + } + else + __put_gfn(p2m, gfn_x(gfn)); } altp2m_list_unlock(d); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:25:04 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:25:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279701.477507 (Exim 4.92) (envelope-from ) id 1nNnhg-0007J6-6K; Sat, 26 Feb 2022 03:25:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279701.477507; Sat, 26 Feb 2022 03:25:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhg-0007Iy-3L; Sat, 26 Feb 2022 03:25:04 +0000 Received: by outflank-mailman (input) for mailman id 279701; Sat, 26 Feb 2022 03:25:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhf-0007Io-B8 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhf-0002xq-AV for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnhf-00075y-9i for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lgowejlawOKk2cCoSfibqkBFylx3tQU01NfLF6b5XZA=; b=x8MJG4a6GdW+6lJ8/Z9gG4EdYg siCTxx4ErjA1FYdvUt9Fy7czVwnvQDfXBzCTl+Uqnj7lj2wUrcva6eevFB4D0ztXSSOzl6b0ImACX +u8kEHT+38VvFaX/01hnBoXWRF4aImqUsvQj6vSIic2IIxoCH35GLbLMVJfHMqOSw/bY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: update TXT section Message-Id: Date: Sat, 26 Feb 2022 03:25:03 +0000 commit 676450d24670abbc0518447b2488ab5d4d568822 Author: Jan Beulich AuthorDate: Fri Feb 25 11:09:53 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:09:53 2022 +0100 MAINTAINERS: update TXT section Since Lukasz has left Intel, they have suggested a replacement contact. Signed-off-by: Jan Beulich Acked-by: Mateusz Mówka --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index d41572128b..d4b06f5bfb 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -318,6 +318,7 @@ F: xen/include/xen/hypfs.h INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) R: Lukasz Hawrylko R: Daniel P. Smith +R: Mateusz Mówka S: Odd Fixes F: xen/arch/x86/include/asm/tboot.h F: xen/arch/x86/tboot.c -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 03:25:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 03:25:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279702.477512 (Exim 4.92) (envelope-from ) id 1nNnhq-0007M9-8a; Sat, 26 Feb 2022 03:25:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279702.477512; Sat, 26 Feb 2022 03:25:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhq-0007M1-4u; Sat, 26 Feb 2022 03:25:14 +0000 Received: by outflank-mailman (input) for mailman id 279702; Sat, 26 Feb 2022 03:25:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhp-0007Lr-E9 for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNnhp-0002zW-DS for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNnhp-000775-Cp for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 03:25:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5QFyKyBHYHS1q21hMznmDKGd9uLkoC3XwcpKwnKkfF0=; b=lcBqyf19FTBt5HJubT5u/0RHm3 KollvHajQt8jD93S3ez0F/AqoTuA5ro39Nhn33TWd1OE6Z9KuZJ+iUhjY/gx3LpXeBbJbzeipio34 V3tvym3nd1Gxi2QWN04q9MWGfK4HPoC5YOCerlZ8fbDxcvYt41yFqoiNDleubazF06aI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/public: add comment to struct xen_mem_acquire_resource Message-Id: Date: Sat, 26 Feb 2022 03:25:13 +0000 commit f0f2f42c21de82ff65672e8ecfadcfddc63f2186 Author: Juergen Gross AuthorDate: Fri Feb 25 11:10:19 2022 +0100 Commit: Jan Beulich CommitDate: Fri Feb 25 11:10:19 2022 +0100 xen/public: add comment to struct xen_mem_acquire_resource Commit 7c7f7e8fba01 changed xen/include/public/memory.h in an incompatible way. Unfortunately the changed parts were already in use in the Linux kernel, so an update of the header in the kernel would result in a build breakage. As the change of above commit was in a section originally meant to be not stable, it was the usage in the kernel which was wrong. Add a comment to the modified struct for not reusing the now removed bit, in order to avoid kernels using it stumbling over a possible new meaning of the bit. In case the kernel is updating to a new version of the header, the wrong use case must be removed first. Signed-off-by: Juergen Gross Acked-by: Jan Beulich --- xen/include/public/memory.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 383a9468c3..a1a0f0233a 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -662,6 +662,13 @@ struct xen_mem_acquire_resource { * two calls. */ uint32_t nr_frames; + /* + * Padding field, must be zero on input. + * In a previous version this was an output field with the lowest bit + * named XENMEM_rsrc_acq_caller_owned. Future versions of this interface + * will not reuse this bit as an output with the field being zero on + * input. + */ uint32_t pad; /* * IN - the index of the initial frame to be mapped. This parameter -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 11:55:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 11:55:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279757.477570 (Exim 4.92) (envelope-from ) id 1nNvfC-0007Vg-Mr; Sat, 26 Feb 2022 11:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279757.477570; Sat, 26 Feb 2022 11:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfC-0007VX-Jp; Sat, 26 Feb 2022 11:55:02 +0000 Received: by outflank-mailman (input) for mailman id 279757; Sat, 26 Feb 2022 11:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfB-0007Ug-PV for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfB-0004As-Oo for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNvfB-0007wH-NV for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y3flNWpjzwNKV4wgVAbxbjfbPd7TygdTbeqqqtpo0Kc=; b=VHFOhJtkY3KJIu/UuBMxztyFzr hGKHZkzGyYZnB7S4bz5kQD/MC5ln5qJDd8jLvzhJCIjfb8dcqLqTf1vnBw7L4uJg65x2tNKNAWEVM YnwGPYYvl74yheltgrrI56ZWhO9TVeOw5dM6lStTsd+wDKoNVt1X6bh+e9JB/UJtbkvk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Sat, 26 Feb 2022 11:55:01 +0000 commit 7d9589239ec068c944190408b9838774d5ec1f8f Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 25 13:15:42 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index fa41990dde..5d12937a0e 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Feb 26 11:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 26 Feb 2022 11:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.279760.477574 (Exim 4.92) (envelope-from ) id 1nNvfM-0007dC-Pc; Sat, 26 Feb 2022 11:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279760.477574; Sat, 26 Feb 2022 11:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfM-0007d0-MR; Sat, 26 Feb 2022 11:55:12 +0000 Received: by outflank-mailman (input) for mailman id 279760; Sat, 26 Feb 2022 11:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfL-0007cS-Sb for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNvfL-0004Cb-Rq for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nNvfL-0007wk-Qy for xen-changelog@lists.xenproject.org; Sat, 26 Feb 2022 11:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZGOE0IfRIZ/1Kw2aa3CZ7mStKlTyAwo+Y4PeXHg1hwI=; b=oj+HyMz6/BUzzW5CyZ0uBiPclh ZhcJpAuw/O5IST+cEoheHTWw2i2t/mAoy19WZVSoyWgGgLOV+8DWMYm2/F5s8vxFHUFE4VTMIcNPJ dWCHE7mUIlbCzAOt18BCA4HkWbbxohba0es3h5pIwBljmiOOSSNueyElBRyJYv3uantg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: fix auto defconfig rule Message-Id: Date: Sat, 26 Feb 2022 11:55:11 +0000 commit 10f1f7b010a22d6d4ee67b018412d5f7ea386fc6 Author: Anthony PERARD AuthorDate: Fri Feb 25 14:54:08 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Feb 25 16:23:09 2022 +0000 build: fix auto defconfig rule We should only run "defconfig" if ".config" is missing. Commit 317c98cb91 have added a dependency on "tools/fixdep", so make would start runnning "defconfig" also when "tools/fixdep" is newer than ".config" and thus overwrite any changes made by a developer. Reintroduce intended behavior of the rule to only generate a default Kconfig when ".config" is missing. Fixes: 317c98cb91 ("build: hook kconfig into xen build system") Reported-by: Andrew Cooper Signed-off-by: Anthony PERARD Acked-by: Andrew Cooper --- xen/Makefile | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index 133b382f86..ed4891daf1 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -243,15 +243,10 @@ ifeq ($(need-config),y) # changes are detected. -include include/config/auto.conf.cmd -# This allows make to build fixdep before invoking defconfig. We can't use -# "tools_fixdep" which is a .PHONY target and would force make to call -# "defconfig" again to update $(KCONFIG_CONFIG). -tools/fixdep: - $(Q)$(MAKE) $(build)=tools tools/fixdep - # Allow people to just run `make` as before and not force them to configure -$(KCONFIG_CONFIG): tools/fixdep - $(Q)$(MAKE) $(build)=tools/kconfig defconfig +# Only run defconfig if $(KCONFIG_CONFIG) is missing +$(KCONFIG_CONFIG): tools_fixdep + $(if $(wildcard $@), , $(Q)$(MAKE) $(build)=tools/kconfig defconfig) # The actual configuration files used during the build are stored in # include/generated/ and include/config/. Update them if .config is newer than -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sun Feb 27 19:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 27 Feb 2022 19:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280066.477891 (Exim 4.92) (envelope-from ) id 1nOPI1-00053c-A6; Sun, 27 Feb 2022 19:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280066.477891; Sun, 27 Feb 2022 19:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPI1-00053U-6v; Sun, 27 Feb 2022 19:33:05 +0000 Received: by outflank-mailman (input) for mailman id 280066; Sun, 27 Feb 2022 19:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPI0-00053O-Qg for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPI0-00006B-Md for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOPI0-0000Gs-LY for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qc1wxkkICP5vbfBmZUQLRN++yk4WIHky3tFaM4h4H6c=; b=gdtMKPQN6zNuPObcvHb9bmUbTV B7b8xYKPvSe7qca1sr/UdBPzT5QmksQ1aJIn9mYY8lXDSxwrtj4TLYQD2iBjRiv+eq8toyoolHW+a ozp1HIM/ArRvQ6a0wOxOQKyOMFJ75/1e3C90/LGr1xHNPEiSgMFKxCcgiDbqFmpvs5Y8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: lpae: Rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS Message-Id: Date: Sun, 27 Feb 2022 19:33:04 +0000 commit f7b7e2b9add53780e44e8f8c165c2281258ae367 Author: Julien Grall AuthorDate: Sun Feb 27 19:21:58 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: lpae: Rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS Commit 05031fa87357 "xen/arm: guest_walk: Only generate necessary offsets/masks" introduced LPAE_ENTRIES_MASK_GS. In a follow-up patch, we will use it to define LPAE_ENTRY_MASK. This will lead to inconsistent naming. As LPAE_ENTRY_MASK is used in many places, it is better to rename LPAE_ENTRIES_MASK_GS and avoid some churn. So rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/include/asm/lpae.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/include/asm/lpae.h b/xen/arch/arm/include/asm/lpae.h index e94de2e7d8..4302e5671a 100644 --- a/xen/arch/arm/include/asm/lpae.h +++ b/xen/arch/arm/include/asm/lpae.h @@ -180,7 +180,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) */ #define LPAE_SHIFT_GS(gs) ((gs) - 3) #define LPAE_ENTRIES_GS(gs) (_AC(1, U) << LPAE_SHIFT_GS(gs)) -#define LPAE_ENTRIES_MASK_GS(gs) (LPAE_ENTRIES_GS(gs) - 1) +#define LPAE_ENTRY_MASK_GS(gs) (LPAE_ENTRIES_GS(gs) - 1) #define LEVEL_ORDER_GS(gs, lvl) ((3 - (lvl)) * LPAE_SHIFT_GS(gs)) #define LEVEL_SHIFT_GS(gs, lvl) (LEVEL_ORDER_GS(gs, lvl) + (gs)) @@ -188,7 +188,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) /* Offset in the table at level 'lvl' */ #define LPAE_TABLE_INDEX_GS(gs, lvl, addr) \ - (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRIES_MASK_GS(gs)) + (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRY_MASK_GS(gs)) /* Generate an array @var containing the offset for each level from @addr */ #define DECLARE_OFFSETS(var, addr) \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Feb 27 19:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 27 Feb 2022 19:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280067.477895 (Exim 4.92) (envelope-from ) id 1nOPIB-00055k-Bs; Sun, 27 Feb 2022 19:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280067.477895; Sun, 27 Feb 2022 19:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIB-00055c-8r; Sun, 27 Feb 2022 19:33:15 +0000 Received: by outflank-mailman (input) for mailman id 280067; Sun, 27 Feb 2022 19:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIA-00055K-Qm for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIA-00006L-Pv for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOPIA-0000Hx-P1 for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I2EYtXBFUnddL2gmNRAQycsAxmP+bwtfW5+qz5PbxhU=; b=fTdfi2Q5eYE7TWVbTj7rwfuIi+ U7xBmJ7tyTo7HIyLE2e+fmKf3j3L6Ytsed0U6IZZzrzcdkp9bUPKDrquk+Xh5/BG0FQY+Jsf/KEyL oa3cNgMW3VvTnTe+nY0YkJmYWO+Tryog2DDA2rwS44M4HZICbX/zV8I+5u2wB1XhOiC8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: lpae: Use the generic helpers to defined the Xen PT helpers Message-Id: Date: Sun, 27 Feb 2022 19:33:14 +0000 commit 315c26f98d848d5214b8a288346e68a6ffe418c5 Author: Julien Grall AuthorDate: Sun Feb 27 19:21:59 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: lpae: Use the generic helpers to defined the Xen PT helpers Currently, Xen PT helpers are only working with 4KB page granularity and open-code the generic helpers. To allow more flexibility, we can re-use the generic helpers and pass Xen's page granularity (PAGE_SHIFT). As Xen PT helpers are used in both C and assembly, we need to move the generic helpers definition outside of the !__ASSEMBLY__ section. Take the opportunity to prefix LPAE_SHIFT, LPAE_ENTRIES and LPAE_ENTRY_MASK with XEN_PT_. Note the aliases for each level are still kept for the time being so we can avoid a massive patch to change all the callers. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 14 ++++---- xen/arch/arm/arm64/head.S | 14 ++++---- xen/arch/arm/include/asm/lpae.h | 73 +++++++++++++++++++++++------------------ xen/arch/arm/mm.c | 33 ++++++++++--------- xen/arch/arm/p2m.c | 13 ++++---- 5 files changed, 80 insertions(+), 67 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index b5912d381b..b1d209ea28 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -375,7 +375,7 @@ ENDPROC(cpu_init) */ .macro create_table_entry, ptbl, tbl, virt, shift, mmu=0 lsr r1, \virt, #\shift - mov_w r2, LPAE_ENTRY_MASK + mov_w r2, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ @@ -410,7 +410,7 @@ ENDPROC(cpu_init) * and be distinct. */ .macro create_mapping_entry, ptbl, virt, phys, type=PT_MEM_L3, mmu=0 - mov_w r2, LPAE_ENTRY_MASK + mov_w r2, XEN_PT_LPAE_ENTRY_MASK lsr r1, \virt, #THIRD_SHIFT and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ @@ -465,7 +465,7 @@ create_page_tables: 1: strd r2, r3, [r4, r1] /* Map vaddr(start) */ add r2, r2, #PAGE_SIZE /* Next page */ add r1, r1, #8 /* Next slot */ - cmp r1, #(LPAE_ENTRIES<<3) /* 512*8-byte entries per page */ + cmp r1, #(XEN_PT_LPAE_ENTRIES<<3) /* 512*8-byte entries per page */ blo 1b /* @@ -487,7 +487,7 @@ create_page_tables: * the second level. */ lsr r1, r9, #FIRST_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := first slot */ cmp r1, #XEN_FIRST_SLOT beq 1f @@ -502,7 +502,7 @@ create_page_tables: * it. */ lsr r1, r9, #SECOND_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := second slot */ cmp r1, #XEN_SECOND_SLOT beq virtphys_clash @@ -573,7 +573,7 @@ remove_identity_mapping: * table if the slot is not XEN_FIRST_SLOT. */ lsr r1, r9, #FIRST_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := first slot */ cmp r1, #XEN_FIRST_SLOT beq 1f @@ -589,7 +589,7 @@ remove_identity_mapping: * table if the slot is not XEN_SECOND_SLOT. */ lsr r1, r9, #SECOND_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := second slot */ cmp r1, #XEN_SECOND_SLOT beq identity_mapping_removed diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 51b00ab0be..314b800b3f 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -509,7 +509,7 @@ ENDPROC(cpu_init) */ .macro create_table_entry, ptbl, tbl, virt, shift, tmp1, tmp2, tmp3 lsr \tmp1, \virt, #\shift - and \tmp1, \tmp1, #LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ + and \tmp1, \tmp1, #XEN_PT_LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ load_paddr \tmp2, \tbl mov \tmp3, #PT_PT /* \tmp3 := right for linear PT */ @@ -541,7 +541,7 @@ ENDPROC(cpu_init) and \tmp3, \phys, #THIRD_MASK /* \tmp3 := PAGE_ALIGNED(phys) */ lsr \tmp1, \virt, #THIRD_SHIFT - and \tmp1, \tmp1, #LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ + and \tmp1, \tmp1, #XEN_PT_LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ mov \tmp2, #\type /* \tmp2 := right for section PT */ orr \tmp2, \tmp2, \tmp3 /* + PAGE_ALIGNED(phys) */ @@ -586,7 +586,7 @@ create_page_tables: 1: str x2, [x4, x1] /* Map vaddr(start) */ add x2, x2, #PAGE_SIZE /* Next page */ add x1, x1, #8 /* Next slot */ - cmp x1, #(LPAE_ENTRIES<<3) /* 512 entries per page */ + cmp x1, #(XEN_PT_LPAE_ENTRIES<<3) /* 512 entries per page */ b.lt 1b /* @@ -621,7 +621,7 @@ create_page_tables: * the second level. */ lsr x0, x19, #FIRST_SHIFT - and x0, x0, #LPAE_ENTRY_MASK /* x0 := first slot */ + and x0, x0, #XEN_PT_LPAE_ENTRY_MASK /* x0 := first slot */ cmp x0, #XEN_FIRST_SLOT beq 1f create_table_entry boot_first, boot_second_id, x19, FIRST_SHIFT, x0, x1, x2 @@ -635,7 +635,7 @@ create_page_tables: * it. */ lsr x0, x19, #SECOND_SHIFT - and x0, x0, #LPAE_ENTRY_MASK /* x0 := first slot */ + and x0, x0, #XEN_PT_LPAE_ENTRY_MASK /* x0 := first slot */ cmp x0, #XEN_SECOND_SLOT beq virtphys_clash create_table_entry boot_second, boot_third_id, x19, SECOND_SHIFT, x0, x1, x2 @@ -715,7 +715,7 @@ remove_identity_mapping: * table if the slot is not XEN_FIRST_SLOT. */ lsr x1, x19, #FIRST_SHIFT - and x1, x1, #LPAE_ENTRY_MASK /* x1 := first slot */ + and x1, x1, #XEN_PT_LPAE_ENTRY_MASK /* x1 := first slot */ cmp x1, #XEN_FIRST_SLOT beq 1f /* It is not in slot XEN_FIRST_SLOT, remove the entry. */ @@ -729,7 +729,7 @@ remove_identity_mapping: * table if the slot is not XEN_SECOND_SLOT. */ lsr x1, x19, #SECOND_SHIFT - and x1, x1, #LPAE_ENTRY_MASK /* x1 := first slot */ + and x1, x1, #XEN_PT_LPAE_ENTRY_MASK /* x1 := first slot */ cmp x1, #XEN_SECOND_SLOT beq identity_mapping_removed /* It is not in slot 1, remove the entry */ diff --git a/xen/arch/arm/include/asm/lpae.h b/xen/arch/arm/include/asm/lpae.h index 4302e5671a..aecb320dec 100644 --- a/xen/arch/arm/include/asm/lpae.h +++ b/xen/arch/arm/include/asm/lpae.h @@ -159,6 +159,17 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define lpae_get_mfn(pte) (_mfn((pte).walk.base)) #define lpae_set_mfn(pte, mfn) ((pte).walk.base = mfn_x(mfn)) +/* Generate an array @var containing the offset for each level from @addr */ +#define DECLARE_OFFSETS(var, addr) \ + const unsigned int var[4] = { \ + zeroeth_table_offset(addr), \ + first_table_offset(addr), \ + second_table_offset(addr), \ + third_table_offset(addr) \ + } + +#endif /* __ASSEMBLY__ */ + /* * AArch64 supports pages with different sizes (4K, 16K, and 64K). * Provide a set of generic helpers that will compute various @@ -190,17 +201,6 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define LPAE_TABLE_INDEX_GS(gs, lvl, addr) \ (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRY_MASK_GS(gs)) -/* Generate an array @var containing the offset for each level from @addr */ -#define DECLARE_OFFSETS(var, addr) \ - const unsigned int var[4] = { \ - zeroeth_table_offset(addr), \ - first_table_offset(addr), \ - second_table_offset(addr), \ - third_table_offset(addr) \ - } - -#endif /* __ASSEMBLY__ */ - /* * These numbers add up to a 48-bit input address space. * @@ -211,26 +211,35 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) * therefore 39-bits are sufficient. */ -#define LPAE_SHIFT 9 -#define LPAE_ENTRIES (_AC(1,U) << LPAE_SHIFT) -#define LPAE_ENTRY_MASK (LPAE_ENTRIES - 1) - -#define THIRD_SHIFT (PAGE_SHIFT) -#define THIRD_ORDER (THIRD_SHIFT - PAGE_SHIFT) -#define THIRD_SIZE (_AT(paddr_t, 1) << THIRD_SHIFT) -#define THIRD_MASK (~(THIRD_SIZE - 1)) -#define SECOND_SHIFT (THIRD_SHIFT + LPAE_SHIFT) -#define SECOND_ORDER (SECOND_SHIFT - PAGE_SHIFT) -#define SECOND_SIZE (_AT(paddr_t, 1) << SECOND_SHIFT) -#define SECOND_MASK (~(SECOND_SIZE - 1)) -#define FIRST_SHIFT (SECOND_SHIFT + LPAE_SHIFT) -#define FIRST_ORDER (FIRST_SHIFT - PAGE_SHIFT) -#define FIRST_SIZE (_AT(paddr_t, 1) << FIRST_SHIFT) -#define FIRST_MASK (~(FIRST_SIZE - 1)) -#define ZEROETH_SHIFT (FIRST_SHIFT + LPAE_SHIFT) -#define ZEROETH_ORDER (ZEROETH_SHIFT - PAGE_SHIFT) -#define ZEROETH_SIZE (_AT(paddr_t, 1) << ZEROETH_SHIFT) -#define ZEROETH_MASK (~(ZEROETH_SIZE - 1)) +#define XEN_PT_LPAE_SHIFT LPAE_SHIFT_GS(PAGE_SHIFT) +#define XEN_PT_LPAE_ENTRIES LPAE_ENTRIES_GS(PAGE_SHIFT) +#define XEN_PT_LPAE_ENTRY_MASK LPAE_ENTRY_MASK_GS(PAGE_SHIFT) + +#define XEN_PT_LEVEL_SHIFT(lvl) LEVEL_SHIFT_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_ORDER(lvl) LEVEL_ORDER_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_SIZE(lvl) LEVEL_SIZE_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_MASK(lvl) (~(XEN_PT_LEVEL_SIZE(lvl) - 1)) + +/* Convenience aliases */ +#define THIRD_SHIFT XEN_PT_LEVEL_SHIFT(3) +#define THIRD_ORDER XEN_PT_LEVEL_ORDER(3) +#define THIRD_SIZE XEN_PT_LEVEL_SIZE(3) +#define THIRD_MASK XEN_PT_LEVEL_MASK(3) + +#define SECOND_SHIFT XEN_PT_LEVEL_SHIFT(2) +#define SECOND_ORDER XEN_PT_LEVEL_ORDER(2) +#define SECOND_SIZE XEN_PT_LEVEL_SIZE(2) +#define SECOND_MASK XEN_PT_LEVEL_MASK(2) + +#define FIRST_SHIFT XEN_PT_LEVEL_SHIFT(1) +#define FIRST_ORDER XEN_PT_LEVEL_ORDER(1) +#define FIRST_SIZE XEN_PT_LEVEL_SIZE(1) +#define FIRST_MASK XEN_PT_LEVEL_MASK(1) + +#define ZEROETH_SHIFT XEN_PT_LEVEL_SHIFT(0) +#define ZEROETH_ORDER XEN_PT_LEVEL_ORDER(0) +#define ZEROETH_SIZE XEN_PT_LEVEL_SIZE(0) +#define ZEROETH_MASK XEN_PT_LEVEL_MASK(0) /* Calculate the offsets into the pagetables for a given VA */ #define zeroeth_linear_offset(va) ((va) >> ZEROETH_SHIFT) @@ -238,7 +247,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define second_linear_offset(va) ((va) >> SECOND_SHIFT) #define third_linear_offset(va) ((va) >> THIRD_SHIFT) -#define TABLE_OFFSET(offs) (_AT(unsigned int, offs) & LPAE_ENTRY_MASK) +#define TABLE_OFFSET(offs) (_AT(unsigned int, offs) & XEN_PT_LPAE_ENTRY_MASK) #define first_table_offset(va) TABLE_OFFSET(first_linear_offset(va)) #define second_table_offset(va) TABLE_OFFSET(second_linear_offset(va)) #define third_table_offset(va) TABLE_OFFSET(third_linear_offset(va)) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index b1eae767c2..515d0906f8 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -71,10 +71,11 @@ mm_printk(const char *fmt, ...) {} * in C). */ #define DEFINE_BOOT_PAGE_TABLE(name) \ -lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") name[LPAE_ENTRIES] +lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") \ + name[XEN_PT_LPAE_ENTRIES] #define DEFINE_PAGE_TABLES(name, nr) \ -lpae_t __aligned(PAGE_SIZE) name[LPAE_ENTRIES * (nr)] +lpae_t __aligned(PAGE_SIZE) name[XEN_PT_LPAE_ENTRIES * (nr)] #define DEFINE_PAGE_TABLE(name) DEFINE_PAGE_TABLES(name, 1) @@ -207,7 +208,7 @@ static void __init __maybe_unused build_assertions(void) BUILD_BUG_ON(zeroeth_table_offset(XEN_VIRT_START)); #endif BUILD_BUG_ON(first_table_offset(XEN_VIRT_START)); - BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= LPAE_ENTRIES); + BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= XEN_PT_LPAE_ENTRIES); #ifdef CONFIG_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif @@ -256,7 +257,7 @@ void dump_pt_walk(paddr_t ttbr, paddr_t addr, for ( level = root_level; ; level++ ) { - if ( offsets[level] > LPAE_ENTRIES ) + if ( offsets[level] > XEN_PT_LPAE_ENTRIES ) break; pte = mapping[offsets[level]]; @@ -395,15 +396,15 @@ static void __init create_mappings(lpae_t *second, ASSERT(!(base_mfn % granularity)); ASSERT(!(nr_mfns % granularity)); - count = nr_mfns / LPAE_ENTRIES; + count = nr_mfns / XEN_PT_LPAE_ENTRIES; p = second + second_linear_offset(virt_offset); pte = mfn_to_xen_entry(_mfn(base_mfn), MT_NORMAL); - if ( granularity == 16 * LPAE_ENTRIES ) + if ( granularity == 16 * XEN_PT_LPAE_ENTRIES ) pte.pt.contig = 1; /* These maps are in 16-entry contiguous chunks. */ for ( i = 0; i < count; i++ ) { write_pte(p + i, pte); - pte.pt.base += 1 << LPAE_SHIFT; + pte.pt.base += 1 << XEN_PT_LPAE_SHIFT; } flush_xen_tlb_local(); } @@ -424,7 +425,7 @@ void *map_domain_page(mfn_t mfn) { unsigned long flags; lpae_t *map = this_cpu(xen_dommap); - unsigned long slot_mfn = mfn_x(mfn) & ~LPAE_ENTRY_MASK; + unsigned long slot_mfn = mfn_x(mfn) & ~XEN_PT_LPAE_ENTRY_MASK; vaddr_t va; lpae_t pte; int i, slot; @@ -435,7 +436,7 @@ void *map_domain_page(mfn_t mfn) * entry is a 2MB superpage pte. We use the available bits of each * PTE as a reference count; when the refcount is zero the slot can * be reused. */ - for ( slot = (slot_mfn >> LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; + for ( slot = (slot_mfn >> XEN_PT_LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; i < DOMHEAP_ENTRIES; slot = (slot + 1) % DOMHEAP_ENTRIES, i++ ) { @@ -477,7 +478,7 @@ void *map_domain_page(mfn_t mfn) va = (DOMHEAP_VIRT_START + (slot << SECOND_SHIFT) - + ((mfn_x(mfn) & LPAE_ENTRY_MASK) << THIRD_SHIFT)); + + ((mfn_x(mfn) & XEN_PT_LPAE_ENTRY_MASK) << THIRD_SHIFT)); /* * We may not have flushed this specific subpage at map time, @@ -513,7 +514,7 @@ mfn_t domain_page_map_to_mfn(const void *ptr) unsigned long va = (unsigned long)ptr; lpae_t *map = this_cpu(xen_dommap); int slot = (va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; - unsigned long offset = (va>>THIRD_SHIFT) & LPAE_ENTRY_MASK; + unsigned long offset = (va>>THIRD_SHIFT) & XEN_PT_LPAE_ENTRY_MASK; if ( va >= VMAP_VIRT_START && va < VMAP_VIRT_END ) return virt_to_mfn(va); @@ -654,7 +655,8 @@ void __init setup_pagetables(unsigned long boot_phys_offset) /* Initialise first level entries, to point to second level entries */ for ( i = 0; i < 2; i++) { - p[i] = pte_of_xenaddr((uintptr_t)(xen_second+i*LPAE_ENTRIES)); + p[i] = pte_of_xenaddr((uintptr_t)(xen_second + + i * XEN_PT_LPAE_ENTRIES)); p[i].pt.table = 1; p[i].pt.xn = 0; } @@ -663,13 +665,14 @@ void __init setup_pagetables(unsigned long boot_phys_offset) for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) { p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)] - = pte_of_xenaddr((uintptr_t)(cpu0_dommap+i*LPAE_ENTRIES)); + = pte_of_xenaddr((uintptr_t)(cpu0_dommap + + i * XEN_PT_LPAE_ENTRIES)); p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)].pt.table = 1; } #endif /* Break up the Xen mapping into 4k pages and protect them separately. */ - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { vaddr_t va = XEN_VIRT_START + (i << PAGE_SHIFT); @@ -768,7 +771,7 @@ int init_secondary_pagetables(int cpu) * domheap mapping pages. */ for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) { - pte = mfn_to_xen_entry(virt_to_mfn(domheap+i*LPAE_ENTRIES), + pte = mfn_to_xen_entry(virt_to_mfn(domheap + i * XEN_PT_LPAE_ENTRIES), MT_NORMAL); pte.pt.table = 1; write_pte(&first[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)], pte); diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 02cf852d4c..493a1e2587 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -233,7 +233,8 @@ static lpae_t *p2m_get_root_pointer(struct p2m_domain *p2m, * we can't use (P2M_ROOT_LEVEL - 1) because the root level might be * 0. Yet we still want to check if all the unused bits are zeroed. */ - root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + LPAE_SHIFT); + root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + + XEN_PT_LPAE_SHIFT); if ( root_table >= P2M_ROOT_PAGES ) return NULL; @@ -773,7 +774,7 @@ static void p2m_free_entry(struct p2m_domain *p2m, } table = map_domain_page(lpae_get_mfn(entry)); - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) p2m_free_entry(p2m, *(table + i), level + 1); unmap_domain_page(table); @@ -827,7 +828,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, * We are either splitting a first level 1G page into 512 second level * 2M pages, or a second level 2M page into 512 third level 4K pages. */ - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { lpae_t *new_entry = table + i; @@ -850,7 +851,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, /* Update stats */ p2m->stats.shattered[level]++; p2m->stats.mappings[level]--; - p2m->stats.mappings[next_level] += LPAE_ENTRIES; + p2m->stats.mappings[next_level] += XEN_PT_LPAE_ENTRIES; /* * Shatter superpage in the page to the level we want to make the @@ -888,7 +889,7 @@ static int __p2m_set_entry(struct p2m_domain *p2m, p2m_access_t a) { unsigned int level = 0; - unsigned int target = 3 - (page_order / LPAE_SHIFT); + unsigned int target = 3 - (page_order / XEN_PT_LPAE_SHIFT); lpae_t *entry, *table, orig_pte; int rc; /* A mapping is removed if the MFN is invalid. */ @@ -1142,7 +1143,7 @@ static void p2m_invalidate_table(struct p2m_domain *p2m, mfn_t mfn) table = map_domain_page(mfn); - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { lpae_t pte = table[i]; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Feb 27 19:33:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 27 Feb 2022 19:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280068.477899 (Exim 4.92) (envelope-from ) id 1nOPIL-00058b-DV; Sun, 27 Feb 2022 19:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280068.477899; Sun, 27 Feb 2022 19:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIL-00058T-AL; Sun, 27 Feb 2022 19:33:25 +0000 Received: by outflank-mailman (input) for mailman id 280068; Sun, 27 Feb 2022 19:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIK-00058M-Tu for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOPIK-00006W-T8 for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOPIK-0000Iq-S8 for xen-changelog@lists.xenproject.org; Sun, 27 Feb 2022 19:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OU8RXv32f5vpnGMCn0RqwrDIM/C3+Imewlpa9gN6Qrk=; b=xC9TK3VGLgCOYF0WyrTQJdzhL5 UsJ22QnGFfEQYz+wYS87PIm7npVrrV2mHWe0YpQvrS5YsdM+WYCt6a94Vt9nCYhkHb1yM+vBvLlEn zCgk6aGnYcf9bRGF2KB9KhALZgWVUwYyogjSo9r3ryjBtm22jNZRPaoVIn4vsB83Zaxg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: p2m: Replace level_{orders, masks} arrays with XEN_PT_LEVEL_{ORDER, MASK} Message-Id: Date: Sun, 27 Feb 2022 19:33:24 +0000 commit 4388144c44c4dd9e9b7df97938ef08ffa85eec07 Author: Julien Grall AuthorDate: Sun Feb 27 19:22:37 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: p2m: Replace level_{orders, masks} arrays with XEN_PT_LEVEL_{ORDER, MASK} The array level_orders and level_masks can be replaced with the recently introduced macros LEVEL_ORDER and LEVEL_MASK. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/p2m.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 493a1e2587..1d1059f7d2 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -37,12 +37,6 @@ static unsigned int __read_mostly max_vmid = MAX_VMID_8_BIT; */ unsigned int __read_mostly p2m_ipa_bits = 64; -/* Helpers to lookup the properties of each level */ -static const paddr_t level_masks[] = - { ZEROETH_MASK, FIRST_MASK, SECOND_MASK, THIRD_MASK }; -static const uint8_t level_orders[] = - { ZEROETH_ORDER, FIRST_ORDER, SECOND_ORDER, THIRD_ORDER }; - static mfn_t __read_mostly empty_root_mfn; static uint64_t generate_vttbr(uint16_t vmid, mfn_t root_mfn) @@ -233,7 +227,7 @@ static lpae_t *p2m_get_root_pointer(struct p2m_domain *p2m, * we can't use (P2M_ROOT_LEVEL - 1) because the root level might be * 0. Yet we still want to check if all the unused bits are zeroed. */ - root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + + root_table = gfn_x(gfn) >> (XEN_PT_LEVEL_ORDER(P2M_ROOT_LEVEL) + XEN_PT_LPAE_SHIFT); if ( root_table >= P2M_ROOT_PAGES ) return NULL; @@ -380,7 +374,7 @@ mfn_t p2m_get_entry(struct p2m_domain *p2m, gfn_t gfn, if ( gfn_x(gfn) > gfn_x(p2m->max_mapped_gfn) ) { for ( level = P2M_ROOT_LEVEL; level < 3; level++ ) - if ( (gfn_x(gfn) & (level_masks[level] >> PAGE_SHIFT)) > + if ( (gfn_x(gfn) & (XEN_PT_LEVEL_MASK(level) >> PAGE_SHIFT)) > gfn_x(p2m->max_mapped_gfn) ) break; @@ -423,7 +417,8 @@ mfn_t p2m_get_entry(struct p2m_domain *p2m, gfn_t gfn, * The entry may point to a superpage. Find the MFN associated * to the GFN. */ - mfn = mfn_add(mfn, gfn_x(gfn) & ((1UL << level_orders[level]) - 1)); + mfn = mfn_add(mfn, + gfn_x(gfn) & ((1UL << XEN_PT_LEVEL_ORDER(level)) - 1)); if ( valid ) *valid = lpae_is_valid(entry); @@ -434,7 +429,7 @@ out_unmap: out: if ( page_order ) - *page_order = level_orders[level]; + *page_order = XEN_PT_LEVEL_ORDER(level); return mfn; } @@ -808,7 +803,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, /* Convenience aliases */ mfn_t mfn = lpae_get_mfn(*entry); unsigned int next_level = level + 1; - unsigned int level_order = level_orders[next_level]; + unsigned int level_order = XEN_PT_LEVEL_ORDER(next_level); /* * This should only be called with target != level and the entry is -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Feb 28 07:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Feb 2022 07:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280187.478035 (Exim 4.92) (envelope-from ) id 1nOahO-0006ck-W2; Mon, 28 Feb 2022 07:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280187.478035; Mon, 28 Feb 2022 07:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahO-0006cc-T3; Mon, 28 Feb 2022 07:44:02 +0000 Received: by outflank-mailman (input) for mailman id 280187; Mon, 28 Feb 2022 07:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahO-0006cV-09 for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahN-0007dZ-Pa for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOahN-0000Eg-Oc for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RV1Sam+bmEEu7KSpPQxPZ6f9uvvxIIz1i/bTQtmxO88=; b=tmRTw8kGUR9haQw1ejLzM42j/f rU3oZwpN21u3qUcAoIcTF8YxfWZKrqDtTphLDcP5yfb0PUWLaBuTFXwC8AhcI3xjtodXd563vwml/ WSBXQRHvhlksPS8PFBRiyt04SUY/2bic3x1Hetsx66t4KJh1tylId1iCAgLG3FR0FARQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: lpae: Rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS Message-Id: Date: Mon, 28 Feb 2022 07:44:01 +0000 commit f7b7e2b9add53780e44e8f8c165c2281258ae367 Author: Julien Grall AuthorDate: Sun Feb 27 19:21:58 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: lpae: Rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS Commit 05031fa87357 "xen/arm: guest_walk: Only generate necessary offsets/masks" introduced LPAE_ENTRIES_MASK_GS. In a follow-up patch, we will use it to define LPAE_ENTRY_MASK. This will lead to inconsistent naming. As LPAE_ENTRY_MASK is used in many places, it is better to rename LPAE_ENTRIES_MASK_GS and avoid some churn. So rename LPAE_ENTRIES_MASK_GS to LPAE_ENTRY_MASK_GS. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/include/asm/lpae.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/include/asm/lpae.h b/xen/arch/arm/include/asm/lpae.h index e94de2e7d8..4302e5671a 100644 --- a/xen/arch/arm/include/asm/lpae.h +++ b/xen/arch/arm/include/asm/lpae.h @@ -180,7 +180,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) */ #define LPAE_SHIFT_GS(gs) ((gs) - 3) #define LPAE_ENTRIES_GS(gs) (_AC(1, U) << LPAE_SHIFT_GS(gs)) -#define LPAE_ENTRIES_MASK_GS(gs) (LPAE_ENTRIES_GS(gs) - 1) +#define LPAE_ENTRY_MASK_GS(gs) (LPAE_ENTRIES_GS(gs) - 1) #define LEVEL_ORDER_GS(gs, lvl) ((3 - (lvl)) * LPAE_SHIFT_GS(gs)) #define LEVEL_SHIFT_GS(gs, lvl) (LEVEL_ORDER_GS(gs, lvl) + (gs)) @@ -188,7 +188,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) /* Offset in the table at level 'lvl' */ #define LPAE_TABLE_INDEX_GS(gs, lvl, addr) \ - (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRIES_MASK_GS(gs)) + (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRY_MASK_GS(gs)) /* Generate an array @var containing the offset for each level from @addr */ #define DECLARE_OFFSETS(var, addr) \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Feb 28 07:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Feb 2022 07:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280188.478039 (Exim 4.92) (envelope-from ) id 1nOahZ-0006ez-1W; Mon, 28 Feb 2022 07:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280188.478039; Mon, 28 Feb 2022 07:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahY-0006er-Ue; Mon, 28 Feb 2022 07:44:12 +0000 Received: by outflank-mailman (input) for mailman id 280188; Mon, 28 Feb 2022 07:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahX-0006ee-UA for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahX-0007dl-TL for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOahX-0000Fp-S7 for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7VJKHYLF/A5IFyv8eByyDB11zsXrCgYdg76LjL3Y+J0=; b=6lGLy4mCjqt4c5QRSY/w8Sxc0l cvRqK7H5qOStSiY1Sl7o1CAIN6N9j707I86SWG1tnWeamp0u2RkPOj/7MHgztnVzycd88d6Vtino3 /fijkLfbsi65tpRGBnSoF+OPPABvwOWYFfJLPQbifv1HlMkJYbZlFBOS0rVcodGZNH9Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: lpae: Use the generic helpers to defined the Xen PT helpers Message-Id: Date: Mon, 28 Feb 2022 07:44:11 +0000 commit 315c26f98d848d5214b8a288346e68a6ffe418c5 Author: Julien Grall AuthorDate: Sun Feb 27 19:21:59 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: lpae: Use the generic helpers to defined the Xen PT helpers Currently, Xen PT helpers are only working with 4KB page granularity and open-code the generic helpers. To allow more flexibility, we can re-use the generic helpers and pass Xen's page granularity (PAGE_SHIFT). As Xen PT helpers are used in both C and assembly, we need to move the generic helpers definition outside of the !__ASSEMBLY__ section. Take the opportunity to prefix LPAE_SHIFT, LPAE_ENTRIES and LPAE_ENTRY_MASK with XEN_PT_. Note the aliases for each level are still kept for the time being so we can avoid a massive patch to change all the callers. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 14 ++++---- xen/arch/arm/arm64/head.S | 14 ++++---- xen/arch/arm/include/asm/lpae.h | 73 +++++++++++++++++++++++------------------ xen/arch/arm/mm.c | 33 ++++++++++--------- xen/arch/arm/p2m.c | 13 ++++---- 5 files changed, 80 insertions(+), 67 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index b5912d381b..b1d209ea28 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -375,7 +375,7 @@ ENDPROC(cpu_init) */ .macro create_table_entry, ptbl, tbl, virt, shift, mmu=0 lsr r1, \virt, #\shift - mov_w r2, LPAE_ENTRY_MASK + mov_w r2, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ @@ -410,7 +410,7 @@ ENDPROC(cpu_init) * and be distinct. */ .macro create_mapping_entry, ptbl, virt, phys, type=PT_MEM_L3, mmu=0 - mov_w r2, LPAE_ENTRY_MASK + mov_w r2, XEN_PT_LPAE_ENTRY_MASK lsr r1, \virt, #THIRD_SHIFT and r1, r1, r2 /* r1 := slot in \tlb */ lsl r1, r1, #3 /* r1 := slot offset in \tlb */ @@ -465,7 +465,7 @@ create_page_tables: 1: strd r2, r3, [r4, r1] /* Map vaddr(start) */ add r2, r2, #PAGE_SIZE /* Next page */ add r1, r1, #8 /* Next slot */ - cmp r1, #(LPAE_ENTRIES<<3) /* 512*8-byte entries per page */ + cmp r1, #(XEN_PT_LPAE_ENTRIES<<3) /* 512*8-byte entries per page */ blo 1b /* @@ -487,7 +487,7 @@ create_page_tables: * the second level. */ lsr r1, r9, #FIRST_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := first slot */ cmp r1, #XEN_FIRST_SLOT beq 1f @@ -502,7 +502,7 @@ create_page_tables: * it. */ lsr r1, r9, #SECOND_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := second slot */ cmp r1, #XEN_SECOND_SLOT beq virtphys_clash @@ -573,7 +573,7 @@ remove_identity_mapping: * table if the slot is not XEN_FIRST_SLOT. */ lsr r1, r9, #FIRST_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := first slot */ cmp r1, #XEN_FIRST_SLOT beq 1f @@ -589,7 +589,7 @@ remove_identity_mapping: * table if the slot is not XEN_SECOND_SLOT. */ lsr r1, r9, #SECOND_SHIFT - mov_w r0, LPAE_ENTRY_MASK + mov_w r0, XEN_PT_LPAE_ENTRY_MASK and r1, r1, r0 /* r1 := second slot */ cmp r1, #XEN_SECOND_SLOT beq identity_mapping_removed diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 51b00ab0be..314b800b3f 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -509,7 +509,7 @@ ENDPROC(cpu_init) */ .macro create_table_entry, ptbl, tbl, virt, shift, tmp1, tmp2, tmp3 lsr \tmp1, \virt, #\shift - and \tmp1, \tmp1, #LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ + and \tmp1, \tmp1, #XEN_PT_LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ load_paddr \tmp2, \tbl mov \tmp3, #PT_PT /* \tmp3 := right for linear PT */ @@ -541,7 +541,7 @@ ENDPROC(cpu_init) and \tmp3, \phys, #THIRD_MASK /* \tmp3 := PAGE_ALIGNED(phys) */ lsr \tmp1, \virt, #THIRD_SHIFT - and \tmp1, \tmp1, #LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ + and \tmp1, \tmp1, #XEN_PT_LPAE_ENTRY_MASK/* \tmp1 := slot in \tlb */ mov \tmp2, #\type /* \tmp2 := right for section PT */ orr \tmp2, \tmp2, \tmp3 /* + PAGE_ALIGNED(phys) */ @@ -586,7 +586,7 @@ create_page_tables: 1: str x2, [x4, x1] /* Map vaddr(start) */ add x2, x2, #PAGE_SIZE /* Next page */ add x1, x1, #8 /* Next slot */ - cmp x1, #(LPAE_ENTRIES<<3) /* 512 entries per page */ + cmp x1, #(XEN_PT_LPAE_ENTRIES<<3) /* 512 entries per page */ b.lt 1b /* @@ -621,7 +621,7 @@ create_page_tables: * the second level. */ lsr x0, x19, #FIRST_SHIFT - and x0, x0, #LPAE_ENTRY_MASK /* x0 := first slot */ + and x0, x0, #XEN_PT_LPAE_ENTRY_MASK /* x0 := first slot */ cmp x0, #XEN_FIRST_SLOT beq 1f create_table_entry boot_first, boot_second_id, x19, FIRST_SHIFT, x0, x1, x2 @@ -635,7 +635,7 @@ create_page_tables: * it. */ lsr x0, x19, #SECOND_SHIFT - and x0, x0, #LPAE_ENTRY_MASK /* x0 := first slot */ + and x0, x0, #XEN_PT_LPAE_ENTRY_MASK /* x0 := first slot */ cmp x0, #XEN_SECOND_SLOT beq virtphys_clash create_table_entry boot_second, boot_third_id, x19, SECOND_SHIFT, x0, x1, x2 @@ -715,7 +715,7 @@ remove_identity_mapping: * table if the slot is not XEN_FIRST_SLOT. */ lsr x1, x19, #FIRST_SHIFT - and x1, x1, #LPAE_ENTRY_MASK /* x1 := first slot */ + and x1, x1, #XEN_PT_LPAE_ENTRY_MASK /* x1 := first slot */ cmp x1, #XEN_FIRST_SLOT beq 1f /* It is not in slot XEN_FIRST_SLOT, remove the entry. */ @@ -729,7 +729,7 @@ remove_identity_mapping: * table if the slot is not XEN_SECOND_SLOT. */ lsr x1, x19, #SECOND_SHIFT - and x1, x1, #LPAE_ENTRY_MASK /* x1 := first slot */ + and x1, x1, #XEN_PT_LPAE_ENTRY_MASK /* x1 := first slot */ cmp x1, #XEN_SECOND_SLOT beq identity_mapping_removed /* It is not in slot 1, remove the entry */ diff --git a/xen/arch/arm/include/asm/lpae.h b/xen/arch/arm/include/asm/lpae.h index 4302e5671a..aecb320dec 100644 --- a/xen/arch/arm/include/asm/lpae.h +++ b/xen/arch/arm/include/asm/lpae.h @@ -159,6 +159,17 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define lpae_get_mfn(pte) (_mfn((pte).walk.base)) #define lpae_set_mfn(pte, mfn) ((pte).walk.base = mfn_x(mfn)) +/* Generate an array @var containing the offset for each level from @addr */ +#define DECLARE_OFFSETS(var, addr) \ + const unsigned int var[4] = { \ + zeroeth_table_offset(addr), \ + first_table_offset(addr), \ + second_table_offset(addr), \ + third_table_offset(addr) \ + } + +#endif /* __ASSEMBLY__ */ + /* * AArch64 supports pages with different sizes (4K, 16K, and 64K). * Provide a set of generic helpers that will compute various @@ -190,17 +201,6 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define LPAE_TABLE_INDEX_GS(gs, lvl, addr) \ (((addr) >> LEVEL_SHIFT_GS(gs, lvl)) & LPAE_ENTRY_MASK_GS(gs)) -/* Generate an array @var containing the offset for each level from @addr */ -#define DECLARE_OFFSETS(var, addr) \ - const unsigned int var[4] = { \ - zeroeth_table_offset(addr), \ - first_table_offset(addr), \ - second_table_offset(addr), \ - third_table_offset(addr) \ - } - -#endif /* __ASSEMBLY__ */ - /* * These numbers add up to a 48-bit input address space. * @@ -211,26 +211,35 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) * therefore 39-bits are sufficient. */ -#define LPAE_SHIFT 9 -#define LPAE_ENTRIES (_AC(1,U) << LPAE_SHIFT) -#define LPAE_ENTRY_MASK (LPAE_ENTRIES - 1) - -#define THIRD_SHIFT (PAGE_SHIFT) -#define THIRD_ORDER (THIRD_SHIFT - PAGE_SHIFT) -#define THIRD_SIZE (_AT(paddr_t, 1) << THIRD_SHIFT) -#define THIRD_MASK (~(THIRD_SIZE - 1)) -#define SECOND_SHIFT (THIRD_SHIFT + LPAE_SHIFT) -#define SECOND_ORDER (SECOND_SHIFT - PAGE_SHIFT) -#define SECOND_SIZE (_AT(paddr_t, 1) << SECOND_SHIFT) -#define SECOND_MASK (~(SECOND_SIZE - 1)) -#define FIRST_SHIFT (SECOND_SHIFT + LPAE_SHIFT) -#define FIRST_ORDER (FIRST_SHIFT - PAGE_SHIFT) -#define FIRST_SIZE (_AT(paddr_t, 1) << FIRST_SHIFT) -#define FIRST_MASK (~(FIRST_SIZE - 1)) -#define ZEROETH_SHIFT (FIRST_SHIFT + LPAE_SHIFT) -#define ZEROETH_ORDER (ZEROETH_SHIFT - PAGE_SHIFT) -#define ZEROETH_SIZE (_AT(paddr_t, 1) << ZEROETH_SHIFT) -#define ZEROETH_MASK (~(ZEROETH_SIZE - 1)) +#define XEN_PT_LPAE_SHIFT LPAE_SHIFT_GS(PAGE_SHIFT) +#define XEN_PT_LPAE_ENTRIES LPAE_ENTRIES_GS(PAGE_SHIFT) +#define XEN_PT_LPAE_ENTRY_MASK LPAE_ENTRY_MASK_GS(PAGE_SHIFT) + +#define XEN_PT_LEVEL_SHIFT(lvl) LEVEL_SHIFT_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_ORDER(lvl) LEVEL_ORDER_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_SIZE(lvl) LEVEL_SIZE_GS(PAGE_SHIFT, lvl) +#define XEN_PT_LEVEL_MASK(lvl) (~(XEN_PT_LEVEL_SIZE(lvl) - 1)) + +/* Convenience aliases */ +#define THIRD_SHIFT XEN_PT_LEVEL_SHIFT(3) +#define THIRD_ORDER XEN_PT_LEVEL_ORDER(3) +#define THIRD_SIZE XEN_PT_LEVEL_SIZE(3) +#define THIRD_MASK XEN_PT_LEVEL_MASK(3) + +#define SECOND_SHIFT XEN_PT_LEVEL_SHIFT(2) +#define SECOND_ORDER XEN_PT_LEVEL_ORDER(2) +#define SECOND_SIZE XEN_PT_LEVEL_SIZE(2) +#define SECOND_MASK XEN_PT_LEVEL_MASK(2) + +#define FIRST_SHIFT XEN_PT_LEVEL_SHIFT(1) +#define FIRST_ORDER XEN_PT_LEVEL_ORDER(1) +#define FIRST_SIZE XEN_PT_LEVEL_SIZE(1) +#define FIRST_MASK XEN_PT_LEVEL_MASK(1) + +#define ZEROETH_SHIFT XEN_PT_LEVEL_SHIFT(0) +#define ZEROETH_ORDER XEN_PT_LEVEL_ORDER(0) +#define ZEROETH_SIZE XEN_PT_LEVEL_SIZE(0) +#define ZEROETH_MASK XEN_PT_LEVEL_MASK(0) /* Calculate the offsets into the pagetables for a given VA */ #define zeroeth_linear_offset(va) ((va) >> ZEROETH_SHIFT) @@ -238,7 +247,7 @@ static inline bool lpae_is_superpage(lpae_t pte, unsigned int level) #define second_linear_offset(va) ((va) >> SECOND_SHIFT) #define third_linear_offset(va) ((va) >> THIRD_SHIFT) -#define TABLE_OFFSET(offs) (_AT(unsigned int, offs) & LPAE_ENTRY_MASK) +#define TABLE_OFFSET(offs) (_AT(unsigned int, offs) & XEN_PT_LPAE_ENTRY_MASK) #define first_table_offset(va) TABLE_OFFSET(first_linear_offset(va)) #define second_table_offset(va) TABLE_OFFSET(second_linear_offset(va)) #define third_table_offset(va) TABLE_OFFSET(third_linear_offset(va)) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index b1eae767c2..515d0906f8 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -71,10 +71,11 @@ mm_printk(const char *fmt, ...) {} * in C). */ #define DEFINE_BOOT_PAGE_TABLE(name) \ -lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") name[LPAE_ENTRIES] +lpae_t __aligned(PAGE_SIZE) __section(".data.page_aligned") \ + name[XEN_PT_LPAE_ENTRIES] #define DEFINE_PAGE_TABLES(name, nr) \ -lpae_t __aligned(PAGE_SIZE) name[LPAE_ENTRIES * (nr)] +lpae_t __aligned(PAGE_SIZE) name[XEN_PT_LPAE_ENTRIES * (nr)] #define DEFINE_PAGE_TABLE(name) DEFINE_PAGE_TABLES(name, 1) @@ -207,7 +208,7 @@ static void __init __maybe_unused build_assertions(void) BUILD_BUG_ON(zeroeth_table_offset(XEN_VIRT_START)); #endif BUILD_BUG_ON(first_table_offset(XEN_VIRT_START)); - BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= LPAE_ENTRIES); + BUILD_BUG_ON(second_linear_offset(XEN_VIRT_START) >= XEN_PT_LPAE_ENTRIES); #ifdef CONFIG_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif @@ -256,7 +257,7 @@ void dump_pt_walk(paddr_t ttbr, paddr_t addr, for ( level = root_level; ; level++ ) { - if ( offsets[level] > LPAE_ENTRIES ) + if ( offsets[level] > XEN_PT_LPAE_ENTRIES ) break; pte = mapping[offsets[level]]; @@ -395,15 +396,15 @@ static void __init create_mappings(lpae_t *second, ASSERT(!(base_mfn % granularity)); ASSERT(!(nr_mfns % granularity)); - count = nr_mfns / LPAE_ENTRIES; + count = nr_mfns / XEN_PT_LPAE_ENTRIES; p = second + second_linear_offset(virt_offset); pte = mfn_to_xen_entry(_mfn(base_mfn), MT_NORMAL); - if ( granularity == 16 * LPAE_ENTRIES ) + if ( granularity == 16 * XEN_PT_LPAE_ENTRIES ) pte.pt.contig = 1; /* These maps are in 16-entry contiguous chunks. */ for ( i = 0; i < count; i++ ) { write_pte(p + i, pte); - pte.pt.base += 1 << LPAE_SHIFT; + pte.pt.base += 1 << XEN_PT_LPAE_SHIFT; } flush_xen_tlb_local(); } @@ -424,7 +425,7 @@ void *map_domain_page(mfn_t mfn) { unsigned long flags; lpae_t *map = this_cpu(xen_dommap); - unsigned long slot_mfn = mfn_x(mfn) & ~LPAE_ENTRY_MASK; + unsigned long slot_mfn = mfn_x(mfn) & ~XEN_PT_LPAE_ENTRY_MASK; vaddr_t va; lpae_t pte; int i, slot; @@ -435,7 +436,7 @@ void *map_domain_page(mfn_t mfn) * entry is a 2MB superpage pte. We use the available bits of each * PTE as a reference count; when the refcount is zero the slot can * be reused. */ - for ( slot = (slot_mfn >> LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; + for ( slot = (slot_mfn >> XEN_PT_LPAE_SHIFT) % DOMHEAP_ENTRIES, i = 0; i < DOMHEAP_ENTRIES; slot = (slot + 1) % DOMHEAP_ENTRIES, i++ ) { @@ -477,7 +478,7 @@ void *map_domain_page(mfn_t mfn) va = (DOMHEAP_VIRT_START + (slot << SECOND_SHIFT) - + ((mfn_x(mfn) & LPAE_ENTRY_MASK) << THIRD_SHIFT)); + + ((mfn_x(mfn) & XEN_PT_LPAE_ENTRY_MASK) << THIRD_SHIFT)); /* * We may not have flushed this specific subpage at map time, @@ -513,7 +514,7 @@ mfn_t domain_page_map_to_mfn(const void *ptr) unsigned long va = (unsigned long)ptr; lpae_t *map = this_cpu(xen_dommap); int slot = (va - DOMHEAP_VIRT_START) >> SECOND_SHIFT; - unsigned long offset = (va>>THIRD_SHIFT) & LPAE_ENTRY_MASK; + unsigned long offset = (va>>THIRD_SHIFT) & XEN_PT_LPAE_ENTRY_MASK; if ( va >= VMAP_VIRT_START && va < VMAP_VIRT_END ) return virt_to_mfn(va); @@ -654,7 +655,8 @@ void __init setup_pagetables(unsigned long boot_phys_offset) /* Initialise first level entries, to point to second level entries */ for ( i = 0; i < 2; i++) { - p[i] = pte_of_xenaddr((uintptr_t)(xen_second+i*LPAE_ENTRIES)); + p[i] = pte_of_xenaddr((uintptr_t)(xen_second + + i * XEN_PT_LPAE_ENTRIES)); p[i].pt.table = 1; p[i].pt.xn = 0; } @@ -663,13 +665,14 @@ void __init setup_pagetables(unsigned long boot_phys_offset) for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) { p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)] - = pte_of_xenaddr((uintptr_t)(cpu0_dommap+i*LPAE_ENTRIES)); + = pte_of_xenaddr((uintptr_t)(cpu0_dommap + + i * XEN_PT_LPAE_ENTRIES)); p[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)].pt.table = 1; } #endif /* Break up the Xen mapping into 4k pages and protect them separately. */ - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { vaddr_t va = XEN_VIRT_START + (i << PAGE_SHIFT); @@ -768,7 +771,7 @@ int init_secondary_pagetables(int cpu) * domheap mapping pages. */ for ( i = 0; i < DOMHEAP_SECOND_PAGES; i++ ) { - pte = mfn_to_xen_entry(virt_to_mfn(domheap+i*LPAE_ENTRIES), + pte = mfn_to_xen_entry(virt_to_mfn(domheap + i * XEN_PT_LPAE_ENTRIES), MT_NORMAL); pte.pt.table = 1; write_pte(&first[first_table_offset(DOMHEAP_VIRT_START+i*FIRST_SIZE)], pte); diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 02cf852d4c..493a1e2587 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -233,7 +233,8 @@ static lpae_t *p2m_get_root_pointer(struct p2m_domain *p2m, * we can't use (P2M_ROOT_LEVEL - 1) because the root level might be * 0. Yet we still want to check if all the unused bits are zeroed. */ - root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + LPAE_SHIFT); + root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + + XEN_PT_LPAE_SHIFT); if ( root_table >= P2M_ROOT_PAGES ) return NULL; @@ -773,7 +774,7 @@ static void p2m_free_entry(struct p2m_domain *p2m, } table = map_domain_page(lpae_get_mfn(entry)); - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) p2m_free_entry(p2m, *(table + i), level + 1); unmap_domain_page(table); @@ -827,7 +828,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, * We are either splitting a first level 1G page into 512 second level * 2M pages, or a second level 2M page into 512 third level 4K pages. */ - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { lpae_t *new_entry = table + i; @@ -850,7 +851,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, /* Update stats */ p2m->stats.shattered[level]++; p2m->stats.mappings[level]--; - p2m->stats.mappings[next_level] += LPAE_ENTRIES; + p2m->stats.mappings[next_level] += XEN_PT_LPAE_ENTRIES; /* * Shatter superpage in the page to the level we want to make the @@ -888,7 +889,7 @@ static int __p2m_set_entry(struct p2m_domain *p2m, p2m_access_t a) { unsigned int level = 0; - unsigned int target = 3 - (page_order / LPAE_SHIFT); + unsigned int target = 3 - (page_order / XEN_PT_LPAE_SHIFT); lpae_t *entry, *table, orig_pte; int rc; /* A mapping is removed if the MFN is invalid. */ @@ -1142,7 +1143,7 @@ static void p2m_invalidate_table(struct p2m_domain *p2m, mfn_t mfn) table = map_domain_page(mfn); - for ( i = 0; i < LPAE_ENTRIES; i++ ) + for ( i = 0; i < XEN_PT_LPAE_ENTRIES; i++ ) { lpae_t pte = table[i]; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Feb 28 07:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Feb 2022 07:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.280189.478043 (Exim 4.92) (envelope-from ) id 1nOahj-0006hM-2p; Mon, 28 Feb 2022 07:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 280189.478043; Mon, 28 Feb 2022 07:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahj-0006hE-01; Mon, 28 Feb 2022 07:44:23 +0000 Received: by outflank-mailman (input) for mailman id 280189; Mon, 28 Feb 2022 07:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahi-0006gx-16 for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOahi-0007eD-0L for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOahh-0000H1-VX for xen-changelog@lists.xenproject.org; Mon, 28 Feb 2022 07:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0V1oaK9XlQ1Ka5SWg2AeJpbwye7oCi0+FQkddfqfz1c=; b=vt97FA+2u4uo6CfsoSwJJKS3iP ab/jspAgyWb79Chfv1oDwjvAEfQ83OrISzz/Lg2b9AeBhEw3XuuHZeNJ+QNJniaIKhwSetN1VlcTJ GERpT3hHH1olW91pHVZyPWIzxQH7RdvKKPAxvzFLysRtT5DcQVD4v+klHfptuQrM7di8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: p2m: Replace level_{orders, masks} arrays with XEN_PT_LEVEL_{ORDER, MASK} Message-Id: Date: Mon, 28 Feb 2022 07:44:21 +0000 commit 4388144c44c4dd9e9b7df97938ef08ffa85eec07 Author: Julien Grall AuthorDate: Sun Feb 27 19:22:37 2022 +0000 Commit: Julien Grall CommitDate: Sun Feb 27 19:23:35 2022 +0000 xen/arm: p2m: Replace level_{orders, masks} arrays with XEN_PT_LEVEL_{ORDER, MASK} The array level_orders and level_masks can be replaced with the recently introduced macros LEVEL_ORDER and LEVEL_MASK. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/p2m.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 493a1e2587..1d1059f7d2 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -37,12 +37,6 @@ static unsigned int __read_mostly max_vmid = MAX_VMID_8_BIT; */ unsigned int __read_mostly p2m_ipa_bits = 64; -/* Helpers to lookup the properties of each level */ -static const paddr_t level_masks[] = - { ZEROETH_MASK, FIRST_MASK, SECOND_MASK, THIRD_MASK }; -static const uint8_t level_orders[] = - { ZEROETH_ORDER, FIRST_ORDER, SECOND_ORDER, THIRD_ORDER }; - static mfn_t __read_mostly empty_root_mfn; static uint64_t generate_vttbr(uint16_t vmid, mfn_t root_mfn) @@ -233,7 +227,7 @@ static lpae_t *p2m_get_root_pointer(struct p2m_domain *p2m, * we can't use (P2M_ROOT_LEVEL - 1) because the root level might be * 0. Yet we still want to check if all the unused bits are zeroed. */ - root_table = gfn_x(gfn) >> (level_orders[P2M_ROOT_LEVEL] + + root_table = gfn_x(gfn) >> (XEN_PT_LEVEL_ORDER(P2M_ROOT_LEVEL) + XEN_PT_LPAE_SHIFT); if ( root_table >= P2M_ROOT_PAGES ) return NULL; @@ -380,7 +374,7 @@ mfn_t p2m_get_entry(struct p2m_domain *p2m, gfn_t gfn, if ( gfn_x(gfn) > gfn_x(p2m->max_mapped_gfn) ) { for ( level = P2M_ROOT_LEVEL; level < 3; level++ ) - if ( (gfn_x(gfn) & (level_masks[level] >> PAGE_SHIFT)) > + if ( (gfn_x(gfn) & (XEN_PT_LEVEL_MASK(level) >> PAGE_SHIFT)) > gfn_x(p2m->max_mapped_gfn) ) break; @@ -423,7 +417,8 @@ mfn_t p2m_get_entry(struct p2m_domain *p2m, gfn_t gfn, * The entry may point to a superpage. Find the MFN associated * to the GFN. */ - mfn = mfn_add(mfn, gfn_x(gfn) & ((1UL << level_orders[level]) - 1)); + mfn = mfn_add(mfn, + gfn_x(gfn) & ((1UL << XEN_PT_LEVEL_ORDER(level)) - 1)); if ( valid ) *valid = lpae_is_valid(entry); @@ -434,7 +429,7 @@ out_unmap: out: if ( page_order ) - *page_order = level_orders[level]; + *page_order = XEN_PT_LEVEL_ORDER(level); return mfn; } @@ -808,7 +803,7 @@ static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry, /* Convenience aliases */ mfn_t mfn = lpae_get_mfn(*entry); unsigned int next_level = level + 1; - unsigned int level_order = level_orders[next_level]; + unsigned int level_order = XEN_PT_LEVEL_ORDER(next_level); /* * This should only be called with target != level and the entry is -- generated by git-patchbot for /home/xen/git/xen.git#master